View this email in your browser

CISO Series Podcast
For CISOs, It’s Less of a Golden Parachute and More a Pair of Brown Pants

In the past year, the landscape for CISOs seems particularly perilous. There are more responsibilities with very real legal consequences attached to the role. At the same time, the position often doesn't see the same kind of corporate safety nets enjoyed by other members of the C-suite. There is a lot of guidance out there for CISO candidates negotiating for a new position, but what can a current CISO do once they are already in the role? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Trina Ford, CISO, iHeartMedia.

What can current CISOs do to protect themselves?

It seems like it’s never been a riskier time to be a CISO. With charges and convictions of several prominent CISOs rattling the ranks, we’re starting to see how this impacts candidates seeking CISO roles. For incoming CISOs, we’re starting to see agreement on general protections like extending D&O insurance, offering a severance safety net, and providing direct board access, argued David Lindner at Dark Reading. While this will prove a boon to CISOs getting new roles in the current landscape, it’s of less comfort to current CISOs. 

Wrangling imposter syndrome 

Last year at Black Hat, I went around and asked people about imposter syndrome. Almost universally, security professionals I spoke to admitted to suffering from imposter syndrome. So where does this come from? A lot of it starts with others assuming capabilities in that person, and a desire to not disappoint. This leads many to take on projects for which they don’t feel ready. Part of this comes from the natural curiosity we see from many drawn to the cybersecurity field. Often if you have an affinity for learning, imposter syndrome is a natural response to your journey along a learning curve. The key is not to sweep these feelings under the rug, but to acknowledge them as part of this process.

 Did LLMs tip the scales?

While LLMs and AI can offer game changing capabilities to businesses, do they represent something totally novel for security professionals? After all, security practitioners routinely need to mitigate the risks of integrating any new technology, argued Cynthia Brumfield in a recent CSO Online piece. While it’s easy to get wow’d by what LLMs can do, we still have reliable frameworks that give us a model on how to best integrate it and manage the risks.

Navigating with the work-life spectrum

The last time you were on vacation, you checked in on your work Slack or email, didn’t you? Don’t worry, you’re not alone. A recent survey from Centripetal found that 90% of cyber professionals checked work comms while on vacation. You might be tempted to think that concerns over increased rates of cyberattacks called people back to their phones, but half of respondents actually did it out of a sense of company, or at least team, loyalty. Work and home is never a binary separation, but setting up some kinds of basic guardrails can allow you to check in on work while still enjoying a well-deserved holiday. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to Dustin Sachs of World Kinect Corporation for providing this week’s “What’s Worse?!” scenario.

Thanks to our podcast sponsor, Thoropass

Use Red Teaming To Build, Not Validate, Your Security Program

“The problem is that the word “red team” has come to mean, “I will potentially take a bunch of scanners and run it against your stuff,” or, “I will take some smart people with a hammer and beat your stuff.” And because the term is so loosely defined, it’s very difficult to have a single conversation around it. Because I’ll say tomato, and you might hear Aston Martin or some other thing.” - Richard Ford, CTO, Praetorian

Listen to full episode of "Use Red Teaming To Build, Not Validate, Your Security Program."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Mike Kelley, vp, CISO, The E.W. Scripps Company.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Super Cyber Fridays!
Super Cyber Game Show Friday

Join us for one hour packed with cyber games. We'll be bringing our audience into the show to play some of our favorite games.

Join us this Friday, January 26, 2024, for “Super Cyber Game Show Friday”.

It all begins at 1 PM ET/10 AM PT on Friday, January 26, 2024. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.