View this email in your browser

CISO Series Podcast

Today’s Agenda: When Will This Meeting End?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International. Here are some of the issues discussed. Please jump in with your thoughts.Look for ways to make your security team more productive by scaling inwardly and outwardly. In a blog post, Mike wrote about the need to scale a security team to (1) outwardly support the velocity of the company and (2) inwardly scale the functions on the security team. Both efforts should lead to productivity. Outwardly means giving other teams the ability to do security on their own without having to wait for someone from security to walk them through it. Inward scaling usually focuses on automation and that could be automatic ticket routing or automatic access grants based on team membership.Nearly 1/3rd of all cybersecurity leaders have considered leaving their company. This is according to a study by BlackFog in an article by Steve Zurier in SC Magazine. CISOs' complaints range from lack of work-life balance, failure to invest in people, and spending too much time on firefighting and not dealing with strategic issues. I don’t think wanting to leave your job is unique to CISOs, but I threw out the argument that CISOs eventually want to leave, cutting out usually after three positions. But Mike said that as an executive you usually don’t jump from company to company indefinitely. He wisely asked how many three- and four-time CFOs do you see?If getting cyber insurance is so expensive and so difficult to get, should you just self-insure? Duane Gran of Converge Technology Solutions asked this question on LinkedIn. In general, both guests said it’s not a wise move, but there are some industries, like cryptocurrency and decentralized finance companies, that are having such massive breaches that they can’t get insurance anymore. In those cases, there’s no choice. And if you are in an industry that requires cyber insurance or your customers demand it, you don’t have a choice that way either.Should you even try to make meetings more fun? A redditor asked for advice on how to make meetings more fun and the most popular response by a wide margin was, “Don’t make it fun. Make it short.” Honestly, what you want is an effective meeting and less of “how was your weekend?” A meeting should be a good use of your time. If the purpose of the meeting is to have fun, then if you had fun, it was a good use of your time.You can listen to this week’s episode over on our blog where you can read the full transcript. If you aren’t already subscribed to CISO Series Podcast on your favorite podcast app, please go ahead and do that right now.

Thanks to our podcast sponsor, SlashNext

Biggest mistake I ever made in security...

"I, like many other security practitioners, came from a strong technology background with an engineering background in architecture, and relying on that experience versus having an open mind listening to the problems that need to be solved was something that got me into some trouble." -Jeremy Embalabala, CISO, HUB International

Listen to full episode of

"Today’s Agenda: When Will This Meeting End?"

Securing Unmanaged Assets

"I think everything that we’re saying here and that we’re citing in these quotes is a reflection of this trend over the last couple of decades of how there’s been a loss of control of devices, assets, and so on and so forth. It used to be you just protect the office, the on premise IT assets within the office. But there’s been this divergence of environments where now you are having to protect IOT devices, OT devices, devices in the Cloud, devices in your remote employees’ homes, and so on and so forth. Even you need to be aware of assets in the companies that might be your mergers and acquisition targets as well because you’re going to be taking on those risks and responsibilities very soon." - Huxley Barbee, security evangelist, runZero

Listen to full episode of

"Securing Unmanaged Assets"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

 Cyber Security Headlines - Week in Review  

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series producer David Spark. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Kathleen Mullin, CISO, Cancer Treatment Centers of America.

Thanks to our Cyber Security Headlines sponsor, SafeBase

Super Cyber Fridays!

"Hacking Cloud Forensics"

If you’re spinning up ephemeral instances and containers that live and die in just minutes, your ability to investigate a possible intrusion lives and dies in just a few minutes. The answer is to automate the analysis so you actually do have the ability to go back and investigate, noted James Campbell, CEO/co-founder, Cado Security. It’s all a tease for this Friday’s Super Cyber Friday where we’re going to investigate cloud forensics.Our topic of discussion will be “Hacking Cloud Forensics: An hour of critical thinking about conducting incident response in complex and transient data environments.”Also joining me and James for the discussion will be J.R. Tietsort, CISO, Aura.Event is happening this Friday, January 27th, 2023.

Register

Thanks to our Super Cyber Friday sponsor, Cado Security

Thank you

!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.