View this email in your browser

CISO Series Podcast
Maybe If You Worked Harder Your Burnout Wouldn’t Be Such a Liability

A lot of conversations around burnout focus on the impact to individuals or larger macro trends about the cybersecurity job market. But what about its direct impact on your security team? Surveys suggest that burnout plays a role in how organizations can respond to security incidents. All jobs involve dealing with stress, but what should we consider normal in cybersecurity? And when does that stress endanger your security mission? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, Shyama Rose, CISO and head of IT, Affirm.

Once phished, twice shy

No one likes getting tricked, so what do security teams hope to get out of phishing tests? On some levels, these might help raise awareness of the issue and how clever these rouses can appear. But more often than not, these can break down trust with a security team, argued Joan Goodchild at Dark Reading. If the average employee only interacts with the security team during a phishing incident, how is a phishing test going to taint that relationship going forward? Why are we punishing employees for an incident that’s actually caused by failed security controls? 

CISOs are on the hook

Recent charges filed against high-profile CISOs have been a wakeup call for many in the profession. But does this increased scrutiny on the CISO role actually correlate to their ability to effect change in an organization. EagleView CISO Mike Lockhart argued that these actions by the SEC show how little they understand the role to begin with. Instead, the SEC might be better served inviting CISOs into the regulatory process to find out how they actually operate within organizations. 

Aligning the CISO and DPO 

These two roles often pursue similar goals in parallel. So why can it seem so hard to better integrate the two? Often this comes down to background, with a DPO often operating in a legal framework as opposed to the frequent technical background of a CISO, as Fabian Weber recently pointed out. This difference can actually be a strength when it comes to managing risk if properly managed. If both report to the General Counsel, it can help bring new perspectives to a wide variety of risks that impact the business. They won’t always agree, but it can still be a productive process. 

Burnout as a cybersecurity risk  

We talk about burnout all the time in cybersecurity. But when we do, it’s often about what it means to an individual, how it’s impacting their career and personal life. Sometimes this extends to the health of the overall cybersecurity job market. But it can also play a critical role in causing security incidents, according to a recent AI Tech Park piece. A survey found that cybersecurity professionals definitely see burnout being a factor in issues, either with themselves or a peer. The question becomes, is this type of stress normal in any workplace, or is there something exceptional being put on this industry?

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Panoptica, Cisco’s Cloud Application Security Platform

CISOs Responsibilities Before and After an M&A

“I think really one of the things that stands out is cyber has got to be involved up front. And really, we have to understand the business strategy. Because ultimately, it’s not cyber’s job to say no in any of these types of transactions but rather how do we get there.” - Alexandra Landegger, executive director and CISO, Collins Aerospace

Listen to full episode of "CISOs Responsibilities Before and After an M&A."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be guest Mary Rose Martinez, vp, CISO, Marathon Petroleum Corporation.

Thanks to our Cyber Security Headlines sponsor, Vanta

Super Cyber Fridays!
Super Cyber GAME SHOW Friday

Join us for one hour packed with cyber games. We'll be bringing our audience into the show to play some of our favorite games.

Join us this Friday, February 2, 2024, for “Super Cyber GAME SHOW Friday.”

It all begins at 1 PM ET/10 AM PT on Friday, February 2, 2024. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.