View this email in your browser

CISO Series Podcast

Adversaries Beef Up Their Shiny Object Distraction Campaign

We are all very easily distracted, and adversaries know that. So they'll try any little trick to make us not pay attention, look away, or do what we're not supposed to do all in an effort to break our human defenses.This week’s episode of CISO Series Podcast is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our guest is Shaun Marion, CISO, McDonald's.Find a security community that welcomes you and vice versa. In a vulnerable post, CISO Olivia Rose talked about the need to find a hive or community of like-minded fellow security professionals. As you’re going through the struggles of your profession you will need your colleagues and your community to pull you through difficult times. Keep in mind there are tons of communities. Don’t assume they’re all the same. It’s important that it operates as a two-way street. While people can be welcoming, make sure you feel the same in return.Honeypots delay attackers and provide valuable information. Use it. A deception device or token will deter a criminal from immediately finding your crown jewels. It will also provide you with valuable behavior information that you should use to bolster your defenses. Andy Ellis said, “Deception technology is about hacking the adversary’s mindset.” Slowing down an attack is the least valuable thing a canary can do, said Ellis. Its greatest value is that of a tripwire, letting you know the moment an attacker has intruded.The “it’s not if but when” mentality in cyber can create a lot of stress. “Your wellness is one of the greatest assets you control,” said Ellis. Marion agreed saying that you simply can’t do the job in cyber if you don’t put your own health ahead of everything else. I mentioned it’s like the advice you get on the airplane, “put your mask on before assisting others.” You can’t help others if you’re gasping for breath. It just so happens Andy Ellis has a chapter titled exactly that in his forthcoming book, 1% Leadership.Can a company that supports volunteering attract and retain talent? That’s what Catherine Stump argues in an article in the Wall Street Journal. The huge benefit of volunteering is that it could give very green employees leadership opportunities they may not have at the hired organization. But the obvious negative would be the stress of taking you away from your own work and possibly making you work harder. Would you be more attracted to a company that would fully support volunteering efforts?Listen to the full episode right here, on your favorite podcast app, or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Sentra

Best advice for a CISO...

"For current and aspiring CISOs, get out and network. Get seen, get heard. I know too many CISOs, especially aspiring CISOs, that think they'll get that next role, they'll get the big gig if they just continue doing what they've done. And I would tell them to get out, get your name out and meet people, learn new things and meet new people, and that would be the best advice I have for any CISO or aspiring CISO." - Shaun Marion, CISO, McDonald's

Listen to full episode of

"Adversaries Beef Up Their Shiny Object Distraction Campaign."

Limitations of Security Frameworks

"Companies need to be able to implement continuous compliance throughout their organizations. They need to be able to rely on their teams, their products, and be able to grow with their organizations as they scale and make it as easy for them to be able to update their information security and management programs, add to them, make the barrier to entry almost seamless." -  Stas Bojoukha, CEO, Compyl

Listen to full episode of

"Limitations of Security Frameworks."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be George Al-Koura, CISO, Ruby.

Thanks to our Cyber Security Headlines sponsor, CISO Series

Join us Friday, February 24th, 2023 for "Hacking Vulnerability Remediation"

Join us NEXT Friday, February 24, 2023, for “Hacking Vulnerability Remediation: An hour of critical thinking of how to improve the efficiency of what vulnerability needs to be fixed next, and by whom.”

It all begins at 1 PM ET/10 AM PT on Friday, February 24, 2023 with guests Venu Rao, CEO, Strobes Security and Mathew Biby, CISO, Satcom Direct. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Strobes Security

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.