View this email in your browser

CISO Series Podcast

This Unwanted Cold Call Made Possible Thanks to This Month’s Sales Quota

A CISO calls on security vendors to stop the spamming and cold calling. Are these annoyances the direct result the way salespeople are measured? Is that what drives the desperation and bad behavior?This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our guest is Dmitriy Sokolovskiy, CISO, Avid. Here’s what we discussed:Hey vendors, instead of cold calling, just be part of the community, suggested Randall Frietzche, CISO, Denver Health in a recent post. I have argued that the reason we get these annoying tactics is the way salespeople’s performance is measured. We’re not going to ever get away from measuring sales, but how about the tactics that happen before the sale that drives desperation and often bad behavior. Instead, Frietzche recommends getting involved in the cybersecurity community. This can come in the form of leaving comments on posts, attending local meetup events, or even virtual events. Participating in our weekly event, Super Cyber Friday, is a great way to get involved.  Large security companies won’t innovate because it’s far too risky. An article by Ross Haleliuk on Venture in Security, argues the platform play by the big security vendors is trying to consume all the competition. But, as Dmitriy argues those platform players have their value, but are only going to cover about 80 percent of a security program’s needs. The other 20 percent will go to innovative startups. The large players aren’t going to innovate because it’s far too risky, noted Andy. Who knows if they’ll be successful with their innovation? It could be a waste of money. It’s far cheaper for them to let the market play itself out and pay for the winners.What is the content you want your staff and potential new hires to be consuming? Continuing education is a requirement. And listening to this very podcast can fulfill your continuing professional education or CPE credits. But don’t listen to a podcast or a conference just to complete your hour requirement. Go because you actually want to learn something. And that learning doesn’t have to be specific to security, it could be about learning the business and industry you’re in, said Andy.The best advice you can give is “Here's how not to have a bad day like I just had.” This also sums up the purpose of all the industry-specific ISACs that support cybersecurity professionals, noted Andy. The European government realizes they can’t respond to industrial attacks as isolated government units. Their response must be unified, and that requires sharing information and resources, noted Bart Groothuis, lead member of the European Parliament.Listen to the full episode on your favorite podcast app, or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Varonis

Best advice for a CISO...

"Do not, do not, do not make any decisions for the first three months. Ask questions, listen, self-assess, listen, ask more questions, listen. Wait for the end of three months and only then start building your plan." - Dmitriy Sokolovskiy, CISO, Avid

Listen to full episode of

"This Unwanted Cold Call Made Possible Thanks to This Month’s Sales Quota."

What Leads a Security Program: Risk or Maturity?

"Ultimately, that's what it comes down to – how well are you moving the needle against your stated goals and objectives and how can you communicate that back to internal stakeholders and partners? So, to your point, there's really no wrong answer. It's just really identifying and getting a good sense of what's your starting point." -  Ngozi Eze, CISO, Levi Strauss

Listen to full episode of

"What Leads a Security Program: Risk or Maturity?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jared Mendenhall, head of information security, Impossible Foods.

Thanks to our Cyber Security Headlines sponsor, Barricade Cyber Solutions

Super Cyber Fridays!

How to Calculate Which Vulnerabilities Need to Be Fixed First

I see all my problems, and I don't know if my team can fix them fast enough. But you don't need to fix them all. You need to risk rank them, and according to Venu Rao, CEO, Strobes Security the three factors to determine a vulnerability's priority are: 

1. Asset sensitivity and asset exposure. What's public facing? 

2. CVSS score. 

3. What's the severity of the vulnerability?

Join us this Friday, February 24, 2023, for “Hacking Vulnerability Remediation: An hour of critical thinking of how to improve the efficiency of what vulnerability needs to be fixed next, and by whom.”

It all begins at 1 PM ET/10 AM PT on Friday, February 24, 2023 with guests Venu Rao, CEO, Strobes Security and Mathew Biby, CISO, Satcom Direct. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Strobes Security

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.