View this email in your browser

Super Cyber Fridays!

Join us TOMORROW, Friday [03-17-23], for "Hacking Kubernetes"

Join us Friday, March 17, 2023, for “Hacking Kubernetes: An hour of critical thinking on dealing with new and emerging complex and transient container environments.”

It all begins at 1 PM ET/10 AM PT on Friday, March 17, 2023 with guests Jimmy Mesta, CEO, KSOC and Mark Manning, principal security architect, Snowflake. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, KSOC

Defense in Depth

How to Become a CISO

How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Just Works. Here’s what we discussed.

Know your business. This is the advice we’ve heard again and again and echoed multiple times on our show. You should know the answers to simple questions such as, “What are their objectives and desired outcomes,” said Drew Brown, Federal Aviation Administration. And Ron Sharon of Mercer Advisors suggests learning basic business skills such as accounting and finance. But ultimately, “understand that CISOs advise the business but are not the final decision makers when it comes to risk acceptance,” said Sharon.

Look for opportunities to engage with the business around risk. “These discussions don’t have to be about security or cyber risk. It could be any kind of risk,” said Jeremy Thompson, CoVantage Credit Union.”Socializing risk identification, management and mitigation are key to helping business leaders understand and comprehend when time comes to talk about cyber risk."

CISOs lead people, but they need mentorship to get there. "Be a mentor and find yourself a mentor. You learn so much from your mentees and get to see the world through a different lens,” said Shakira Kelly of Costco. And don’t forget that a CISO’s primary job is to lead people, “We should never forget that we're actually people leaders and you must be comfortable with being their cheerleader, sounding board, target of frustration, source of energy, and inspiration,” said Christopher Zell of Dell Technologies.

Ask yourself, “Why do you want to be a CISO?” Just because you’re in security and CISO is the “top of the cybersecurity food chain” it may not be the appropriate job for you, noted Kevin F. of FNZ Group. And Adam Drabik who is a CISO at Monument RE Group actually had a long list of why you shouldn’t become a CISO. He argued that CISO is a one way role and you can’t really step back into other roles. Although many CISOs do leave to do other projects like consulting, working with VCs, or starting their own cybersecurity startup. Drabik warned, “CISO is really just a fancy name of a junior accountant watching after security budgets and resources. You will be lucky to spend more than 20% time on security proper."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, SPMB Executive Search

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be  JJ Agha, CISO, FanDuel.

Cyber chatter from around the web...

Jump in on these conversations 

"For those who have been in the cybersecurity game for a while now - what advice would you give your younger self, in a single tweet?" (

)

"What's with these job postings?" (

More here

)

"Is Cyber security analyst job actually a boring job?" (

More here

)

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.