- CISO Series Newsletter
- Posts
- 03-17-20 - We Pick the Best Security Awareness Programs for Your Staff to Ignore
03-17-20 - We Pick the Best Security Awareness Programs for Your Staff to Ignore
We Pick the Best Security Awareness Programs for Your Staff to Ignore
This week's episode of CISO/Security Vendor Relationship Podcast
We Pick the Best Security Awareness Programs for Your Staff to Ignore
was recorded in front of a live audience at athenahealth in Watertown, MA. It features, me, David Spark, producer of CISO Series, Taylor Lehmann, CISO, athenahealth, and Marnie Wilking, global head of security & technology risk management, Wayfair. The three of us discussed:
You can’t scare people into becoming aware of security.
Too many security awareness training programs are produced to scare employees into compliance. Fear does not make people care about cybersecurity. You’re looking to change culture. You can do that by making people understand the value of cybersecurity for themselves.
David Spark, producer of CISO Series, Taylor Lehmann, CISO, athenahealth, Marnie Wilking, global head of security & technology risk management, Wayfair
There’s a gentle balance between explaining your category and its value.
You don’t want to confuse people by overexplaining your product’s category. At the same time you also don’t want to hyper-simplify your solution. Recognize that your product falls in a category, you have competition (because there’s always an alternative to buying your product), and you’re solving some problem. Don’t add unnecessary confusion in any of these areas.
Instead of “shifting left” or “getting a seat at the table,” actually be IN the business.
If cybersecurity wants more of a say, they need to show to the rest of the business that their purpose is to help the company move fast and be competitive. Explain and show exactly how cybersecurity can do that.
Special thanks to this week's podcast sponsors, Check Point and Skybox Security.
It's no secret that today's cyber attacks are targeted and sophisticated. Leaving even one point of entry vulnerable to a cyber attack endangers your entire organization.
created the Secure Your Everything Resource Center to help you develop a comprehensive approach to prevent cyber attacks.
, we remove complexities from cybersecurity management. By integrating data, delivering new insights and unifying processes, we help you control security without restricting business agility. Our comprehensive solution unites security perspectives into the big picture, minimizes risk and empowers security programs to move to the next level.
We'll do live events again soon
I'll be brutally honest, this pandemic is scaring the crap out of me too. I've enjoyed our live shows, we were planning more, plus a full day event. But as you might assume, we're putting a pause on all of that right now. Let's all get through this so we can go back to getting together and having a good time.
Law Firms: The Third Party You Have to Worry About
“Law firms have an extraordinary amount of client data that they receive and historically law firms aren’t great about getting rid of it,” said Mark McCreary, co-chair, privacy and data security practice, Fox Rothschild, in our conversation at Cybertech 2020 in Tel Aviv.
Law firms often represent companies that have a lot of enemies and while their clients may have good defenses, the law firm potentially doesn’t. Given this commonly known weakness, law firms have become very attractive vectors to steal sensitive data.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.