03-19-20 - Which C-Level Executive Has the Guts to Prioritize InfoSec?

Which C-Level Executive Has the Guts to Prioritize InfoSec?

March 19, 2020

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Who Should the CISO Report To?

Defense in Depth: Who Should the CISO Report To?

 On this episode of Defense in Depth:

Special guest co-host Yaron Levi, CISO, Blue Cross Blue Shield of Kansas City and guest Gary Harbison, vp, global CISO, Bayer, discussed:

  • We're having this discussion because as Allison Berey, M:CALIBRATE explained, "Wrong reporting lines can mean poor decision-making."

  • There is no definitive answers as to what the reporting line should be. The final answer on this this discussion was "it depends."

  • A CISO's placement within an organization should depend on where a company derives its value.

  • All companies say security is important. How they place the CISO within the reporting structure and the influence they have on the organization is very telling as to whether the company truly does value security.

  • There was a lot of concern reporting to other C-level executives that are not the CEO as the CISO's concerns could play second fiddle to a CFO, CIO, or CRO's primary desires.

  • Many felt the most desirable reporting line was CISO-to-CEO.

  • But, assuming every department is dealing with some sort of business risk, don't they all have the right to report to the CISO? Where do you draw the line?

Thanks to this week's sponsor of Defense in Depth, IBM Security.

IBM Security

IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.

John Meakin, CISO, Equiniti on being a valued CISO

 Learning new skills! 

Israelis’ Built-In Cyber Vigilance

Israelis’ Built-In Cyber Vigilance

From the day you’re born in Israel, there is this sense of built-in vigilance, said Yaron Levi, CISO, Blue Cross/Blue Shield of Kansas City in our conversation at Cybertech 2020 in Tel Aviv.

It’s due to the situation Israelis are in on the world stage. That combined with the minimal number of resources, Israelis have no choice but to think critically and innovate about cybersecurity. It’s very different than how we operate in America. Israelis start with a mindset of defense. In the US, we start with a mindset of compliance, said Levi who jokes that the American cyber professionals are more afraid of the lawyers then the hackers.

Olivia Rose, CISO, Mailchimp on the importance of people skills

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.