View this email in your browser

Defense in Depth

Why YOU Should Be Your Company's Next CISO

How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person?

Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. We welcome our sponsored guest Radley Meyers, Partner, SPMB Executive Search. Here’s what we discussed on the show.

Why does your company’s business even exist? Once you understand that, noted Chris Carter of Optiv, you will be able to understand how value is added or taken away. This requires basic business knowledge. Can you read a profit and loss statement? Do you understand your go to market strategy in the short and long term? “Once the business is no longer abstract to you, the most effective ways to protect it will be readily apparent,” said David Stirling, CISO at Zions Bancorporation.

“Talk about the cost of not doing security NOT the cost of doing it.” This was the advice of Jerich Beason, CISO commercial bank and Capital One Software, Capital One. “Opportunities lost, customer churn, erosion of customer trust, regulatory & legal implications and so on,” said Beason. The goal is to show that the business will win with security. When you can demonstrate that, you’re seen as a business leader that can help the company succeed.

Leadership abilities can shine during a crisis. The business wants more leaders. No one is going to come by and say, “OK, I guess you can be a leader.” As Robert Wood, CISO, for Centers for Medicare and Medicaid Services said, “Just start doing it.” You don’t need titles or authority to lead. “Leaders are bold, they rally people, and they bring vision,” said Wood. That will be seen most notably during a cyber crisis, said André Ferreira, "You need someone you can trust that won’t run away when the proverbial hits the fan, someone that navigates and endures it."

By promoting you to CISO instead of going outside to fill the position, they’ll save money. Many companies may think they need an outside savior. Argue that you’re that person. Give them “a plan to grow from within, instead of going outside to look for unicorns, thereby saving the company money and underscoring the company's self-proclaimed culture,” said Wib J. Gridley. Offer some low cost solutions such as training staff on how to spot phishing and deploying MFA, said Bill Lawrence, CISO, SecurityGate.io.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, SPMB

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Kurt Sauer, vp, information security, Workday.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Cyber chatter from around the web...

Jump in on these conversations 

"I'm bored of cybersecurity - what next?" (

More here

)

"What is the likelihood of hackers brute forcing stolen lastpass vaults?" (

More here

)

"What's your opinion on the current state of Cyber security?" (

More here

)

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.