View this email in your browser

CISO Series Podcast
A Stressed CISO Is a Happy CISO

Recent research shows that CISOs feel their jobs are harder than ever with higher levels of stress. This comes from unrelenting and escalating threats to organizations as well as higher levels of regulatory scrutiny. Yet the same research shows CISO job satisfaction increasing. How do we make sense of this contradiction?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Shawn Bowen, CISO, World Kinect Corporation. 

CISOs working harder and happier

Given the rise of copious ransomware organizations and state-backed cyberespionage as a routine matter of international relations, it’s no wonder most cybersecurity professionals report their jobs getting harder over the last few years, according to ESG and ISSA survey data. But only about a third of all CISOs felt the same way. This came even as CISOs reported job satisfaction numbers above the overall industry average. So why are CISOs more satisfied even as the industry gets more difficult? Part of it could be CISOs continue to make gains into corporate leadership. While their jobs aren’t getting any easier, it seems having a seat at the decision making table makes those burdens easier to bear. 

When is it time to leave the industry

One of the symptoms of job dissatisfaction we talked about above throughout the cybersecurity industry is burnout. As discussions of burnout become more common and accepted, we get a better understanding of what causes it in cybersecurity.  A thread in the cybersecurity subreddit pointed to pain points that lead to burnout, like organizational disconnects, a lack of proper change management, and feeling alone in the security mission. The biggest question is when does burnout mean you need some time off or a new job, and when does it require looking to exit the industry?

Understanding the vendor landscape for software supply chain security

Since the attack on Solarwinds a few years ago, securing the software supply chain has been a hot topic. This is especially the case in open source software used as the basis for countless commercial apps. Because there was a market need, numerous startups and established vendors have pivoted to address the software supply chain space, offering solutions across source code, build, and deployment. So where do CISOs get the most value out of these vendors? According to the folks over at TL;DR Sec, organizations can see the most value with vendors that allow them to bridge the gap between engineering and security. Enabling a virtuous cycle between the two put organizations in the best spot to deal with the software supply chain challenge. 

Using LLMs to hack websites

Since ChatGPT and other GenAI solutions have become generally available, we’ve seen people raising red flags about the cybersecurity implications. The immediate threat seemed to be improved social engineering. But now it appears that they can also be effective tools at attacking website. HackersBait highlighted a research paper showing GPT-4 was able to successfully attack sandboxed websites most of the time, a massive improvement compared to attempts with older LLMs. Given that these models will only become more capable and ubiquitous, it puts more emphasis on cybersecurity hygiene practices like WAF, patching, and secure coding.  

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Listen to the episode.

Thanks to our podcast sponsor, Silk Security

CISO Series Podcast LIVE in Mountain View, CA (04-17-24)

We're coming back to Mountain View, California, this time to close out Planet Cyber Sec's CISO-CIO Forum. Joining me on stage will be Mike Johnson, CISO, Rivian and TC Niedzialkowski, CISO, Nextdoor.

Here's everything you need to know:

EVENT: Live audience recording of CISO Series Podcast at Planet Cyber Sec's CISO-CIO Forum

DATE: April 17th, 2024

WHERE: Hyatt Centric Mountain View (409 San Antonio Rd, Mountain View, CA 94040)

TIME: We're closing out the show at 4:00 PM PT

TICKETS: This is an executive level event, so you need to apply to attend. From their website: "We invite qualified CISOs, Directors of Information Security, CIOs, and their deputies to attend our exclusive, collaborative in-person event. CISOs are encouraged to bring their General Counsel or Chief Privacy Officer to this event for a collaborative learning experience."

Thanks to event producer, Layer 8 Masters.

More info on our site

Thanks to our sponsors, Eclypsium and Normalyze

Improving the Responsiveness of Your SOC

"The way that I think about cybersecurity in general is how do you separate telemetry by malicious versus benign behavior? If we all lived in this perfect world, we could just block everything from happening on a computer, and we would have no cybersecurity problems except you couldn’t use anything. So, we have this kind of process of separating these things out." - Spencer Thompson, CEO, Prelude.

Listen to full episode of "Improving the Responsiveness of Your SOC."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Yaron Levi, CISO, Dolby.

Thanks to our Cyber Security Headlines sponsor, Varonis

Super Cyber Fridays!
Offloading Human Interaction in the SOC

When we’re discussing detection and response, speed is often a key metric. That makes when you’re on the defensive and reacting to emerging threats. At scale, this can easily overwhelm the SOC, said Matt Hand, principal security engineer, Prelude. Luckily advances in AI are making a big difference in this space.

Check out this preview of our Super Cyber Friday event happening this Friday, March 29, 2024. Our topic will be “Hacking Detection and Response: An hour of critical thinking of improving the efficiency of your incident response team. ”

REGISTER FOR 3-29-24 Super Cyber Friday Event

Joining me and Matt will be Kurt Sauer, CISO, DocuSign.

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we’ll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!

Register

Thanks to our Super Cyber Friday sponsor, Prelude

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.