View this email in your browser

CISO Series Podcast
​​Your Biggest Threats Don’t Get a Ransom Payment, They Get a Paycheck

The creativity of threat actors doesn’t hold a candle to how much trouble your own staff can cause. That’s not even accounting for malicious insiders. Accidental security incidents remain a thorn in the side of organizations. What can we do to prevent such friendly fire?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Alex Green, CISO, Delta Dental.

Identity is not the final frontier 

Remember when identity was going to solve all of our cybersecurity woes? Authentication and access controls are understandably pillars of cybersecurity. So why do they increasingly feel more vulnerable than ever? The vast majority of organizations have experienced identity-related breaches, according to research cited by Mary Pratt at CSO Online. A lot of this comes down to identity serving as the network perimeter. When the gate to accessing your organization is identity, inevitably threat actors will target it. But organizations need to look at structural assumptions with identity to better improve their posture for it to continue to be effective, starting with the help desk.

Identifying essential cybersecurity skills

Every security team needs to figure out the best way to allocate budget. A big part of this is deciding what items require in-house expertise. Outsourcing can be efficient, but some things you need to have in the organization itself. How do you decide what can be outsourced? This question came up in our recent AMA on the cybersecurity subreddit. For Howard Holton, CTO at GigaOm, the main deciding factor to keep something in-house comes down to institutional knowledge. If a task requires a deeply ingrained institutional knowledge base, it’s generally worth the price to keep that local. 

How do you build relationships in your org?

We often hear advice that a cybersecurity staff needs to talk with the rest of the organization. Those in compliance could probably do their jobs better if they had knowledge of what the SOC team is doing, noted William Klusovsky of Stratascale. But building those relationships is easier said than done. A lot of this can be accomplished through existing mentorship programs. Cybersecurity staff should take those opportunities to learn from those outside their direct reporting structure, to get a broader perspective on how the organization works. 

Changing the narrative with cybersecurity hiring

There’s no shortage of advice out there when it comes to building a cybersecurity career, from interviewing, to performance, and mentorship. But a lot of that advice doesn’t apply to the neurodiverse community. We received an email from Sandy Taggart of Reboot IT, who rightly pointed out that even seemingly innocuous recommendations like maintaining eye-contact with a supervisor flies in the face of the challenge this community faces. Organizations who don’t educate themselves and embrace neurodiverse candidates do so at their own peril. This is a massive pool of talent that is still vastly underutilized even as we constantly hear about cyber skill shortages. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our contributor George Strassburger, SG Computers for providing this week’s “What’s Worse?!” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Silk Security

PREVIEW: CISO Series Podcast LIVE in Mountain View 4-17-24

Big news! CISO Series Podcast makes its triumphant return to Silicon Valley as the afternoon entertainment at Planet Cyber Sec's CISO-CIO Forum in Mountain View, California on April 17, 2024. Joining me on stage will be Mike Johnson, CISO, Rivian and TC Niedzialkowski, CISO, Nextdoor.

This is an executive level event, so you need to apply to attend.

WHERE: Hyatt Centric Mountain View (409 San Antonio Rd, Mountain View, CA 94040)

HUGE thanks to our sponsors, Eclypsium and Normalyze

How to Improve Your Relationship With Your Boss

"As the coach, you’re kind of watching everyone and likewise for the team, they should be doing the same thing. They’re watching everyone on the court and they’re also watching themselves and being introspective with themselves and taking a self-audit of their tool sets and their strengths and weaknesses." - Jerry Davis, division director for cyber defense at Truist Bank.

Listen to full episode of "How to Improve Your Relationship With Your Boss."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Steve Gentry, advisor, Clari.

Thanks to our Cyber Security Headlines sponsor, Vanta

Super Cyber Fridays!
Join us this Friday [04-05-24], for "Hacking Security Vendor Pitches"

Join us Friday, April 5th, 2024, for “Hacking Security Vendor Pitches: An hour of thinking of how vendors communicate their value to buyers.”

It all begins at 1 PM ET/10 AM PT on Friday, April 5th, 2024 with guests Hadas Cassorla, CISO, AssuredPartners and Lee Parrish, CISO, Newell Brands. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.