Super Cyber Fridays!
Join us TOMORROW, Friday [04-05-24], for "Hacking Security Vendor Pitches"

Join us Friday, April 5th, 2024, for “Hacking Security Vendor Pitches: An hour of thinking of how vendors communicate their value to buyers.”

It all begins at 1 PM ET/10 AM PT on Friday, April 5th, 2024 with guests Hadas Cassorla, CISO, AssuredPartners and Lee Parrish, CISO, Newell Brands. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Defense in Depth
Onboarding Security Professionals

Onboarding new cyber talent sets the tone for their tenure with your organizations. What are the mistakes CISOs should avoid, and what are the best ways to excel?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Our guest is Paul Connelly, former CISO, HCA Healthcare.

Set the tone with company culture

When bringing in new talent to the team, it’s essential to set expectations from the start. This should include day-to-day priorities, but you also need to give them the big picture. "We always go over the team's strategy and initiatives to give an idea of what they’ll be engaged in and to show how it ties in to the overall security initiatives. Establishing a sense of community will be important so people don’t feel isolated,” said Christine Ko of Dell Technologies. Organizations also need to set up a framework where new talent feels empowered to ask questions, recommended by Dan j. Krueger of Grainger, "Add a daily touchbase meeting for 15 to 30 minutes especially during the first week or two to make sure you answer any questions the individual may have. I also assign a peer as a 'buddy' that they can reach out to about our IT environment."

Bring new talent into the organization, not just your department

If we want a security department to have deep ties around the rest of the organization, that can start with new hires. Enforce this outlook from the start. "Introduce them to the key non-technical and non-security team-members they will need to know. Having a ‘friend’ on the Legal team and Privacy teams is a critical relationship," said Jonathan Waldrop, CISO, The Weather Company. As Carlos Guerrero of 360 Advanced put it, “cross pollination” with the rest of the organization can benefit everyone, saying, “I always use the ‘front of house’ and ‘back of house’ restaurant analogy. Gotta be in sync to provide the ultimate customer experience."

Use onboarding as a chance to improve process

A new employee gives you an opportunity to see your processes through fresh eyes. Get creative and embrace that feedback. "Implement an information scavenger hunt to gamify the discovery process and have them report back with their findings. Taking this approach shows you where you have gaps between documented knowledge and institutional knowledge to resolve," said James Barnes of Leidos. The resources a new employee needs can also serve as a check if practice isn’t aligned with policy. "I built an ‘onboarding binder’ that included corporate strategy, IT strategy, audit plans, assessments, and pen test. Then I would make sure that I personally walked the new employee through the binder even if it wasn't a direct report, with emphasis on strategy, corporate culture, and team culture," said Carlos Rodriguez of CA2 Security.

Leadership onboarding is not exempt

These points don’t just apply to the rank and file. Leaders in the cybersecurity department need to think about how onboarding will impact their relationship with staff. This means prioritizing facetime as soon as possible. Otherwise staff quickly become disengaged from faceless leadership. People will work best when they feel valued, noted Ryan Lindley of PeopleConnect, "Paying attention to the small details that make people feel valued lays the foundation for strongly engendered loyalty and a desire to excel."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our other unwitting contributor for today’s show, Joel A. of Lineage.

Listen to the episode.

Thanks to our podcast sponsor, OffSec

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Steve Gentry, advisor, Clari.

Thanks to our Cyber Security Headlines sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

"Which cyber security company(s) would you invest in?" (More here)

"Can we talk about pay?" (More here)

"National Cyber Director Wants to Address Cybersecurity Talent Shortage by Removing Degree Requirement" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [04-05-24] Hacking Security Vendor Pitches

• [04-12-24] Hacking Customer Trust

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.