- CISO Series Newsletter
- Posts
- [04-09-24]--Our Benefits Include Medical, Dental, and Burnout
[04-09-24]--Our Benefits Include Medical, Dental, and Burnout
Aaron
April 09, 2024
Capture the CISO!
Capture the CISO! Season 2 Launches Next Week!
Watch the first 3 contestant videos here!
CISO Series Podcast
Our Benefits Include Medical, Dental, and Burnout
Retaining cyber talent isn’t easy. Organizations often don’t know what keeps an employee from going elsewhere. Compensation is always important but often not the only factor in retention. So why do organizations often not prioritize what matters most to key employees?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Joshua Brown, vp and global CISO, H&R Block.
Understanding what keeps talent
In an age when we constantly hear about a cyber talent shortage, why do many organizations not see what keeps talent around? You might think it always comes down to fair compensation. Money is important, but retention also requires a vision for both the employee’s career and the security program they are in, according to the Crux Cybersecurity Talent Market Report. Employees value having a career path beyond an immediate paycheck, with clear expectations and responsibilities.
The work from home genie is out of the bottle
When work from home proliferated by necessity in 2020, many wondered if we’d ever go back to pre-pandemic office life. If you ask most employees, the answer is decidedly “no.” Mark Dobson highlighted a recent experiment from Expensify, which found there weren’t any carrots employers could offer that would make people consistently go back to working in the office 9-5 every day. Rather than fight against the reality of the new workforce, organizations need to realize that insisting on a mandatory return to office program is a matter of talent retention. Work from home is a very real benefit that staff values. Avoid the war of talent attrition. Design security programs to better account for this reality.
Understanding the human impact of a breach
When a security incident makes breaking news, reports understandably focus on hard metrics. How many people were impacted? What data was lost? How much money? Who was behind it and how did they get in? Lost in the initial rush of information is appreciating the human cost of a cybersecurity incident. Going beyond the anecdotal, research from the Royal United Services Institute found breaches lead directly to burnout, anxiety, and in rare cases suicidal thoughts. Organizations need to start accounting for the human cost of high-pressure cyber situations like breaches. Employees put a lot of importance in how they do their jobs, and being the failure point for a cyber swindle can have real emotional impacts.
Connecting metrics with the board
Connecting cybersecurity risk management to the rest of the business is a critical part of a CISO’s job. Metrics are a great way to build that connection. Boards won’t care about your SOC process automation until you can show clear metrics how it leads to productivity gains across the business, argued Sravish Sridhar at Dark Reading. Keeping metrics tied to growth, expenses, people, and risk is a great foundation for effective communication with the board.
Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to our contributor Elliot Lewis for providing this week’s “What’s Worse?!” scenario.
Thanks to our podcast sponsor, CyberMaxx
What I hate about cybersecurity…
"I think the thing I hate the most is the gatekeeping. We are in an industry that has had a perennial shortage of talent. The numbers vary wildly, but you hear just constantly people applying for these roles. ‘I’ve applied for 100 jobs. I’ve applied for 200 jobs. I haven’t got a single callback.’ And we, as an industry, are complaining that we can’t find the right people, and yet we’re not willing to open the door for people that are kind of nontraditional to come in. And that’s something I’ve done in my department, and it’s made a huge world of difference." - Joshua Brown, vp and global CISO, H&R Block
Listen to full episode of "Our Benefits Include Medical, Dental, and Burnout."
Onboarding Security Professionals…
"While compensation is a huge factor in keeping people and attracting people, they also want to know about the mission—is it something that they can develop a passion for? Are they going to have an opportunity to learn and grow? What’s the team culture like? What’s the management like? And those are all factors that starting the day they walk in the door you can really make a huge impression that will carry forward for a long time." - Paul Connelly, former CISO, HCA Healthcare.
Listen to full episode of "Onboarding Security Professionals."
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
LIVE!
Cyber Security Headlines - Week in Review
Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Mike Levin, deputy CISO.
Thanks to our Cyber Security Headlines sponsor, Vanta
Super Cyber Fridays!
Improving the Vendor Trust Relationship
No one considers annual questionnaires as an effective way of building trust with a vendor. Trust centers have sprung up to better feed this need, offering direct self-service access, noted Sanjay Padval, staff product manager, Vanta. The challenge remains making these trust centers as close to real time with information as possible.
Check out this preview of our Super Cyber Friday event happening this Friday, April 12, 2024. Our topic will be “Hacking Customer Trust: An hour of critical thinking on how to move beyond questionnaires and demonstrate trust in real time.”
Joining me and Sanjay will be Brian Culp, director of trust and quality, Box.
It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we’ll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!
Thanks to our Super Cyber Friday sponsor, Vanta
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.