Capture the CISO!
Capture the CISO! Season 2 Launches Next Week!

Watch the first 3 contestant videos here!

Super Cyber Fridays!
Join us TOMORROW, Friday [04-12-24] for “Hacking Customer Trust”

Join us Friday, April 12, 2024, for “Hacking Customer Trust: An hour of critical thinking on how to move beyond questionnaires and demonstrate trust in real time.”

It all begins at 1 PM ET/10 AM PT on Friday, April 12, 2024 with guests Sanjay Padval, Group Product Manager, Vanta and Brian Culp, director of trust and quality, Box. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Vanta

Defense in Depth
What Are the Risks of Being a CISO?

In today's current climate, is the role of the CISO still worth it? It seems like with an increasingly complicated threat and regulatory landscape, the position carries a lot of potential liability. Do the upsides still outweigh the risks?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us are our guest, Phil Davis, cybersecurity and privacy attorney at Hall Render, and a former healthcare CISO.

Understanding the role of the CISO

A CISO’s role can seem complicated, with reporting structure and responsibilities varying considerably between organizations. It’s not a one-size-fits-all role. For Jeremy Pickett at MixMode, communication is the main commonality, "I don't think anybody is qualified for the job. The best CISOs effectively communicate upwards the risk of doing or not doing." A CISO role might seem like the end game for a cybersecurity career, but that doesn’t mean it’s the right fit, noted Shawn Riley of Telos Corporation, "I've sat in the CISO seat twice but I'd much rather be a Chief Cybersecurity Scientist. It's significantly more enjoyable without most of the downsides."

Responsible authority

One of the key areas of friction with the modern CISO role is that new regulations seemingly put them on the hook for things outside of their control. "CISOs tend to have more responsibility than authority. This has now become too risky for the gains it offers and may negatively impact people's aspirations for the role," said Aditya Sarangapani of WNS. It remains to be seen how much this will impact recruitment, Michael Scheidell of Security Privateers thinks it should be top of mind for your next job search, "If CISOs don’t have the authority to affect the changes necessary, then they should not be held responsible for the consequences. When evaluating a position with a new company, make sure that the responsibility and the authority balance."

Reporting structure matters

The matter of responsibility and authority for a CISO further come to light in a company’s reporting structure. This can indicate how an organization sees the role, as something akin to an IT manager reporting through the CIO or a cost center reporting to the CFO. "The CISO needs to report directly to the CEO. The ability for career growth and to understand the business in more detail, along with having a true voice at the table will help solve some of the current challenges with the role," said Derek Nugent of Difenda.

Where does the buck stop?

CISOs are clamoring for reasonable expectations for what is their ultimate responsibility. Make this explicit to prospective CISOs. The current regulatory landscape is shifting, hopefully stabilizing in the near future. "If a CISO is responsible for any and all security functions, no dice. Liability should only flow so far up to the person who reasonably knew how or should have mitigated an issue. That's where it should live," said Jeremy Pickett of MixMode.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Sonrai Security

LIVE!
CISO Series Podcast LIVE at BSidesSF [05-05-24]

CISO Series Podcast will be returning to BSidesSF to do another live audiece recording of our show, just before the RSA Conference launches in San Francisco. Joining me on stage will be two CISO Series hosts you know very well: Mike Johnson, CISO, Rivian and Steve Zalewski, co-host for Defense in Depth. Here's everything you need to know:

WHAT: Live audience recording of CISO Series Podcast at BsidesSF 2024

WHERE: Metreon, 135 4th St, San Francisco, CA 94103 (right next to the Moscone Conference Center)

WHEN: May 5th, 2024 from 2:15 PM - 3:00 PM (the event runs all day from May 4th-5th, 2024). We'll be in AMC Theater 13.

COST: Tickets for BsidesSF are $70 and can be purchased here.

HUGE thanks to our sponsor, DEVO, Eclypsium, and NetSPI

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Mike Levin, deputy CISO.

Thanks to our Cyber Security Headlines sponsor, Vanta

Cyber chatter from around the web...
Jump in on these conversations

"Why I shouldn't put important passwords inside a password manager?" (More here)

"Which job should I choose" (More here)

"What types of phishing emails are just plain cruel?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [04-12-24] Hacking Customer Trust

• [04-19-24] NO SHOW

• [04-26-24] Hacking Your Cybersecurity Career

• [05-03-24] Hacking the Value of GRC

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.