- CISO Series Newsletter
- Posts
- 04-14-20 - We've Got a Dozen Features. Only Two Work.
04-14-20 - We've Got a Dozen Features. Only Two Work.
We've Got a Dozen Features. Only Two Work.
This week's episode of CISO/Security Vendor Relationship Podcast
We've Got a Dozen Features. Only Two Work.
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Yaron Levi, CISO, Blue Cross Blue Shield of Kansas City. The three of discussed:
Startups have to be wary of offering too much out of the gate.
Be laser-focused on your offering and the audience you want to hit. Don't try to bite off too big of a market by throwing in additional, not well thought-out, features. If a few are weak, and some are strong, your key audience will lose trust in the strong ones.
A customer's success will mimic a vendor's success.
A buyer wants to watch you succeed so that they can succeed alongside you. Security professionals need to be right all the time. That's a real tall order since we're all human. They're looking for vendors who are eager to maintain the same stringent quality mandate.
Vendor-derived meters require transparency.
Many vendors are offering tools with meters to display your security status. Obfuscated formulas are often at the heart of these meters. For a CISO to take the meter and the metric its measuring seriously, transparency is key. Otherwise, it's just a pretty dial that doesn't mean anything to a security professional.
COVID-19 phishing tests are a really bad idea.
While you're probably getting hammered with COVID-19 themed phishing emails, that doesn't mean you should be using the same technique on your staff. Yes, train them to be wary of such emails like any security training, but at the same time, don't feed into the overall fear we're all still trying to manage.
Special thanks to this week's podcast sponsor, DivvyCloud.
DivvyCloud provides continuous security and compliance across all CSPs and containers, including AWS, GCP, Azure, Ailibaba, and Kubernetes, providing a comprehensive view of what’s in your cloud, along with the tools and automation you need to manage it today, tomorrow, and into the future as your business grows and changes.
TWO CISO Series Video Chats This FRIDAY [4-17-20] Hacking Zero Trust
Please join us on April 17th, 2020 at 10 AM Pacific for the triumphant return of the CISO Series Video Chats, "Hacking Zero Trust: An hour of critical thinking on what it means to always verify access to people, data, and networks”.Watch this video which outlines the highlights of our discussion.
Next FRIDAY [4-24-20] Hacking the Modern Workforce
Join us for “Hacking the Modern Workforce: An hour of critical thinking about managing access in a dynamic workplace”.
It’s happening on April 24th, 2020 at 10 AM Pacific/1 PM Eastern.
This will be an open conversation on an issue that is top of mind with everyone. Since today’s employees are using varying technologies, working from numerous locations, and have differing career paths and tenure, what are the connectivity, governance, and management issues? Supporting countless devices, applications, and systems with access to key data is harder to manage than ever before. It’s imperative to ensure employees have the right access privileges required to do their job, but how can organizations balance efficiency with security?
I will lead this discussion with John Racine, managing director, Core Security and Davi Ottenheimer, vp, trust and digital ethics, Inrupt.
Special thanks to Core Security, a HelpSystems company, for sponsoring this live video chat.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.