View this email in your browser

CISO Series Podcast

Can’t You Just Pop Out of Zeus’ Head a Fully Formed Security Professional?

This week’s episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. Our guest is Joe Lewis, CISO, CDC. We discussed the following:

We’re going to lose more CISOs if they don’t get some support. This was the warning from Dan Maslin, a group CISO at Monash University. Are CISOs in such a dire situation of being poorly understood and appreciated that they’re ready to just leave the profession? 

“If you have to educate somebody every single time you bring a new risk to them, you run a different risk which is the moment you start to talk about the risk, people use whatever their current understanding is to make a decision about it,” said Andy Ellis. The reason we need cyber literacy is so they have references to draw on to be able to make a decision.

How important is it for a security vendor to publish pricing on the web? Lesley Carhart of Dragos is frustrated when she’s interested in a product but can’t find pricing. Unless it’s a self-service SaaS vendor, most B2B vendors don’t publish their pricing (and apparently Dragos doesn’t either. I couldn’t find pricing on their site). While we don’t think pricing is necessary, we do think it’s critical to provide lots of information, such as a video demo, so the security buyer can do their own research. 

Companies want to hire security professionals who already know everything. "The military will take an 18-year-old and turn him or her into a soldier in 16 weeks. They will continually train that soldier over the course of their employment," said Chuck Mackey of Fortress SRM. Problem is corporations in dire need for cybersecurity help have little to no means to train. They're just hoping they'll show up perfect and ready to fight in a digital war. If cyber training was more institutionalized within organizations, like the military, businesses wouldn’t find themselves in this perpetual need to hire skilled professionals.

What we don’t know just makes cybersecurity that much more difficult. The asset management industry has been living off the well-understood and accepted mantra of “you can’t protect what you don’t know.” But “the not knowing” also adds complexity to your security program. "How much do unmanaged assets slow down your incident response and vulnerability management process,” asked Steven Palange of TLIC Worldwide.

Listen to the full episode right here or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Cyolo

What I love about cybersecurity...

"It really is a place for everybody. As an industry, we attract people like boxers and nurses and people from IT Ops and Audit and all kinds of really interesting places, and as a result, we get some of the best people." -  Joe Lewis, CISO, CDC

Listen to full episode of

"Can’t You Just Pop Out of Zeus’ Head a Fully Formed Security Professional?"

How to Always Make a Business Case for Security...

"[M]any CISOs in companies have an important responsibility, but unfortunately they don’t have the authority. And they’re expected to do great things for the business. They’re expected to protect the business. They’re expected to create processes to mitigate or eradicate risks. They’re expected to implement things that affect the entire organization. But then they get a lot of pushback because the people and the company’s buy in that they need they don’t have the authority to implement it." - Sravish Sridhar, founder and CEO, TrustCloud

Listen to full episode of

"How to Always Make a Business Case for Security"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Steve Zalewski, co-host, Defense in Depth.

Thanks to our Cyber Security Headlines sponsor, Tines

CISO Series Podcast LIVE!

[5-3-23] BSidesNOLA 2023 and CISO Series Podcast – It’s Happening!

Here’s a little preview video

of what’s going to happen at BSidesNOLA 2023. This is going to be a star studden cyber nerd event with Winn Schwartau and BSides co-founder Jack Daniel. We’ll be doing a live audience recording of CISO Series Podcast with my former co-host, Allan Alford, CISO Precedent and host of The Cyber Ranch Podcast and Mike Woods, corporate CISO, GE.

Here’s everything you need to know.

WHEN: May 3, 2023 (BSidesNOLA 2023 is a full day event. We’ll be closing out the fun at 3:20 PM ET.)

WHERE: Hyatt Centric French Quarter New Orleans (800 Iberville Street, New Orleans, Louisiana, 70112)

>> REGISTER HERE <<

Huge thanks to our sponsors: Conveyor, Nightfall AI, and Rapid7

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.