[05-23-23] A Fireman? A Princess? How About a CISO?

A Fireman? A Princess? How About a CISO?

May 23, 2023

CISO Series

CISO Series Podcast

A Fireman? A Princess? How About a CISO?

A Fireman? A Princess? How About a CISO?

As children, we don't dream of becoming a CISO, but yet we still have them. What is it a security professional can learn or even show to demonstrate that they're getting ready for the position of a CISO?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our guest is Paul Connelly, former CISO, HCA Healthcare.

What don’t CISOs know about physical security? CISOs who are about to become CSOs, covering both disciplines of physical and digital security must realize that they may never own physical security. That may be the responsibility of facilities who won’t necessarily get along well with you, said Andy Ellis. Unlike digital security, with physical security people are constantly interacting with your physical controls. Another unique difference is that digital security is enterprise focused while physical security is local, said Paul Connelly.

How do I create that path to prove I can be a CISO? Security professionals usually start out technically and don't get any of that unique CISO training which is more focused on business, communications, and risk management. To create your path, you need business mentors. Look to your peers who are stakeholders in other departments for that guidance. Also, begin to learn their motivations and be empathetic.

How does a board behave differently once it’s cybersavvy? Andy Ellis has said on the show that if the CISO is the only one educating the board about cybersecurity, then they can only make decisions on what information they had previously. There’s now a push for more organizations to have some type of cybertalent on the board. When the board has more cyber knowledge, it can go deeper into the inner workings of a security program rather than take what the CISO says at face value.

Overcoming behaviors that are not becoming of a CISO. On CSO Online, Jaikumar Vijayan wrote a very click-baity article entitled, "5 ways to tell you are NOT CISO material.” Those are:

  1. - Being risk averse 

  2. - Wanting to do it all

  3. - You don't like business speak

  4. - You can't sell security

  5. - Being overly technical

Andy and Paul admitted that being risk averse and wanting to do it all were qualities they wanted to do, but needed to manage as they stepped into the CISO role. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Nightfall AI

Nightfall

Best advice I ever got in security...

"The best advice for me was start with the mission of your organization and make sure that you’re connecting your program to that mission. I’ve worked in healthcare the last 20 years, and it’s all about taking care of patients, and my program ties to that." - Paul Connelly, former CISO, HCA Healthcare

Listen to full episode of

Do RFPs Work?

"The reality is if you have a very specific thing that everybody knows what the details and specifications and attributes of that thing are, an RFP is great. Because, again, you're presuming there's a level playing field, that you're just buying widgets, and everybody's widgets are basically the same but you're trying to suss out what are the differences between the people selling you those widgets. That is just not the case at all in the security space." - Geoff Belknap, CISO, LinkedIn

Listen to full episode of

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Rich Greenberg, distinguished fellow, ISSA International.

Thanks to our Cyber Security Headlines sponsor, Sonrai Security

Sonrai Security

 Sponsored content AI Attacks Are More Frequent and More Tailored

AI Attacks Are More Frequent and More Tailored

We’re going through a period of increased scrutiny around AI these days and who knows if regulations can be put in place to curtail the negative uses, but it’s definitely not happening soon enough. Our information is being used against us just like it always has, but thanks to AI it’s happening at a higher rate. Attempts to subterfuge our platforms using phishing has just more often and with better tailored messaging to the individual. An even more customized email blast if you will.

In this sponsored guest interview with Patrick Harr, CEO, SlashNext, we discussed how phishing behaviors have changed.

Watch the videoHUGE thanks to our sponsor, SlashNext

SlashNext

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.