- CISO Series Newsletter
- Posts
- [05-30-23] Failure Is The Likely Option
[05-30-23] Failure Is The Likely Option
Failure Is The Likely Option
CISO Series Podcast
Failure Is The Likely Option
This show was recorded in front of a live audience in New Orleans as part of the BSidesNOLA 2023 reboot conference. The episode features me, David Spark, host and producer of CISO Series. My guest co-host is my former co-host, Allan Alford, CISO for Precedent and host of The Cyber Ranch Podcast. Our guest is Mike Woods, corporate CISO for GE.
We always say, “trust but verify,” but how do you actually verify? This was a question Allan posted to LinkedIn for which many people really struggled. Like everything in security, verification is not a one and done effort. It requires continuous checking and most importantly it’s best when the vendor does the verification for you, so you don’t have to keep asking for it.
When it comes to cut budget, make sure you’re already in the mind of the CFO. It’s important that the CFO understands the impact budget cuts have on a security program. Less security will affect the company’s risk profile. So before budget time rolls around, make sure you’re already in conversation with the CFO so that you understand their world and they understand your world. If something gets cut, the CFO has to accept that the company will be opening themselves up to more risk in that specific area.
Even if you do it just a little, you’ll get burned if you stretch the truth of your product’s capabilities. Allan posted about the danger of vendors waffling even a little on their capabilities. It can quickly venture into snake oil. This often happens when there’s a lack of alignment between marketing and engineering. When you have poor communications between those creating and delivering the product or service and those communicating about those capabilities, it is inevitable you’ll have problems. Better alignment is necessary so as to not slide into snake oil. What should engineering be telling marketing, and what should marketing be asking for if they're not getting it?
What’s the difference between a good cybersecurity professional and a great one? This question was asked on the cybersecurity subreddit. The most popular responses included:have technical knowledge, don't be the boy who cried wolf, don't try to be the hero, be willing to own up to your mistakes, and the most popular answer was the need for communications and charisma because you're going to need to do a lot of persuading.
Listen to the full episode over on our blog or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to our podcast sponsors, Conveyor, Nightfall AI, Rapid7
Best advice I ever got in security...
"Probably the best game plan, never blocked or tackled. It’s a Vince Lombardi quote. If you don’t know football, he’s the guy on the trophy. That means you got to execute, and you got to follow through." - Mike Woods, CISO, GE
Listen to full episode of
Reputational Damage from Breaches...
"For the healthcare industry, this is something that we always worry about. We know that there are fines, we understand that we have to take care of those fines, but at the same time the most important for us is making sure that we take care of the organization's reputation, so we work every day to make sure of that." - Cecil Pineda, CISO, R1
Listen to full episode of
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
Make sure you
to join the LIVE "Week In Review" this Friday for
Cyber Security Headlines
with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Howard Holton, CTO, GigaOm.
Thanks to our Cyber Security Headlines sponsor, Barricade Cyber Solutions
Super Cyber Fridays!
We Want Guidance on How to Manage Risk
"People in the GRC world, we like frameworks, and we like checklists. We like a clear model," said Meghan Maneval, director of technical product management, RiskOptics. "And risk management just doesn't have that." It's frustrating because everyone wants a better understanding of what their risk is.
In this video, Meghan and I talk about this frustration all as a tease for our chat we're going to be having this Friday (June 2nd, 2023) for Super Cyber Friday: “Hacking the Future of Risk Management: An hour of critical discussion on how we need to evolve our measurement and reduction of risk.”
Joining me and Meghan will be Jo-Ann Smith, CISO, Long View Systems.
It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face.
Thanks to our Super Cyber Friday sponsor, RiskOptics
Live show!
CISO Series Podcast LIVE in Denver 6-7-23
Here's a preview video of the live audience recording of the CISO Series Podcast at the Rocky Mountain Information Security Conference (RMISC) in Denver. Joining me on stage will be Michelle Wilson, CISO, Movement Mortgage and Jay Wilson, CISO, Insurity.
WHEN: RMISC conference runs from June 7th to June 9th, 2023. We'll be kicking off the event on June 7th with our recording at 4:30pm MT. Right after our session will be a welcome reception and game night. Looking forward to that. They better have pinball!
WHERE: Colorado Convention Center, 700 14th St, Denver, CO 80202HUGE thanks to our sponsor, Trend Micro
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.