View this email in your browser

CISO Series Podcast
Who You Gonna Call? LEGAL COUNSEL!

When a cybersecurity incident occurs, who should be the first call the CISO makes? And once that call gets made, what is the CISO’s role in handling the fallout?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Ryan Bachman, evp and global CISO, GM Financial.

A changing of the executive guard?

The rise of SaaS cloud-based solutions has led to a decline in the need for traditional IT departments, making the enduring function of the CIO an open question. CISOs better help manage the wave of Shadow IT, where CIOs remain focused on traditional IT, argued Andy Ellis in a recent CSO Online piece. While not going away entirely, the CIO role could transform into something more focused on business strategy and innovation, potentially merging with the Chief Digital Officer (CDO) role. Meanwhile, the CISO is increasingly filling that void, evolving from managing IT security to encompassing broader enterprise risk management. 

Playing nice with cyber insurance

Potential partnerships between organizations and cyber insurance companies hold a lot of promise. There's a possibility for deeper collaboration on risk mitigation strategies, with insurers leveraging CISOs' insights for better policy pricing and CISOs gaining access to industry threat data, as outlined in a recent Dark Reading piece by Rob Jenks. However, we can’t ignore concerns about how insurers might use the shared information. That data could be used to raise premiums or used against policyholders during claims processing. The immaturity of the cyber insurance market raises questions about the effectiveness of such partnerships over the long haul. 

What does leadership want out of a CISO?

What will the future hold for us? Predicting outcomes for senior leadership is part of a CISO’s job. It’s not easy being a CISO soothsayer, according to a recent post on the cybersecurity subreddit. Success comes from conveying business impact of cybersecurity risks. Executives want to understand the situation and appreciate clear explanations. A successful CISO should frame communication using a clear issue-action-impact structure and acknowledge that executives have limited memory for past discussions.

Who does a CISO call first?

Reporting structure is always a good way to get some heated CISO disagreement. Some argue that reporting to the CEO is the only way for the CISO to be taken seriously, although a case can be made for different reports in a more engineering-led company. But what about when a suspected incident takes place? In that case legal counsel should always be brought in the loop as soon as possible, pointed out Mark Bruns, CISO, FirstBank in a recent LinkedIn post. This doesn’t mean they have to be the first call, CISOs should always lean on established incident response plans. The most important thing is for CISOs is to stick to the plan, rather than making rash calls in the face of a potential crisis.  

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to Seth Earby of Pediatric Associates for this week’s “What’s Worse?!” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Vanta

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

We Want a Solution to Remediate, Not Just Detect Problems…

"Visibility really is key, but do you really need visibility of everything? Or do you have design principles and capabilities that limit what you must watch and things out there that I would say are less valuable? Mos people try to watch everything, and that causes the noise that causes the problem." - Neil Watkins, svp technology and cybersecurity services, i3 Verticals.

Listen to full episode of "We Want a Solution to Remediate, Not Just Detect Problems."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Janet Heins, CISO, ChenMed.

Thanks to our Cyber Security Headlines sponsor, Vanta

Super Cyber Fridays!
Does the Business Understand the Current State of Your Security Program?

Are cybersecurity professionals connecting the dots as to how specific cyber risks impact the day-to-day operations of the business? This was the question I posed to Neatsun Ziv, co-founder and CEO, OX Security in preparation for our discussion, “Hacking the Conversation about Risk: An hour of critical thinking about how to elevate communication with the business” that will be happening this Friday, 06-14-24, on Super Cyber Friday.

Neatsun boiled down the risk conversation to confidently knowing the answers to these three questions:

1. Do I have coverage?

2. How quickly can we fix these problems/remediate?

3. What is the trend? Are we moving up or down (security program vs. growing risks/threats)

Can you answer these questions? What would your environment need to look like for you always know the answer to these questions?

Joining Netsun and I for the discussion this Friday will be Taher Elgamal, partner, Evolution Equity Partners

It all starts at 1 PM ET/10 AM PT and at the end of the hour we’ll have our meetup on Discord. If you don’t already have a Discord account, make sure you get one before Friday’s event.

Register

Thanks to our Super Cyber Friday sponsor, OX Security

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.