View this email in your browser

CISO Series Podcast
How to Get the Most for Yourself Through Altruism

When we talk about giving back to the community, there’s an inevitable element of self-interest layered on as well. Sure your blog provides information to others, but it also raises your profile. It’s a mutually acceptable practice. I provide value for the community free of charge, but I still get something in return.

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron.

SEC disclosure rules require cyber readiness

The new SEC incident disclosure rules require cyber readiness not just for CISOs, but for all executives. Organizations need to plan for compliance by implementing a cyber readiness program and iterating on incident response plans, said Chris Crummey in a recent Dark Reading piece. This requires a unified incident response plan that avoids fragmentation by integrating marketing, technical, and security. Of course, cyber readiness also carries broader benefits. It increases executive awareness and aligns cyber response with existing business continuity plans, fostering a more cohesive and prepared organizational environment.

Breaking up the “boys club”

It’s no secret cybersecurity still suffers from a "boys club" mentality. To help combat this, organizations need to foster active participation from men in supporting women. Survey data from the non-profit WiCyS reveals that many women in cybersecurity face career growth issues and exclusion. It isn’t enough for men to identify as allies with these issues. They need to be accomplices, actively participating rather than passively supporting. Men can actively sponsor women by advocating for them in rooms they're not present in and using their influence to create opportunities. Building an inclusive environment requires recognizing and eliminating micro-exclusions, engaging in conversations beyond typical male interests, and ensuring all team members feel included. Organizations can promote diversity through genuine inclusion efforts, rather than tokenistic hiring practices. 

Building a threat intelligence ecosystem

Setting up and managing the growth of an internal threat intelligence program is not a trivial task, said Michael Way in a recent LinkedIn post. Managing intelligence is inherently complex and requires a robust ecosystem that balances automation, outsourcing, and community membership. Cybersecurity leaders should focus on a more agile defensive posture that can adapt to incoming intelligence, rather than relying solely on threat intelligence feeds without actionable outcomes.

Blending InfoSec communities and careers

The InfoSec community offers a lot of opportunities to advance your career. But this requires proactive involvement in community events and organizations, said Phil Venables. Consciously investing time in specific organizations and taking on leadership roles goes a long way. The key is defining a mission for your community involvement and aligning it with your career goals. This isn’t a strictly transactional relationship, you need to establish relationships before you need them, participate in events, and be visible in the community. The hard work of building genuine connections within the community can significantly enhance career prospects, but it’s not a shortcut.

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to Nir Rothenberg, CISO, Rapyd for providing our “What’s Worse” scenario.

Listen to the episode.

Thanks to our podcast sponsor, Vanta

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Andrew Cannata, CISO, Primo Water.

Thanks to our Cyber Security Headlines sponsor, Entro

Super Cyber Fridays!
Answering SEC's Question of Materiality of a Breach…

What is the "materiality" of a breach?

Jason Clark, chief strategy officer for Cyera, and I discussed trying to answer this amorphous question that the SEC presented to companies and CISOs all over the U.S. Jason spells out that definition of "materiality" from a financial perspective, but does that coincide with materiality from an information security perspective? We're realizing that the SEC created that vague definition because they don't know the answer either. This will be worked out over time. While that's being figured out, do you have systems and your data in place where you WILL be able to answer that question? That will be the basis for our discussion this Friday on Super Cyber Friday.

Please join us! Joining me and Jason Clark will be Dustin Wilcox, VP and CISO, Elevance Health.

Super Cyber Friday for Friday, July 12, 2024.

Our topic of discussion will be "Hacking the Materiality of a Data Breach: An hour of critical thinking about when a breach is material or not."

REGISTER for 7-12-24 Super Cyber Friday event

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face-to-face.

Thanks to our Super Cyber Friday sponsor, Cyera

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.