CISO Series Newsletter
Posts
07-28-20 - How to Tell If Your CISO Sucks At Their Job

07-28-20 - How to Tell If Your CISO Sucks At Their Job

How to Tell If Your CISO Sucks At Their Job

July 28, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of CISO/Security Vendor Relationship Podcast

How to Tell If Your CISO Sucks At Their Job

This week's episode

is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Lee Parrish, CISO, Hertz. All three of us discussed:

How to handle a CISO who is more self-interested in their industry status than securing the company.

We have talked about our distaste of the security industry lauding praise on industry rock stars. One listener feared their CISO may be spending more time focusing on the 'visionary' prize rather than what needs to be done, the boring security basics. If your CISO is doing this, maybe steer them to the CIS Top 20 and, if you can, show them one or two new innovative ways to tackle these old problems.

Security can understand the business by inviting themselves into the business.

This means do your best to understand the most minor details and all positions at a company. If you see how all roles are interacting with technology, you'll better understand how security can fit into their day-to-day workflow.

When there's redundancy in tools, a third one could enter to replace both.

Whenever there's an overlap in tools, which can often happen after a merger, it's a chance to reexamine the tools you have. The factors to consider are the effectiveness of the tools, the cost, and how well they integrate with other tools. It's also a time to look at a new vendor that could possibly displace the two incumbents.

Special thanks to this week's podcast sponsor, Keyavi Data.

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at

keyavidata.com

Mike Johnson on sometimes bending for security theater

This Friday [7-31-20] We're Hacking AWS

Join us this Friday, July 31st, 2020 at 10 AM Pacific/1 PM Eastern for

"Hacking AWS: An hour of critical thinking on how to assess the risks of AWS configurations”.

I'll be leading this discussion with Trevor Hawthorn, managing partner, Stratum Security and Jon Ehret, vp of strategy & risk, RiskRecon.

REGISTER

Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.

Huge thanks to our sponsor

RiskRecon

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.