[08-01-24]--Join us tomorrow for “Hacking CISOs”

Author

Aaron
August 01, 2024

Super Cyber Fridays!
Join us TOMORROW, Friday [08-02-24], for "Hacking CISOs"

Hacking CISOs

Join us Friday, August 2, 2024, for “Hackings CISOs: An hour of questions for our CISOs.”

It all begins at 1 PM ET/10 AM PT on Friday, August 2, 2024 with guests Steve Zalewski, co-host, Defense in Depth and Bil Harmer, operating partner and CISO, Craft Ventures. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Defense in Depth
What Is a Field CISO?

What Is a Field CISO?

We’re increasingly seeing the industry fill up with field CISOs. Why is the CISO out in the field? Is this a sales position? A consulting position? Or is it a CISO role? What does that role entail?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Bil Harmer, operating partner and CISO, Craft Ventures.

A time and a place for Field CISOs

A good way to start addressing “what is a field CISO” is to first think about the lifecycle of the role.  "Just like CISO-in-residence should be a temporary role for a CISO, so is the field CISO. In this role, CISO continues to use their experience to translate real CISO customer needs into language that sales can understand." said Dmitriy Sokolovskiy of Semrush. For Phil Venables, CISO, Google Cloud, he finds the term introduces more confusion than it solves: "I have a team we call our ‘Office of the CISO’ who are former CISOs from multiple sectors and geographies who work with our customer CISOs, CROs, CEOs, boards, etc. We don’t describe them as field CISOs."

This isn’t a new role

While listings for field CISO positions suddenly seem to have cropped up over the last few years, the functions of the role aren’t new. "I've seen the position operate as a sales/architecture position for individuals that have had previous CISO operational expertise. It feels like a non-contract version of a virtual CISO," said Michael J. Levin, deputy CISO at 3M. Sanjeev Pradhan of Capita finds the role to be a bit more aspirational, saying,"[Field CISO] refers to an open door policy in the security world. They want to step out of their comfort zone and be on the field to understand the challenges faced by everyone in the security arena. The role looks to be a new door for the security world which aims to bring in more visibility, accountability, accessibility, responsibility, and proactiveness."

Consulting the Field CISO

One of the biggest areas of agreement with a field CISO role is that it allows those with CISO experience to go deep into the consulting side of the discipline. "It's a way for an actual CISO to step out of an operational role and move into a consultative role that still gives them a title commensurate with their experience in the role. It provides a consultative role that doesn’t diminish what they’ve already done in their career," said Larry Whiteside Jr., CISO at RegScale. 

For Ira Winkler at CYE, the role isn’t directly tied to sales but can have a positive impact on a sales relationship. "As a field CISO, my job is consultative to make sure requirements are met. Yes, this helps sales be more targeted, but it is more of a trusted partner role to serve as an advisor with specific regards to the products, but also in my case as a friend, they go to for by other concerns as appropriate."

Words mean things

Part of the confusion or apprehension around the role of Field CISO comes from how we’ve previously seen the vCISO role stretched to mean almost anything. The industry finally has reached a firm idea of what the CISO role entails, it’s understandable to be protective of that. "The word 'CISO' captures attention and implies knowledge, credibility, and trust. However, the role in itself should be held apart from the sale and marketing of software. I know so many great CISOs and so many unqualified vCISOs, many who have never been CISOs and likely would fail at the role within an organization. It's being used in ways that the title wasn’t meant to signify, which reduces its inherent value," said Juliet Okafor of RevolutionCyber.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Cyera

Cyera

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

CSH-Week In Review- Dennis Pickett, vp, CISO, Westat

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Dennis Pickett, vp, CISO, Westat.

Thanks to our Cyber Security Headlines sponsor, Dropzone AI

Dropzone AI
The Challenges and Responsibilities of CISOs with Halcyon

We're seeing increasing pressure and anxiety put on the CISO role, as legal and regulatory pressure seems to single out people in these positions. This leaves CISOs with a lot to balance, from regulatory issues and the need for authority and empowerment to compensation and D&O coverage. Navigating this requires open communication with corporate HR and legal departments to ensure CISOs are protected and aligned with company interests, says Ben Carr, advisory CISO, Halcyon. It's more important for prospective CISOs to be their best advocate, consulting employment attorneys and seeking assurances at the time of hire.

Huge thanks to our sponsor, Halcyon
Halcyon

Cyber chatter from around the web...
Jump in on these conversations

"Antivirus: Essential tool or outdated tech for Cyber Pros?" (More here)

"QSA Says we Can't Provide Public WiFi" (More here)

"What is best practice to prevent man in the middle compromising emails?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

  • [08-02-24] Hacking CISOs

  • [08-09-24] No show

  • [08-16-24] Hacking the Demo

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.