- CISO Series Newsletter
- Posts
- 08-04-20 - Best Condescending Techniques to Placate Minority Groups
08-04-20 - Best Condescending Techniques to Placate Minority Groups
Best Condescending Techniques to Placate Minority Groups
This week's episode of CISO/Security Vendor Relationship Podcast
Best Condescending Techniques to Placate Minority Groups
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Matt Conner, CISO, National Geospatial Intelligence Agency. All three of us discussed:
Avoid diversity theater performances.
After being caught poorly investing in black-owned businesses and having few if no African Americans in leadership roles, venture capital firms have made quick reactionary attempts at diversifying so as not to appear tone deaf. They've opened tiny funds (comparative to their other funds) for black-owned businesses and have been accused of inflating titles of African American employees. Black entrepreneurs want substantial, not reactionary, changes by VC firms.
Even if you have a password manager, you still have to memorize a few strong passwords.
At bare minimum, we all need to know at least three passwords: One to unlock our computer. One to access our password manager. And one to unlock our phone. So even if you do use a password manager, there are still a few passwords you need to know. Consider using passphrases that only you would know and replace specific letters with symbols in that passphrase.
What can I turn off if I purchase your solution?
CISOs don't want to add more complexity to their environment. They're looking for more ways to integrate and limit the number of tools they have in their arsenal. What does your product supplant that would make a CISO's job easier to manage their environment and reduce costs?
Relationships and patience will get you into the government sector.
If you're not in for the long game, don't play, advised this week's guest CISO who works for a federal agency. Government agencies are well aware that the product evaluation and procurement process takes way too long. Definitely helps if you get a trusted introduction. Honestly, it's really the only way in.
Security through obscurity is not an actual security plan.
Far too many companies don't know whether it hurts them or not to reveal what type of technologies they use in their IT and security environments. To not tell because you fear it will open you up to more risk then you don't have a clear understanding of your risk posture. But if you do tell, then you're sending a beacon to those future employees or security vendors looking to help support your current environment.
Special thanks to this week's podcast sponsor, PlexTrac.
is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.
This Friday [8-7-20] We're Hacking Cybersecurity Marketing
Join us this Friday, August 7th, 2020 at 10 AM Pacific/1 PM Eastern for
"Hacking Cybersecurity Marketing: An hour of critical thinking on best ways to get security professionals to know and care about your product”.
I'll be leading this discussion with Steve Zalewski, deputy CISO, Levi Strauss, and my co-host for
Defense in Depth
podcast, Allan Alford.
Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.
Highlights from Defense in Depth
Best Moments from "API Security" Episode
highlighting three of the best moments from the "API Security" episode of
Defense in Depth
.
Thanks to our sponsor, Salt Security.
protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.