CISO Series Newsletter
Posts
08-20-19 - Like Fine Wine Our Vendor BS Meter Gets Better with Age

08-20-19 - Like Fine Wine Our Vendor BS Meter Gets Better with Age

Like Fine Wine Our Vendor BS Meter Gets Better with Age

August 20, 2019

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of CISO/Security Vendor Relationship Podcast

Like Fine Wine Our Vendor BS Meter Gets Better with Age

this week's episode

Mike Johnson and our guest, Olivia Rose, CISO, MailChimp, discussed:

Cut the BS and get straight to what your service does and what it can solve.

Make sure your product can simply and succinctly answer these three questions:

What does our product/service do?
What specific security problem does it solve?
How will it affect the typical strategic/business drivers for a company?

Change is always difficult. It takes time.

CISOs role is always seen as a change agent. One way to affect change is to explain the benefit individually and to the company. In the past, we've recommended giving all your employees a password manager. Once they understand the value of personal security, it's an easy step to sell them on company security.

Women feel powerless when faced with unconscious bias.

Our guest referred to it as "battling an invisible enemy." It's not always obvious to point out, and because it's unconscious the perpetrators don't realize they're doing anything wrong. There's no best way to deal with it because there never seems to be a good time to approach the subject. And if and when you do, it may come off as unnecessary complaining.

While becoming a new CISO can be overwhelming, other CISOs know what you're going through.

The amount of information and tasks a new CISO imust manage in their first 90 days is worse than drinking from a fire hose. While it can be intense, CISO-to-CISO support and mentoring in the way of Slack channels is critical for survival.

Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Remediant.

Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant’s SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.

Tom Stitt, sr. director, product marketing - security, ExtraHop on cloud security fundamentals

"Man on the Street" video from Black Hat 2019

What Does Trust Mean in Security?

Security is about trust, but there are oh so many definitions of trust as evidenced by my interviews at Black Hat 2019 in Las Vegas. In this video we barely scratched the surface of this subject, but all the varied answers gives you a very clear idea how complicated the subject of trust is, and that there are an endless variety of answers by company and person.

Special thanks to our video sponsor, IRONSCALES

For both security professionals and their end users, we offer a single platform with push-button protection, giving you simplicity and speed for accelerated visibility and control that works from the inside out to protect your organization of any and all types of phishing attacks, especially those that get past traditional secure e-mail gateways.

AJ Nash, director of cyber intelligence strategy, Anomali on the value of threat intelligence

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.