View this email in your browser

CISO Series Podcast

If You Care About Security, Maybe This Guilt Tactic Will Work

Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our special guest, Jeff Hudesman, CISO, Pinwheel.

Hardening environments is both well understood and a persistent challenge.Hardening is “the process of securing a system by minimizing its attack surface,” said Rachael Rocha of SAIC. But organizations can’t think of this as just building walls around points of entry. Especially in a world of instantly provisioned cloud resources, hardening needs to consider the entire attack path. “It comes down to having several tiers of defense and letting staff know they're working with security teams,” said Jeff Hudesman. 

How can vendors better engage with a CISO?We batted around what CISOs do and don’t appreciate. Far too often, vendors fall into traps like relying on Salesloft sequencer to send follow up emails or forcing CISOs to listen to their sales narrative after they’ve already bought in. In that moment, vendors should focus on actively listening to how a CISO is reacting to a sales pitch, and provide useful content like webinars that aren’t just focused on selling. 

Let’s pick up the pieces of a security catastrophe.A high school in Illinois recently reset all student passwords, changing everyone’s password to “Ch@angeme!” This exposed everyone’s account. The right move would have been to ask students to change passwords upon their next login. Unfortunately, someone poorly trained in cyber didn’t do the right thing and made a serious mistake. If you had to clean up the mess, what would you do? A key would be an incident response process to determine which students accessed PII. But being transparent with the school is key. “This is a prime opportunity to teach these high school students how hard cybersecurity is,” said Any Ellis.

Boards want cybersecurity experience, but very few CISOs qualify.A recent study by IANS Research found just 14 percent of CISOs qualify as “ideal” candidates for board seats. Such a small group to choose from while 90 percent of companies lack a board director with cyber experience. Outside of the criteria used to determine an “ideal” board candidate, if CISOs are interested in a board seat later in their career, networking is key. Andy Ellis recommends regular appointments to talk to board members to become a trusted advisor on security issues. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Balbix

Best advice for a CISO...

"So, we all know how important it is to build strong relationships with departmental leadership as well as key ICs [Phonetic 00:00:07] as a CISO, but there are also some other things that are really important as a CISO. You want to create company culture of security, get endorsement and buy-in, and also it'll help with interdepartmental incident response." - Jeff Hudesman, CISO, Pinwheel

Listen to full episode of

"If You Care About Security, Maybe This Guilt Tactic Will Work."

Security Concerns with ChatGPT...

"I think awareness of this issue is low. And it is different than other cases that we have seen over the years in that when you upload your information to these tools, it’s not just within your account. These tools will retain only information you uploaded to them. So, there is definitely a new risk and a new level of awareness that needs to be gained to be able to use these tools securely." - Suha Can, CISO, Grammarly

Listen to full episode of

"Security Concerns with ChatGPT."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Gerald Auger, Ph.D., chief content creator, Simply Cyber.

Thanks to our Cyber Security Headlines sponsor, Hyperproof

Live!

PREVIEW: CISO Series Podcast LIVE in Washington, DC 9-6-23

Here’s a preview video of the live audience recording of the CISO Series Podcast at the Convene conference in Washington, DC. Joining me on stage will be Rob Duhart, deputy CISO for Walmart, and Aaron Hughes, CISO of Albertsons.

WHEN: Convene conference runs from September 6th to 7th, 2023. We’ll be the afternoon entertainment on September 6th with our recording at 3:00pm ET. Then join us for the CISO Series live game show on the 7th at 5:00pm ET. Stick around afterwards for their social gathering to help celebrate 20 years of Cybersecurity Awareness Month!

WHERE: The Watergate Hotel, 2560 Virginia Ave, NW, Washington, DC 20037

Discount code: CISOSERIES

>> REGISTER for the event here <<Huge thanks to our sponsor, KnowBe4

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.