08-25-20 - The "Do What We Tell You" Technique Isn't Working

The "Do What We Tell You" Technique Isn't Working

August 25, 2020

This week's episode of CISO/Security Vendor Relationship Podcast

The "Do What We Tell You" Technique Isn't Working

The "Do What We Tell You" Technique Isn't Working

is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Michelle Valdez, CISO, OneMain Financial. All three of us discussed:

Care more about users.

We spend far too much effort trying to communicate the importance of security and getting people to care about it, that we lose sight of the need to secure users and data. What if we cared more about users and understood why they don't embrace security as much as they should? How can we sympathize with what they're doing so that we can work security into their flow, rather than getting them to operate into security's flow?

Minimize the surprises before you accept a job.

You're not going to know everything about the security environment you inherit even if you ask all the right questions. But, first do ask questions. Don't leave it up to surprise when you arrive. And when they don't know the answers, their response as to how those answers will be found will be very telling as to how disastrous the situation may be.

Should you split the CISO's responsibilities?

Our guest splits her responsibilities with another security leader. She handles the people and process, and her counterpart handles the technology. The CISO's job is overwhelming and with a clear division of labor this could make the tantamount job more manageable.

Special thanks to this week's podcast sponsor, PlexTrac.

PlexTrac

PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.

Cyber Security Headlines

Cyber Security Headlines - 08-25-20

This week's sponsor of

Cyber Security Headlines

is Trend Micro

Trend Micro
Lee Parrish, CISO, Hertz on innovative patching

This Friday [8-28-20] We're Hacking Cyber Diversity

Join us this Friday, August 28th, 2020 at 10 AM Pacific/1 PM Eastern for

“Hacking Cyber Diversity: An hour of critical thinking on hiring diverse staff and using that to improve security and your competitive advantage”

.

I'll be leading this discussion with Jules Okafor, CEO and founder, RevolutionCyber and Christina Morillo, security engineering, Microsoft and chapter lead for Women in Security and Privacy (WISP)

Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.

Ian Amit, CSO, Cimpress on company culture

Subscribe to all our podcasts

Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!