View this email in your browser

CISO Series Podcast

Please Take Some Pens and Our Company Data On Your Way Out

Every company deals with off-boarding employees. Yet it feels like many organizations make basic security mistakes in this process. Is it just a case of HR and IT being out of sync, or is this an inevitably leaky process? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our special guest Lorna Koppel, CISO, Tufts University.  

New CISOs get flooded with advice.Coming into a new program, a new CISO can fall into risk analysis paralysis. Rather than get caught up trying to create a perfect plan for a new organization, focus on getting a few quick wins while you figure out your longer term initiatives. Getting quick results helps get buy-in from the organization. There are fantastic communities online for CISOs to ask questions and get advice, but nothing beats building relationships with trusted people to get quick feedback. 

Off-boarding employees can on-board risk.Some of this comes down to access. When employees leave the company they will often retain access to SaaS apps for days or weeks. But outside of any type of provisioning for ex-employees, off-boarding also risks institutional knowledge walking out the door. This can come from a new boss not realizing how intertwined an employee is across different aspects of the business. These employees can return as contractors, but now with the added complication of an oppositional relationship. 

Applying for a job is a lost art. Putting out a job posting can result in a lot of truly baffling submissions. Some of this comes down to people just applying for jobs en masse, others doing requisite submissions. Resumes remain important because outside of a prior interaction, they’re how you cut down on the pool of candidates. Once over that hurdle, interest and capability for a position trumps almost anything else on that resume. Each step of the process from that point on helps further determine those qualities to help make the final hiring decision. 

Punishing employees for using unsafe tools is a bad strategy.It’s easy to blame people for getting phished by clicking on an email link. But forcing remedial training for that behavior ignores the insecure design of the underlying platform. Modern email clients make it look like all the sharp edges have been worn away, but they’re still there. When an employee’s job requires them to click on emails from people they don’t know, you can’t use a stick on them when the link turns out to be malicious. This is where security is required to come up with a better solution.

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, LimaCharlie

Best advice for a CISO...

"Take time each week to put your feet up on your desk and look out the window. Problem is that might be an interesting image you set, but it's one that's going to pay back in the future." - Lorna Koppel, CISO, Tufts University

Listen to full episode of

"Please Take Some Pens and Our Company Data On Your Way Out"

How Do We Influence Secure Behavior?

"I think the only way to get meaningful change in behavior is to bring people with us on this journey. And that's the why. That is why that's so important. And especially where criminals are using behavioral psychology to target people, to trick them into this. We have to use the same to bring them out of that mindset, and especially to make the most out of training opportunity, to use it on real threats that people receive." - Jack Chapman, vp, threat intelligence, Egress

Listen to full episode of

"How Do We Influence Secure Behavior?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

No Week in Review show this week. For our U.S. listeners, enjoy the long Labor Day weekend.

Live!

CISO Series Podcast LIVE in Nashville 09-11-23

We’re just a couple weeks away from our live recording of the CISO Series Podcast at the 2023 Global CISO Executive Summit hosted by Evanta in Nashville this year. This video will give you a little preview of what you’ll see. This is guaranteed cyberfun with my guests Allan Cockriel, CIO and Group CISO, Shell and Mary Rose Martinez, vp, CISO, Marathon Petroleum.

Here’s the basics of what you need to know.

WHEN: September 11th to 13th, 2023 (We’ll be the opening night entertainment on September 11th, 2023)

WHERE: Four Seasons Hotel Nashville

HOW TO ATTEND: If you’re interested in attending, you’ll need to apply. It’s an exclusive event catering to security leaders working at enterprise organizations. If that describes you and you’re not a vendor, please fill out the registration form.

Live!

Join CISO Series at Nexus '23 in Miami (10-11-23)

Check all of the following if they apply to you:

• I live near or around the area of Miami, Florida (OR I want to go).

• I'm in cybersecurity and I'm especially interested in physical systems.

• I'm a huge fan of CISO Series.

If ALL of those apply to you (or at least two), then you are required (that means it's not elective, it's mandatory) to attend Claroty's conference Nexus '23 happening October 10th-12th, 2023 at the Loews Hotel in Miami Beach.

This event is a three-day summit focused exclusively on securing Cyber-Physical Systems (CPS). We're talking critical infrastructure. And CISO Series will be there recording an episode of CISO Series Podcast in front of a live audience on October 11th, 2023.

Joining me on stage will be Adam Zoller, svp, CISO at Providence.

If you want to go, you need to apply to attend. And you can do just that over on the Nexus '23 site.HUGE thanks to our sponsor, Claroty

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.