09-12-19 - Learn to Speak CISO in 30 Days

Learn to Speak CISO in 30 Days

September 12, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Top CISO Communication Issues

Defense in Depth: Top CISO Communication Issues

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest Mark Eggleston, CISO, Health Partners Plans, discuss:

  • Communications starts with engaging people where they work. CISOs can't have any long-term success selling fear, uncertainty, and doubt (AKA "FUD").

  • CISOs need to focus on people skills. If a CISO is going to be rolling out a solution it's going to be in his/her hands to get others to adopt. Successful CISOs integrate the community into their thinking.

  • While CISOs want to be proactive, you can't be purely proactive or reactive. There's always a blend.

  • The best start for a CISO is to get the C-suite and board to listen and understand.

  • Not only do CISOs need to have conversations about risk, they need to document it and revisit it.

  • Look at where the company is making money by examining the 10-Q report. See where you can apply risk analysis to all of those revenue streams.

  • Whenever a FUD-like headline appears, the C-suite and board will see it. Don't let them fall into the trap of absorbing the hype. CISOs need to show how they're handling such situations and how they would if something similar happened to them.

  • Top issues for CISOs include having a clear understanding of who owns what risk. And more importantly, individual contributors should acknowledge their specific role in the overall security program.

Special thanks to this week's Defense in Depth podcast sponsor, Varonis.

The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.

Allan Alford on cybersecurity excuses

WEBINAR (09/20/19): Are Cybersecurity Sales Incentives Helping or Hurting the Industry?

In this round table video conversation we’ll discuss what are the current incentive structures for cybersecurity sales. How do salespeople take on that charge at different levels within the organization? What is working and what should be thrown into the garbage? Is there something new that should be measured, and how can long term successes be better quantified?WHEN: Friday, 9/20/19 at 10 AM Pacific/1 PM EasternModerator: David Spark, producer, CISO SeriesPanelist: Carl Wright, chief commercial officer, AttackIQPanelist: Manooch Hosseini, client director, OptivAnd YOU!The CISO Series round table webinars are an open discussion where we welcome all viewers and listeners to become participants. Please get your webcam and microphone ready and if you have a question or comment at any time during the discussion, let it be known in the chat room and our producer will do his best to get as many of you into the conversation.

Aanchal Gupta, head of security, Calibra at Facebook on trust being eroded after a breach

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.