CISO Series Newsletter
Posts
[09-12-23] Is This Just Bad Or “Call The Feds” Bad

[09-12-23] Is This Just Bad Or “Call The Feds” Bad

Is This Just Bad Or “Call The Feds” Bad?

September 12, 2023

CISO Series Podcast

Is This Just Bad Or “Call The Feds” Bad

With new regulation coming at cybersecurity on a regular basis, the industry is seeing increasing requirements for reporting. But outside of disclosures to bodies like the SEC, it can be tough to determine when to handle matters internally, and when to bring law enforcement into your response. Do CISOs even know how to call the feds when things get really bad?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, David Ring, section chief at FBI, Cyber Division.

Advanced persistent threats keep evolving their tactics and targets

The top thee nation-state threat actor trends are focusing on the IT services supply chain, increasingly leaning on zero-day attacks, and using so-called cyber mercenaries. This according to Microsoft’s Digital Defense Report (January, 2023). Given how quickly these groups evolve and change, how relevant have these trends today? What has the public and private sector done to address these issues?

Your staff wants to level up their careers, but they need encouragement to make the journey

Most everyone wants to grow their careers, but often they don’t know opportunity exists or how they would go about doing that, noted Monte Pedersen of The CDA Group in a LinkedIn post. Part of this comes down to the employee’s own initiative, whether acting independently to solve problems, or investing in career development opportunities. But communication plays a major role. For CISOs this can include being clear on expectations and preferences. Encourage staff to build relationships in an organization outside of their immediate team.

Hiring for skills and competencies comes with its own hurdles

Increasingly we’re seeing evidence that job posts calling for a specific amount of years of experience aren’t helpful. In fact, they likely turn away a huge number of good candidates. In government hiring, recent executive orders have pivoted job posting to focus on skills and competencies. This can find a mushy middle when it comes to hiring contractors.

CISOs need to know when to call in the feds

This isn’t a decision that should be made in the heat of a crisis, but rather through a decision making process well in advance. Fortunately, the FBI is here to help. You can contact your local office and an FBI official can come and join you with tabletop exercises. Plus, they have procedures on how to report a cyber incident. This is increasingly vital with increasing reporting requirements now impacting organizations. This will allow a CISO to use all available resources to effectively deal with a situation, and also make sure they are in compliance after the fact.

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Hunters

Who should be listening to CISO Series Podcast?

"Anybody who works for a business and is concerned about the business's reputation and their reliability within that organization should be listening to this podcast and other reputable forms of media where they can learn and think differently about cybersecurity, recognize that they're the ones responsible for their own organization's cybersecurity. It doesn't stop at each employee. We're also talking about CEOs, boards of directors, not just CISOs, CIOs, CTOs, and CSOs." - David Ring, section chief, FBI, Cyber Division

Listen to full episode of

"Is This Just Bad Or 'Call The Feds' Bad?"

Getting Ahead Of Your Threat Intelligence Program

"f you're not getting feedback, you can argue, "Why aren't I getting feedback?" But what you really should be saying is, "If I'm not getting feedback, I'm doing something wrong because they don't know how to provide feedback." Because this is not an area where it's yes or no. Nobody is ever satisfied, but how do you measure success?" - Steve Zalewski, co-host, Defense in Depth

Listen to full episode of

"Getting Ahead Of Your Threat Intelligence Program."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you

to join the LIVE "Week In Review" this Friday for

Cyber Security Headlines

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Davi Ottenheimer, vp, digital trust and ethics, Inrupt.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Capture the CISO!

Become a Contestant On Capture The CISO, Season 2

We are VERY excited to bring back our show Capture the CISO on CISO Series for a second season. But, to do so, we need COMPETITORS! In a nutshell, Capture the CISO is an opportunity for CISOs to interview vendors about their products. And everyone gets a chance to listen in.

CISOs interview three security vendors about their products. They know a little bit about all since they already watched a six-minute demo of each product. All three company products are rated across the variables of innovation, does it fill a need, and can I deploy it? Winners go to the next round.

If you haven’t had a chance to hear it, give a listen to our first mini season.

This show gives our audience an inside ear into the conversations happening between CISOs and vendors.

NOTE: All contestants are sponsors. But you only sponsor once. If you keep winning each round, vendors move on and get even more exposure to our CISO judges and our audience. We’re thrilled to bring back this unique show, and we want you to join us for the ride.

Watch this video as I interview Rich Stroffolino, the new host of Capture the CISO.

If you want to sponsor the show to be a contestant, please contact us.

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.