View this email in your browser

CISO Series Podcast

We Can Name 50 CISOs. Let’s Give Them an Award!

If you search online, you'll find no dearth of lists claiming to rank the top security leaders. The question is, how do these actually get created? Most of the time, these lists include CISOs from the biggest companies, those who post a lot on social media, or mostly it’s just the first 50 CISOs the person creating the list can think of. There doesn’t seem to be any kind of objective criteria. These lists serve the interest of boosting the credibility of the publisher, rather than being based on any kind of rigor. Is there any way to make these lists anything but fluff? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest Janet Heins, CISO, iHeartMedia.

Is cybersecurity unsolvable?

Is cybersecurity an unsolvable field, asked Jennifer Ouellette of Ars Technica. This came out of a conversation with Yale Law School Professor Scott Shapiro, who characterized this as a fundamentally human problem. Andy Ellis views it as a design discipline with both technical and human components. Hopefully that bifurcation will eventually fade, said Janet Heins, “Someday the discipline can go away and it's actually embedded and not considered.”

The C in CISO could stand for “communication”

Are CISOs unique in the C-suite for having to be great translators, asked Jason Saputo of Fantom Corporation. They often have to make technical concepts understandable to the business. “I've seen the CIO for sure having to build those similar relationships and really understand the business,” said Janet Heins. Part of this comes from how security and IT interact with the rest of the business. While Legal and Finance departments have technical workers that require translation, often the rest of the business comes to them. But everything boils down to risk for everyone. Risk is every department’s universal touchstone.

Ranking CISOs is a rank practice 

​​Lists of top CISOs are everywhere, but what do they actually tell us? Beyond great SEO fodder and name dropping, it can be hard to figure out what criteria to use even if you wanted to create a credible ranking. “We need to embrace and celebrate the heroism of people who can make boring happen,” said Andy Ellis. He wants to see a list of “clean-up” CISOs that made troubled organizations boring again. The problem is most organizations don’t make the information needed to properly rank CISOs public. If we had access, looking at CISO’s ability to mature their organization would be a good starting point, said Janet Heins. 

It’s time for “CISO Queen for a Day!”

If you had a one-time injection of funds to your cybersecurity budget, how would you choose to spend it for the most impact? That’s the question raised on the cybersecurity subreddit, after they received a $500,000 state grant. One way to spend it could be sending downstream to teams that are impacted by information security changes. Other options were to bring in more staff, maybe that doesn’t report to the CISO. “Odds are there's a team that is the most broken team that everybody's been covering for because they don't have enough people or the right tools,” said Andy Ellis. He found having staff suggest how to spend it without benefiting their department directly is a good way to find that team. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, LimaCharlie

What I love about cybersecurity...

"I really love to learn from them. I find that I learn which vendors really understand the business or really want to understand the business that I'm in, and which vendors just want to sell a product. I learn where the market is consolidating and where it's expanding. So I think that's the gist of it is I learn from them." - Janet Heins, CISO, iHeartMedia

Listen to full episode of

"We Can Name 50 CISOs. Let’s Give Them an Award!"

How to Manage Users' Desires for New Technology...

"It might be a paradigm shift for our business, for technology in general, but for security people it's all about bringing it back to fundamentals. In this case, we already have some pretty strong patterns we can follow to protect data, to assess third-party risk and services. The new part is really learning to protect our own AI models. I think we're going to figure this all out, but here we are again. And mark my words, we'll be here again in five years when the next thing is here." - Geoff Belknap, CISO, LinkedIn

Listen to full episode of

"How to Manage Users' Desires for New Technology."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Bob Schuetter, CISO, Ashland.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Super Cyber Friday!

Join us Friday [10-06-23] for "Hacking Container Security"

The only reason one has problems with containers is not because containers aren’t inherently insecure, it’s just yet another paradigm you haven’t yet learned how to secure. In anticipation of our Super Cyber Friday event happening this Friday, October 6th, 2023, Mackenzie Jackson, developer advocate for GitGuardian and I chatted about why containers have become such a hot cybersecurity hot button.Joining me and Mackenzie for our discussion “Hacking Container Security: An hour of critical thinking about how to shine a light into an image’s black box” will be David Cross, CISO, Oracle SaaS Cloud.

REGISTER for 10-06-23 Super Cyber Friday event

Thanks to our Super Cyber Friday sponsor, GitGuardian

5 Year Anniversary!

Celebrating 5 Years of CISO Series and Your Career in Cybersecurity

Five years ago today I launched CISOseries.com as a business. Our first podcast had been running a few months, hosted on another cybersecurity platform, and given its popularity I realized this show could have a life of its own. That's why I launched our own site. At the time, the brand and podcast was known as CISO/Security Vendor Relationship Series/Podcast. Kind of a mouthful, but it took me a number of years to just shorten it to CISO Series.

I'm so proud to show this video, shot at Black Hat 2023, where I interviewed fans I ran into on the show floor and I simply asked them, "What has CISO Series meant to your career?" We're all pretty excited to show off the results.

BTW, expect to see a lot more. There was a lot left on the cutting room floor still worth showing. Stay tuned.

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.