10-27-20 - Archaeologists Dig Up the Remains of An Optimistic CISO

View this email in your browser

This week's episode of CISO/Security Vendor Relationship Podcast

Archaeologists Dig Up the Remains of An Optimistic CISO

This week's episode

is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is George Finney, CISO, Southern Methodist University and author of "Well Aware: The Nine Cybersecurity Habits to Protect Your Future". All three of us discussed:

Optimism requires you to admire well-tackled incidents.

Pessimism in cybersecurity is a self-fulfilling prophecy. Cybersecurity can and should focus on wins. A win can be improvement in your security program. A win can be a well-handled incident. A win can also be seeing something you saw this month that you would have missed last month.

"Best of breed" sounds nice, but...

Many large companies will sell a platform solution to solve all your cybersecurity concerns. It can be a simple purchase which often allows room for negotiation on costs. If you have to purchase solutions à la carte, you probably won't be able to have that much room to negotiate. But the big issue with "best of breed" solutions are the costs of integration. It takes engineering resources to make "best of breed" work.

Prove your value by doing the job you want for your current or next employer.

We got a career advice email from a security professional who felt they were being slighted for a CISO position. He was doing the job of a CISO without the title change or the pay. He felt frustrated not knowing his future path and felt he may have to look for another employer. Our CISOs recommended that the person continue to do the CISO work even if he wasn't getting the title change. Either the company would eventually move him up, or the person could show to another employer that he had the responsibilities of a CISO, just not the title, and could make the jump that way.

Special thanks to this week's podcast sponsor, Netskope.

The

Netskope

security cloud provides unrivaled visibility and real-time data and threat protection when accessing cloud services, websites, and private apps from anywhere, on any device. Only Netskope understands the cloud and takes a data-centric approach that empowers security teams with the right balance of protection and speed they need to secure their digital transformation journey.

Cyber Security Headlines

This week's sponsor of

Cyber Security Headlines

is F5.

THIS Friday [10-30-20] We're Hacking Bad Threat Modeling

Please join us on Friday, October, 30th, 2020 at 10 AM PT/1 PM ET for “Hacking Bad Threat Modeling: An hour of critical thinking about the worst ways to identify what could go wrong”.I'll be leading this discussion with Archie Agarwal, CEO, ThreatModeler Software and Adam Shostack, author, "Threat Modeling: Designing for Security".Watch the preview video.

REGISTER

Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where we'll match everyone who shows up with another cybersecurity professional. And we'll do it five times in less than 30 minutes.

Thanks to our sponsor ThreatModeler Software

Subscribe to all our podcasts

Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!