- CISO Series Newsletter
- Posts
- 11-26-19 - Rest Assured, We're Confident Our Security Sucks
11-26-19 - Rest Assured, We're Confident Our Security Sucks
Rest Assured, We're Confident Our Security Sucks
This week's episode of CISO/Security Vendor Relationship Podcast
Rest Assured, We're Confident Our Security Sucks
On
, Mike Johnson and our guest Billy Spears, CISO, loanDepot, discussed:
Should companies offer CISOs a golden bullet clause after a breach?
It's a behavior we saw recently with the CISO of Capital One, who was asked to step down after their breach, yet still given a prominent advisory role. Does a golden bullet like this disincentivize CISOs from doing their job? If they know a clause like this is in their contract they could be really bad and still be rewarded.
When can you blame the CISO for a breach?
Often the CISO doesn't have control over a breach. Regardless, they're the first person everyone looks to when a breach happens. Make the decision as to how you're going to investigate and discipline. If you put too much or too little pressure on a CISO they won't be able to do their job effectively.
Is there a disconnect in how security is sold?
Some data suggests that there'e a divide between how confident a CISO is in their security program and how confident salespeople are in selling the company's security capabilities. The problem may stem from a CISO not having a clue how their product is being sold.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, CyberInt.
The high ROI is what makes spear phishing campaigns so attractive to threat actors. Read our breakdown of TA505’s latest series of attacks. CyberInt has been tracking various activities surrounding this and other similar attacks where legit means were used to hack international companies in the retail & financial industries.
2020 Sponsorships!
Here's a summary of a few opportunities we have for sponsorships in 2020.Podcasts: We've got a cool premium offering that greatly extends your sponsorship reach, plus segment sponsorship opportunities.CISO Series Video Chats: Our highly interactive format keeps the audience engaged for the full hour."Topic Takeover": One topic. Lots of media all associated with your brand. Very sticky to search.LAST MINUTE OPPORTUNITY! On December 12th, we'll be doing a live audience recording of CISO/Security Vendor Relationship Podcast at the Evanta CISO Executive Summit in Los Angeles. We just sold out our San Francisco event and we have sponsorships for this LA event.If you're interested in any, just contact me, David AT CISOseries DOT com.
Hacking Humans: Security Has to Be Friendly
If you want security to work at your organization, it needs to be accessible or friendly to your users. If they have to side step any kind of control you have in place, then that security control is going to lose its effectiveness.
My
Defense in Depth
co-host, Allan Alford, and I were invited to be guests on one of our favorite cybersecurity podcasts,
Hacking Humans
. Allan and I talk about security’s usability and how humans end up hacking their systems with no negative intent.
Looking for Cybersecurity Solutions at Dreamforce 2019
about the little cybersecurity presence I discovered at Dreamforce 2019. While you’ll see plenty of talk about Salesforce security at RSA, it’s not the focus for this audience of marketers and salespeople. How do we change that? And should we?
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.