View this email in your browser

CISO Series Podcast

We Got This Far Without Hiring a Prompt Engineer

How is knowledge of generative AI going to change what type of expertise we need?Will we be hiring prompt engineers in a few years? Right now there seems to be a benefit of having a generative AI domain expert for some organizations. Or will it become like putting "search engine proficiency" on your resume?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Suresh Vasudevan, CEO, Sysdig.

The new SEC rules will impact company boards

Most company boards and executive leadership teams lack cybersecurity expertise. This means the new SEC security incident requirement could be a big opportunity for CISOs to join those ranks, argues Marc Solomon of ThreatQuotient in a piece for SecurityWeek. But Mike Johnson cautioned that the new rules don’t require CISOs on the board. Rather they require more formal governance of a cybersecurity program. Boards need business expertise foremost. So CISOs who want to join them should work to consistently connect their cybersecurity acumen to wider business goals. 

Is security monoculture a problem? 

We’ve seen a rash of recently exploited vulnerabilities in Azure Active Directory. It’s a warning of just how dangerous it can be to rely on a single system for business operations. A recent post from Adam Meyers at CrowdStrike raises concerns about this being indicative of a cybersecurity monoculture. Part of this is driven by the convenience of investing in a single platform. But the reality is many organizations don’t have the staff or budget to acquire expertise across multiple platforms. Of course this isn’t the first time we’ve worried about security monoculture as an industry. Ultimately for the cloud, while they will have security issues, all three major providers offer solid track records, likely better than any on-premise option. 

Maturing the cloud security conversation

Ask any cloud provider about security and usually the conversation falls back to detection. The conversation typically goes right over prevention. For Mike Johnson, if cloud providers do talk prevention, it usually revolves around access management. On the other side of the coin, once a cloud incident does take place, often detection tools fall short of giving security teams meaningful information on how an attacker is moving in your network, according to Suresh Vasudev. Traditional XDR solutions aggregate logs in a centralized place, but these approaches can make it hard to get real-time insights into an attack. 

Understanding the generative AI employment landscape

So much of generative AI is an emerging use case. Employment around it is no exception. As Cameron Shackell pointed out in a piece for The Conversation, we’ve seen various domain experts in the subject pop up as potential job roles. The most popular for a while might have been prompt engineer. Right now Mike Johnson sees this as becoming more of a skill than a dedicated role. While there may be the generative AI equivalent of search engineer optimization with dedicated practitioners, this skill seems like it will become common across a wide variety of roles. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Sysdig

CISO Series is going to Austin for Cyber Marketing Con

We are super excited to be sponsoring and presenting at Cybersecurity Marketing Society's Cyber Marketing Con happening from December 10-13, 2023 in Austin, TX. This is going to be an awesome opportunity to learn from other marketers. 

CISO Series is super excited to be sponsoring, and we're going to be hosting a really fun workshop on December 11th, 2023 called "Business Networking Pickup Lines." No one sits during this workshop where all attendees will learn how to be a professional business flirt.

Please register and join us!

Best advice I ever got in security...

"When the underlying technology changes you have to rethink the relevance of your security approach and your security product, or you could really become obsolete." - Suresh Vasudevan, CEO, Sysdig

Listen to full episode of

"We Got This Far Without Hiring a Prompt Engineer."

Mitigating Generative AI Risks...

"When it comes to AI and having a safe space, it really just comes down to how you want people to use it....But what I really find is that we usually lump large language models into one category, but I see them in at least two. You have the one that we talk about, the public models like ChatGPT, Dalle, and Bard. But there’s also the private models that organizations are exploring using their own data in the public cloud usually, and they each have their own risk profile and associated mitigations." - Jerich Beason, CISO, WM

Listen to full episode of

"Mitigating Generative AI Risks."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Andy Ellis, operating partner, YL Ventures and co-host of

CISO Series Podcast

.

Thanks to our Cyber Security Headlines sponsor, Barricade Cyber Solutions

Super Cyber Fridays!

How Do Organizations Define Cyber Resilience?

While cyber resilience remains challenging, there are a set of core principals emerging around impact and importance to the business explained Brian Spanswick, CISO/CIO of Cohesity in this discussion. This is a preview of our Super Cyber Friday event that’s happening this Friday, December 8, 2023. Our topic of discussion will be “Hacking Cyber Resilience: An hour of critical thinking of shifting the risk conversation to maintaining business continuity during a cyber attack.”Watch the video>> REGISTER for 12-08-2023 Super Cyber Friday event <<

Also joining me and Brian will be TC Niedzialkowski, CISO, Nextdoor.It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we’ll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!

Thanks to our Super Cyber Friday sponsor, Cohesity

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.