- CISO Series Newsletter
- Posts
- 12-08-20 - When Should You Stop Trusting Your CISO?
12-08-20 - When Should You Stop Trusting Your CISO?
When Should You Stop Trusting Your CISO?
This week's episode of CISO/Security Vendor Relationship Podcast
When Should You Stop Trusting Your CISO?
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is James Dolph, CISO, Guidewire Software. All three of us discussed:
Do you stop trusting a CISO if they don't have the tech chops?
, set off a feverish debate as to how much technical know-how a CISO should have, and how in step should they be with their technical capabilities. Some CISOs come with no hardcore technical background, and as we've seen the CISO role varies greatly from company to company. Farooq Mohiuddin of McCarthy Tetrault summed up the argument well: "The CISO shouldn't be the technical SME in the room. They should have enough technical skills and experience to not only communicate and evaluate their team's recommendations, but also to call out bullsh*t when they see/ hear it."
First time CISOs bring their past security approach to the job.
Our guest James and my co-host Mike Johnson both worked at Salesforce prior to landing their first CISO jobs. Given their focus at their job, product security vs. engineering respectively, they approached their jobs from varying viewpoints. For James, he was filled with pent up energy, eager to apply everything he learned and felt strongly about to his new CISO role.
Criteria for choosing a phishing solution varies greatly depending on your mail system.
For example, if your business is using a Microsoft Office environment, there will probably be lots of malicious macros floating around and a phishing solution that provides a safe detonation space would be valuable. A smaller organization where people wear lots of hats would want to focus on a solution that deals with spoofed email addresses (BED or business email compromise). And is your solution on premise or hosted in the cloud? More and more companies are gravitating towards GSuite and Office365, and as a result the phishing providers are working with their APIs. Pure in-band phishing solutions are starting to fade.
Special thanks to this week's podcast sponsor, Dtex.
Traditional Employee Monitoring solutions are creepy. Capturing screenshots, recording keystrokes, monitoring web browsing and following social media activities is unnecessary and damages culture. DTEX InTERCEPT is the first and only solution that delivers the real-time workforce monitoring capabilities today’s organizations need and employees will embrace. Learn more at dtexsystems.com.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is Code42.
This Friday [12-11-20] We're Hacking SaaS Security
Please join us on Friday, December 11th, 2020 at 10 AM PT/1 PM ET for “Hacking SaaS Security: An hour of critical thinking on cloud application policy, monitoring, detection, and response”.I'll be leading this discussion with Elena Kvochko, Chief Trust Officer, SAP Ben Johnson, co-founder and CTO, Obsidian.Watch the previewREGISTER
STICK AROUND FOR THE CYBERSECURITY SPEED DATING!
Immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where we'll match everyone who shows up with another cybersecurity professional. And we'll do it five times in less than 30 minutes.
Thanks to our sponsor Obsidian
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
