CISO Series Newsletter
Posts
CHEAT! Best Practices to Win at Monopoly and Security

CHEAT! Best Practices to Win at Monopoly and Security

October 16, 2018

CISO | Security Vendor Relationship Series

This week's podcast episode

CHEAT! Best Practices to Win at Monopoly and Security

Like Monopoly, the Best Way to Win at Security is to Cheat

What you'll learn:

On this week's podcast, co-host Mike Johnson, CISO of Lyft, and our two guests Ahsan Mir, CISO, Autodesk and Geoff Belknap, CISO, Slack discuss the following:

Cybersecurity is a lot more than just an IT problem. Executives not in security often pigeonhole the division's function to just that of IT. While some aspects of security can be solved with security, some cannot as they're internal and behavioral threats, malicious and unintentional. The other issue is to stop looking at security as a "problem." If you understand that it's a risk management issue, it can generate value for the business.

CISOs must align their priorities with the business. If you want to survive as a CISO, you must build a risk profile that is in tune with how the business, not your security department, manages risk. You can't be successful as a CISO if you can't understand the importance of having good relations with the business. You actually have to put a significant amount of work in building those relations.

There are no stupid users, just non-empathetic security professionals. Wise words from Ahsan Mir who reminds us that people make mistakes. It's human nature. You can't build a security program assuming that people will not make mistakes. If in fact your threat model can't withstand the failure of a human, then you have a bad security model.

Non-linear and critical thinking are key to being a successful security professional. While debating which games are the best preparation for a career in security, the discussion of breaking the rules just to win was seen as a plus to thinking like a security professional.

Find a way to tie business wins to InfoSec. So that the cybersecurity team doesn't feel neglected, it's important for the CISO to communicate the role of security to the rest of the organization, the services they provide, and how they're integral to the success of the business.

Buy employees a password manager for their home use. Mike Johnson suggests this extremely simple offer to help all staff members understand the value of the security team.

Support the Electronic Frontier Foundation

What will the Trump administration do to protect your digital privacy?

What do you think the Trump administration will do to protect your digital privacy?

Special thanks to this week's sponsor, the

EFF (Electronic Frontier Foundation)

, a non-profit tirelessly fighting for your digital privacy. Mike Johnson and I are big fans of the EFF. We ask our fans to do what they can to support the EFF.

Last year, Spark Media Solutions, showed our support by producing a few videos for the EFF.

Here's a "man on the street" video

we produced at RSA. In the video, we asked attendees, "What do you think the Trump administration will do to protect your digital privacy?"

PODCAST SOLD OUT FOR 2018

We're excited to announce that the CISO/Security Vendor Relationship Podcast has sold all our sponsorships for 2018.But don't fret! We will be opening up sponsorships for 2019 very shortly and we are still offering sponsorship opportunities in 2018 around articles, videos, webinars, and this very newsletter.If you're interested in 2019 podcast sponsorship or any of the other opportunities in 2018 connect with me on LinkedIn or REPLY to this email.

CISOseries.com is STILL ONLINE!

I know, I know. I was just shocked as you to find out that after one week, the brand new home of the CISO/Security Vendor Relationship Series and Podcast is still on the Interwebs. If you haven't been there yet, you can find it at:

CISOseries.com

If you're new to the series and podcast, all the content is evergreen, so feel free to come and binge all the great articles, videos, podcasts, and newsletters.

And if you haven't already seen it, check out the

welcome video

which includes a short introduction to the history and mission of the CISO/Security Vendor Relationship Series and podcast.

SUBSCRIBE TO THE PODCAST

Got a podcast catcher? Search for "CISO" and chances are you'll find the CISO/Security Vendor Relationship Podcast. If it doesn't come up, go ahead and click on any of these links to subscribe to the feed.

If you're already a subscriber, THANK YOU! If you like the show, please tell all your friends on social media and write a review on iTunes.