Don’t Make Me Explain This, Because I Can't

Don’t Make Me Explain This, Because I Can't

November 01, 2022

CISO Series

CISO Series Podcast

Don’t Make Me Explain This, Because I Can't

Don’t Make Me Explain This, Because I Can't

Here are the top issues Mike Johnson and our guest Okey Obudulu, CISO, Skillsoft discussed on this week's episode of CISO Series Podcast:Is protecting the crown jewels distracting us from other security concerns? I question whether a security strategy that focuses on protecting the crown jewels is wise or rather miopic. Jesse Lyon of Fuel Cells Works thinks what we're protecting and what the attackers are after are not one in the same. Often there's an attack to cause a major disruption or steal data from many users like with the SolarWinds and NotPetya attacks. My co-host Johnson actually argues that's why you want to know your crown jewels to have both a disaster recovery and business continuity plan in case of such attacks. The "curse of knowledge" limits your ability to explain complicated concepts. "Experts in a given domain often have a hard time communicating with nonexperts. They dive into the weeds; they ignore context; they talk over heads and beyond interest," said an article on MIT Management Sloan School. This is better known as the "curse of knowledge." We all suffer this problem and you have to really work at it if you're going to explain difficult concepts. When I used to appear on a PBS show called This Week in Northern California as a reporter, I would have a list of notes on the topic we were going to discuss, and before the show I would ask my wife to ask me questions. My goal was to by able to answer quickly, simply, and succinctly. It's a good exercise. Try it.How to maintain continuity in your security program. Every time a security leader comes into your environment, they want to have a sense there is a security program in place. One anonymous listener fears their environment is far too confusing. If you find yourself documenting procedures you will simplify. "Documentation is considered painful, but the value you get from documentation, especially as folks come in and out of an organization, that value cannot be overestimated," said Obudulu.Has Rick Astley been cybersecurity's best awareness educator? @snewbill on Twitter argues that Rickrolling has taught more people about not clicking on links you're not sure about than anyone else. Luckily, the damage was a simple laugh. There are other silly and non-damaging training methods. Johnson suggested dropping a post it note (with no comment) on a coworker's unlocked computer. It's a subtle but effective reminder that others can tell when your machine is not locked down.Listen to the full episode. Remember, we have full transcripts of each episode on the blog post.

Thanks to our podcast sponsor, Trend Micro

Trend Micro

What I love about cybersecurity

"What makes the cybersecurity field exciting is often the challenge of solving complex high-stakes problems. Continuous learning is therefore necessary because threats, technologies, and controls keep evolving, so stay curious and keep learning." - Okey Obudulu, CISO, Skillsoft.

Recruiting is a shared responsibility

"I think what we forget and many times what I work very, very hard on is there’s a shared responsibility between the recruiter and us. It’s our job to arm and provide the recruiter with all the necessary things that they need in order to sell the company, and the business, and the culture." - Caleb Sima, CSO, Robinhood

Listen to full episode of

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines

. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Marcos Marrero, CISO, H.I.G. Capital.

Thanks to our Cyber Security Headlines sponsor, Votiro

Votiro

Super Cyber Fridays!

How are DDoS Attacks Evolving?

How are DDoS Attacks Evolving?

Join us this Friday for "Hacking DDoS Trends: An hour of critical thinking  about emerging threats in Distributed Denial of Service attacks." You can watch this preview of our discussion Omer Yoachimik, product manager, Cloudflare. Also joining us will be Chris Grundemann of GigaOm. 

It all begins at 1 PM ET/10 AM PT this Friday, November 4th, 2022. At the end we'll have our meetup.

Thanks to our Super Cyber Friday sponsor, Cloudflare

Cloudflare

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.