- CISO Series Newsletter
- Posts
- We're the Ellen of Cybersecurity Podcasts
We're the Ellen of Cybersecurity Podcasts
We're the Ellen of Cybersecurity Podcasts
This week's podcast episode of the CISO/Security Vendor Relationship Podcast
We're the Ellen of Cybersecurity Podcasts
Co-host Mike Johnson, CISO of Lyft, and our guest Andy Steingruebl, CSO of Pinterest, discuss the following from our live recording in San Francisco:
Stop telling buyers what you're not. A common marketing ploy is to explain what your business is not. Problem with that tactic is that we're more not things than we are things. Unless a prospect asks, don't bring it up.
Have a code of conduct in place and enforce it. A much loved security conference, DerbyCon, is going to be shutting down due to a poorly handled individual who was disrupting the event. DerbyCon organizers did have a code of conduct, but they were afraid to enforce it against this person. As a result, the individual's behavior infected the whole event. Don't let this happen to you. If you're producing an event, have a code of conduct and know who will and how it will be enforced.
Don't replace security with risk reduction. A debate on LinkedIn suggested that we stop saying we're in the security business, because what we're really doing is reducing risk. That may be true, said the CISOs, but forgoing the use of the term 'security' is a very dangerous tactic.
Special thanks to all the sponsors of our live recording of the CISO/Security Vendor Relationship Podcast in San Francisco
The Synack Crowdsourced Security platform delivers effective penetration testing at scale. Synack uses the world’s top security researchers and AI-enabled technology to find what scanners and regular testing do not. It’s used by US Dept of Defense and leading enterprises for better security. To learn more, go to synack.com.
New Context helps fortune 500s build secure and compliant data platforms. New Context created “Lean Security,” a set of best practices designed to help enterprises manage and secure data for critical infrastructure, and offers professional services and a software solution, LS/IQ, to help enterprises build a secure and compliant data platforms for their business.
Create an economical and secure private network for your company with OpenVPN. Used by Fortune 500 companies and IT, Access Server keeps your internal data safe with end-to-end encryption, secure remote access, and extension for your centralized unified threat management. Go to openvpn.net/ciso-series to test drive Access Server for free.
JOIN US IN NEW YORK CITY (Tuesday 2/5)
In exactly one week, February 5th, we'll be doing another live recording of the CISO/Security Vendor Relationship Podcast, but this time in New York City. We're invited guests to the NY Information Security Meetup group, which has more than 4,000 members. My special co-host for that show will be John Prokap, CISO of HarperCollins. Our guest will be Johna Till Johnson, CEO of Nemertes Research. This is yet another free event with food, drink, and a super fun security show. YES, you can have it all! Just REGISTER and then come to the event. We're eager to see you.
Introducing Defense in Depth Podcast
I’m very excited to announce that today is the day we’re launching a new podcast on the CISO Series called “Defense in Depth.”Clear talk on cybersecurity’s most controversial and confusing debates.The show is co-hosted by me and Allan Alford, CISO at Mitel.Each week we’ll choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
This week's episode of Defense in Depth
Security Metrics
Co-host Allan Alford, CISO of Mitel, and our guest Mike Johnson, CISO of Lyft, talk about:
There is no golden set of security metrics.
Metrics you use to measure your security program this year won’t necessarily be the same ones you use next year.
Use the NIST model to determine your security program maturity.
Unlike B2C, B2B companies can use metrics to build a closer tie between security and the business.
Regulations and certifications are one easy way to align security with the business.
Special thanks to this week's Defense in Depth podcast sponsor, Fluency Security.
Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.