- CISO Series Newsletter
- Posts
- If At First You Don't Succeed, There's Always Blackmail
If At First You Don't Succeed, There's Always Blackmail
If At First You Don't Succeed, There's Always Blackmail
This week's podcast episode of the CISO/Security Vendor Relationship Podcast
If At First You Don't Succeed, There's Always Blackmail
Co-host Mike Johnson and our guest Branden Newman, CISO, Adidas, discuss the following:
Threatening a CISO will get around. When vendors alert CISOs to what they determine to be a corporate breach, it can ride the line between a friendly heads up to outright blackmail. If that alert turns into a threat of publicly releasing information, the best a vendor can hope for is short-term attention and engagement. Threats don't breed trust and that CISO will never engage again and more importantly, they will tell all their CISO friends. Be wary of the "heads up" technique. If taken the wrong way it can backfire and cause extreme reputational damage.
Grateful for the new acceptance of "back to basics" security awareness. We've been talking about this for quite some time, but now we're seeing a renewed appreciation of good 'ole fashioned basic security fundamentals. Kudos to the rest of the security industry.
Security controls first, then risk-based security. All security programs should start with a basic controls framework, such as CIS 20. Once you've got the basics established, then you've got some breathing room for a risk-based approach.
Scanning badges sends a poor message of the intended relationship. If you incentivize booth staff to walk up to attendees with the opening line of "may I scan your badge?" you've established that this interaction is about collecting names to be marketed to rather than educating and creating relationships.
Entice security professionals to your booth with data, not tricks. CISOs and security practitioners are attracted to information you can provide that's unique, not regurgitated, and valuable. One technique to draw security professionals to your booth is to release research reports and data ahead of a conference. Promote that you will have experts on hand at the booth ready to engage and answer questions. That technique may not draw greater crowds, but it will draw more qualified leads than t-shirt giveaways.
Special thanks to LogicGate for sponsoring this week's episode of the CISO/Security Vendor Relationship Podcast.
LogicGate is an agile GRC process automation platform that combines powerful functionality with an intuitive design to enhance enterprise governance, risk, and compliance programs. With our prebuilt process templates, organizations quickly and efficiently operationalize their GRC activities without requiring support from consultants or corporate IT.
WHY NOT WRITE A REVIEW?
The place to do it is iTunes/Apple Podcasts, but we take positive reviews practically anywhere! Both of our podcasts are still very new, and one of the best ways to get a podcast discovered is through an accelerated number of reviews. So if you're a fan of either show, or both, please write a review, and share what you love about the shows on social media.Write a review for CISO/Security Vendor Relationship PodcastWrite a review for Defense in DepthWriting reviews really does help. And thank you for listening and supporting our podcasts and everything we post on the CISO Series.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.