CISO Series Newsletter
Posts
Get All the Stress You Want, With None of the Authority

Get All the Stress You Want, With None of the Authority

November 22, 2022

CISO Series Podcast

Get All the Stress You Want, With None of the Authority

Listen to this episode of CISO Series Podcast with me and my co-host Andy Ellis, operating partner, YL Ventures, plus our guest Aman Sirohi, CISO, People.ai. Here are our topics of discussion. Please pipe up with your thoughts.How does a cyber aware board act differently? A board's responsibility is to make sure the company is well governed. Their job is not to run the company, noted Andy Ellis. Although a board that isn't cyber awarenoted Aman Sirohi, is gathering information from the CISO. A cyber aware board is pushing the CISO to do more, faster. But, at the same time that cyber aware board is realistic. They realize that a hard project doesn't get accomplished overnight. What they want to hear is ongoing improvement of the overall security program.Are CISOs under more stress than other C-level professionals? It's a slanted question given our audience, but Andy and many others argue that the reason security professionals feel that way is because many CISOs are only a "Chief" in title and responsibility, but not authority given how most CISOs report under another C-level member who is not the CEO. Another big argument for CISO stress is the lack of clarity in their position. But, does a CISO really have more stress than the CEO? That's a tough one to argue.What's the safest way to open PDFs and Office files? Katie Paxton-Fear of The Manchester Metropolitan University asked this very question of the Twitter community. Security professionals are constantly telling users not to double-click attachments. So how should they open them safely? The Twitter community offered suggestions like VirusTotal, Windows Sandbox, Google Drive, an air-gapped VM. But while all are great suggestions, no user will actually do any of this. You need to have a security program that actually protects from this type of typical user behavior.How aggressive can/should a cyber sales person be? We've reported on many outright deceitful sales tactics. These behaviors are never plan A, but rather a response to the pressure salespeople feel to how their being measured. When they resort to these tactics, they're obviously thinking of their own survival, not necessarily the company. When such situations do occur, you need to tell the CMO, noted Andy Ellis. If it continues it can be seriously brand damaging as security professionals talk. Correct the situation quickly to save the brand. Don't reprimand the salesperson. Ultimately, salespeople need to be measured by a new yardstick that doesn't push them to resort to behavior CISOs find reprehensible. Anyone have a suggestion?Listen to the full episode on our blog post where you'll find the full transcript or via your favorite podcast app. Go ahead and subscribe if you haven't already.

Thanks to our podcast sponsor, AuditBoard

Best advice for a CISO...

"Don't blindly follow the trends. Be strategic, think about how the business is growing and how the business will benefit from it, and how you'll be mitigating risk. Key part is don't be blind and just follow what everyone else is doing." --Aman Sirohi, CISO, People.ai

Listen to full episode of

"Get All the Stress You Want, With None of the Authority."

How much benefit we could get out of a communications person for security?

"Whether we call it PR, or marketing, having a team, a person, even a half-person, even if you had somebody half the time, really thinking about your stakeholders as a CISO, what they care about, what they need to understand, and tailoring the communications to them, will go a long way....We all know that we have to do regular communications to the population, but if you’re able to actually tailor it to your stakeholders, whether it’s the board or it’s about budget, it can only be a good thing, I can’t see a downside to it. Other than, yes, it is a cost, but it’s well worth it, you’ll see returns." --Laura Deaner, CISO, Northwestern Mutual

Listen to full episode of

"Do We Need a Marketing Manager for the Security Team?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters also available on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

In observance of the Thanksgiving holiday, there will be now "Week In Review" live show this Friday, November 25, 2022. But we will return Friday, December 2, 2022 for a short 20-minute discussion of the week's cyber news.

Subscribe to the podcast

Thanks to our Cyber Security Headlines sponsor, Compyl

Super Cyber Fridays!

Hacking Cyber Insurance

In observance of the Thanksgiving holiday, there will be no

Super Cyber Friday

this week. But be sure to join us when we return next Friday, December 2, 2022 for

"Hacking Cyber Insurance: An hour of critical thinking about getting the finance side to be working in concert with security and IT.”

It all begins at 1 PM ET/10 AM PT on next Friday, December 2, 2022 with guests Scott McCrady, CEO, SolCyber and Anthony Dagostino, CEO and founder, Converge. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, SolCyber

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.