Job Opportunity: You're Unqualified AND Underpaid

Job Opportunity: You're Unqualified AND Underpaid

August 21, 2018

CISO/Security Vendor Relationship Series

This week's podcast episode

Job Opportunity:You're Unqualified AND Underpaid

Job Opportunity: You're Unqualified AND Underpaid

What you'll learn:

On this week's podcast, co-host Mike Johnson, CISO, Lyft, and guest Dan Glass, former CISO, American Airlines, discuss the following:

  • Drive responsibility first. Accountability comes next. We had an involved semantic debate about "responsibility" and "accountability." If you imbue a sense of responsibility in your employees, they will generate their own accountability. 

  • Non-security staff don't need to know about ALL security issues. The other employees should have good security insights, but that's not their core function. Security needs to do its job and make security more transparent so it becomes less of a burden on the rest of the staff.

  • Employees are your greatest ASSET, not your weakest link. It's narrow-minded to only look at the rest of your staff as fail points within your organization. A good CISO can motivate the company staff to be a human intrusion detection system. Go out of your way to reward employees who see and report irregular behavior.

  • Don't rely on every employee doing it right every single time: If a single click on a phishing email can bring your whole company down then you don't have the right security architecture in place. 

  • Enough with the buzzwords. We did a "What did you think of this pitch?" segment on the show and while there were mixed results in the value of the pitch, one area that both CISOs agreed on were the use of buzzwords. CISOs shut down when they hear them. 

    • Unrealistic security job descriptions with poor pay. Job descriptions in the security field seem to be getting longer, with more certification requirements, and lower pay. These kinds of postings are only hurting the company and giving an advantage to their competition. In a buyers' market you can't just put out an unrealistic job posting to "see who will respond." It will actually damage your brand. 

    Special thanks to SpyCloud for sponsoring this episode. Learn more about how you can protect employees and customers from account takeover with SpyCloud.

    CONTRIBUTE: The marketing value of industry goodwill

    Last week, I asked for your stories of overcoming roadblocks and I got some great feedback. This week I'm eager to know your tales of how you've giving back to the security community and how that participation and goodwill has benefited your business.Please just reply to this email or connect with me on LinkedIn and tell me your story. 

    This week's article for the CISO/Security Vendor Relationship Series

    4 Effective Targeted Techniques to Market GDPR

    Now that the GDPR deadline has passed, not much has changed. Companies still need to adhere to this privacy-based compliance mandate. Plenty of companies are still falling short, and the lack of clarity of the regulation still causes concern, which opens the door for opportunistic vendors. What's the best way for security vendors to market their services as a GDPR solution?Read the article for more advice on these four different techniques:

    • CISOs respond better to pitches based on facts rather than fears. As I've reported repeatedly in the past, don't play the fear card with CISOs. They won't respond positively. 

    • As an outside observer, can you see where the prospect is falling short? Sometimes just looking at a prospective customer's site you can see what their GDPR problems are.

    • Where does your point solution fit in the GDPR pipeline? Don't come in trying to swallow the whole pie. CISOs' BS detectors go off if you claim to solve all GDPR issues. Instead, try to pinpoint where your solution can be valuable in solving an array of GDPR issues.

    • Ask relevant and revealing questions: Asking a prospect if they're GDPR compliant reveals absolutely nothing. If you want to find out where they're falling short on GDPR, you need to ask more probing and revealing questions.

    BE FEATURED IN ONE OF MY VIDEOS

    For those of you who remember the original articles in the CISO/Security Vendor Relationship Series, they were always followed up with a video where I would highlight my favorite comments. So here's your chance to be in one of my videos.Leave a tip, opinion, or tell me how I'm frightfully wrong about the advice in this article on the LinkedIn post. Best comments make it to the featured video.

    Sponsor the podcast or the series!

    This week I relaunched 

    . First is an article, and soon videos, an ebook, and a webinar. We've been extremely fortunate to have a number of vendors eager to sponsor the podcast.

    If you'd like to sponsor the podcast or the full series please reply to this email or connect with me on LinkedIn.

    SUBSCRIBE TO THE PODCAST

    Got a podcast catcher? Search for "CISO" and chances are you'll find the CISO/Security Vendor Relationship Podcast. If it doesn't come up, go ahead and click on any of these links to subscribe to the feed.

    If you're already a subscriber, THANK YOU! If you like the show, please tell all your friends on social media and write a review on iTunes.