- CISO Series Newsletter
- Posts
- Join us tomorrow for “Hacking API Security”
Join us tomorrow for “Hacking API Security”
Join us tomorrow for “Hacking API Security”
Defense in Depth
How Can We Make Sense of Cybersecurity Titles?
On this week's Defense in Depth, Hadas Cassorla, CISO, M1, Renee Guttman, former CISO of Coca-Cola, Time Warner, Campbells, and I all discuss cybersecurity titles. What's the difference between these leadership titles? Does anyone know what the difference is between a head of security, a vp of security, and a CISO? Do job responsibiilties change whether you're a security analyst or a threat engineer? Roles are confusing and so is the pay and responsibilities attached to them.
Why are cybersecurity titles an issue?
This is not just an issue of vanity, but "it directly impacts not only our ability to recruit, but also impacts the employee (compensation, professional development/career ladder) and in the end the businesses ability to retain talent," said Mathew Biby, CISO, Satcom Direct.
OK, then what titles should we use?
Try the
as created by NICCS (National Initiative for Cybersecurity Careers and Studies). They break it down with seven high level categories, and then specialty areas, and work roles within that. So, depending on the size of team you're going to build, you can drill down appropriately.
Can we truly achieve standardization in cybersecurity titles?
Samuel Rugi is doubtful, he suggests "I would advocate for cybersecurity job titles, salaries, and job descriptions harmonization." Harmonization gets close to standardization, but doesn't necessarily require it. And Gabe Silva, CISO, PDC Technology noted the reason we have so much confusion is that tech roles are constantly morphing unlike more classic positions like CEO, CFO, and secretary.
Regulated industries are in a better position to standardize.
"Regulated industries have stipulations for just using the term 'manager,'" noted Edward Contreras, CISO, Frost Bank. Those industries already there with standardization. Contreras recommends partnering with Legal and HR to standardize at least within your organization. But good luck having success across industries.
You'll hear these segments on this episode of
Remember, we also have transcripts of all our episodes.
Thanks to our podcast sponsor, IANS Research
Super Cyber Fridays!
Join us TOMORROW, Friday [10-28-22] for “Hacking API Security”
Think you know everything about API security? Of course you don't. That's why we're holding another Super Cyber Friday on this very topic. Join us for conversation tomorrow with our guests, Karl Mattson, CISO, Noname Security and JJ Agha, CISO, Compass.
Register for Super Cyber Friday on October 28th, 2022.
Thanks to our Super Cyber Friday sponsor, Noname Security
LIVE!
Cyber Security Headlines - Week in Review
We're live tomorrow and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Show is hosted by Rich Stroffolino and our guest will be Will Gregorian. Participate live in the conversation on YouTube by registering
.
And if you haven't done so already,
or subscribe to the
.
Thanks to this week's headlines sponsor, Votiro
Cyber chatter from around the web...
Jump in on these conversations
"How does one move “silently” through a network without being detected?" (
)
"How common is imposter syndrome in this field?" (
)
"Guilty verdict in the Uber breach case makes personal liability real for CISOs" (
)
Upcoming Super Cyber Fridays
[10-28-22] Hacking APIs
[11-04-22] Hacking DDoS Trends
[11-11-22] NO SHOW
[11-18-22] Hacking Cybersecurity Budgets for 2023
and register for them all now!
Thank you!!!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!Everything is available at cisoseries.com.Interested in sponsorship, contact me, David Spark.