- CISO Series Newsletter
- Posts
- Do We Need a Marketing Manager for the Security Team?
Do We Need a Marketing Manager for the Security Team?
Do We Need a Marketing Manager for the Security Team?
Defense in Depth
Do We Need a Marketing Manager for the Security Team?
Check out this post by Gabriel Friedlander of Wizer for the discussion that was the basis of our conversation on this week’s episode of Defense in Depth. Steve Zalewski and I welcome our guest Laura Deaner, CISO, Northwestern Mutual to debate these issues around what would be the value of having some internal PR or marketing for the security department.The security team needs help with messaging. Internal comms are important for getting the company on the same page, and security definitely has issues getting themselves heard. It's often only through mandatory security awareness training. There are numerous benefits of having that kind of support. "Marketing talent can improve many areas of security program: reporting, user behavior, engagement with IT, onboarding processes, budget asks, board communication, etc," said Omar Khawaja, CISO, Highmark Health.How should we be crafting the marketing message? Given that we need the people to take action, it's important that the person doing the work is customer-oriented, not company oriented, noted Mark van Horik of ProteQtor IT Security. Adrian Taylor of Deloitte provides the following guidance: "If we all think of who the stakeholder is, what’s happening in their world and why they should care about what’s being put in front of them, then that’ll go a long way."Why the heck do we even have a security department? While there was plenty of commentary of not overwhelming your audience (Ron Craig of Info-Tech Research Group), the need to engage your stakeholders (Nick Sifniotis of Diamond Hand Software), and keeping policies short (Edward Gardner of New England Safety Partners), the real goal is for the company to actually care about the need for security and see the value of the security team. "If your workforce members don't know who you are, what you do, what's required of them, and how to engage your services, then you're just doing security in a vacuum and will never build a security culture," said Mark Gilman of Signify Health.Should you tie compensation to driving a more secure environment? Laura Deaner was very bullish about building financial incentives into a security culture. We learned about some organizations that were giving out iPads to developers who discovered the most bugs. But Steve Zalewski questioned why shouldn't we use the "stick" method to drive better behavior? We give the employees security awareness training, an effort that is usually dreaded. Why not create consequences for willfully ignoring security procedures? Listen to the full episode on the blog post where you can also read the full transcript, and make sure you subscribe via your favorite podcast app so you don't miss another episode.
Thanks to our podcast sponsor,
IANS Research
Super Cyber Fridays!
Join us NEXT WEEK, Friday [11-18-22], for "Hacking Cybersecurity Budgets for 2023"
In observance of Veteran's Day, there will be no Super Cyber Friday this week. But be sure to join us when we return next Friday, November 18, 2022 for
"Hacking Cybersecurity Budgets for 2023: An hour of critical thinking about how to invest in the right products to maximize your return."
It all begins at 1 PM ET/10 AM PT on next Friday, November 18, 2022 with guests Pankaj Goyal, Senior VP, Safe Security and Ngozi Eze, CISO, Levi Strauss. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Safe Security
Cyber Security Headlines
In observance of Veteran's Day, there will be no "Week In Review" live show this Friday, November 11, 2022. But we will return Friday, November 18, 2022 for a short 20-minute discussion of the week's cyber news.
.
Thanks to this week's headlines sponsor, AppOmni
CISO Series LIVE!
Join CISO Series LIVE in Clearwater, Florida on 01-10-2023
CISO Series is coming to Clearwater, Florida for our first live in person recording at the Convene conference brought to you by the National Cybersecurity Alliance. We’re going to be the opening night’s entertainment for the event, which will be happening on January 10th, 2023. But the event continues until the next day on January 11th, 2023.
Register here and if you use this link you get 15% off. Discount code of “CISOSERIES” is already applied.
Huge thanks to our sponsors, KnowBe4, Cofense, & Terranova Security
Cyber chatter from around the web...
Jump in on these conversations
"Need help determining what to ask for salary" (
)
"How to propose a bug bounty program for a Fortune 500 company?" (
)
"Frustrated with lack of 'entry level' security roles" (
)
Coming Up On Super Cyber Friday...
Coming up in the weeks ahead we have:
[11-11-22] No show
[11-18-22] Hacking Cybersecurity Budgets for 2023
[11-25-22] No show
[12-02-22] Hacking Cyber Insurance
and register for them all now!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.