CISO Series Newsletter
Posts
No Shirt. No Security. No Merger.

No Shirt. No Security. No Merger.

April 16, 2019

CISO | Security Vendor Relationship Series

This week's episode of the CISO/Security Vendor Relationship Podcast

No Shirt. No Security. No Merger.

On this episode:

Co-host Mike Johnson and our guest Mark Eggleston, vp, chief information security and privacy officer for Health Partners Plans, discuss the following:

What new risk are you taking on with a merger or acquisition? When two companies combine forces, they're also combining security postures. One is inevitably going to be in a more secure state than the other.
The cost to get the acquiring company's security up to par. While security's job is not to determine the valuation of a company, they can explain the costs that will be incurred, from a security perspective to acquire the target - Our security is here. Their security is down here. If we combine forces, we'll need to bring their security up to our level and I know how much that will cost because I did it for our company.
Do you know what you were getting into when you entered the field of cybersecurity? Most new people who enter InfoSec are just unaware of the level of stress they'll be facing protecting others and a company.
I know your patent is a big deal, but CISOs don't care. Often a pitch will mention a patent as if it's a selling point. CISOs could care less. An acquiring company would definitely care. But CISOs wouldn't weigh it at all when reviewing your tool. Instead of saying you're patented, why not say, "Our technology is patented because of _____________."
CISOs are looking for two out of three skills. Those skills are experience, schooling, and certifications. You don't need all to get into cybersecurity, but two out of three will probably get you in very quickly. The fourth, which isn't nearly as easy to show but can definitely boost you up the ladder, is passion.

Special thanks to Praetorian for sponsoring this week's episode of the CISO/Security Vendor Relationship Podcast.

As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.

Bruce Schneier, author on relying on China for digital infrastructure

Should Security and DevOps Be in Couples Counseling?

We're looking back at a funny "man on the street" video we shot and produced at last year's Black Hat conference in Las Vegas. We asked the security-minded attendees if they should seek out relationship advice to work out their differences with DevOps.

Everyone agreed something should be done. Both groups seriously need some counseling.

Davi Ottenheimer, product security, MongoDB on machine learning failures sometimes appear whimsical

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher. Or just search by the podcast name.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.