- CISO Series Newsletter
- Posts
- Our "What Not to Do" Security Selling Secret
Our "What Not to Do" Security Selling Secret
Our "What Not to Do" Security Selling Secret
This week's episode of CISO/Security Vendor Relationship Podcast
Our "What Not to Do" Security Selling Secret
, Mike Johnson and our guest Joey Johnson, CISO of Premise Health, discuss:
Who needs to care about privacy first?
If Facebook doesn't change, they'll get fined again and more than the expected $3 to $5 billion for their current violation. But that doesn't seem to dissuade users of Facebook. Will Facebook have to care about privacy first before their users do?
Don't wait to learn about the business.
Our CISOs didn't realize when they started out in security how critical it was to know the business as part of their security job. A CISO's job is to interface with every department in the company. It's critical to understand and sympathize with the rest of the business.
Self-deprecating humor in cold emails DOES NOT WORK.
Trying to "lessen the blow" of sending a cold email with self-deprecating humor only makes the problem a lot worse. Be proud of your technology and what you can offer. Show it.
Good cyber hygiene is going to take time.
Like all good habits, such as wearing your seat belt and brushing your teeth, dealing with the basics of cyber hygiene will will also take a long running effort of reminding ourselves and the others of the basics. We are hit with so many distractions of what's new and cool, that we can lose sight of what are still the most common attack vectors.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Women in Security and Privacy (WISP).
Women in Security and Privacy works to advance women in security and privacy. We accomplish this through practical and technical workshops, TANDEM mentorship programs, leadership training, job board postings, Equal Respect speakers bureau, and conference and training scholarships.
TOMORROW (Wednesday 5/5/19) CISO Series hosts break down the Verizon Data Breach Investigation Report (DBIR)
Tomorrow is the highly anticipated launch day of Verizon's yearly Data Breach Investigation Report or DBIR. This report gives insight into what's happening across various attack vectors. All your favorite CISO Series hosts, myself, Mike Johnson, and Allan Alford will invite Alex Pinto, head of Verizon Security Research, to give us a brief overview of what's in the report. Then the rest of us will try to make sense of it and what it means to the rest of the industry.This webinar is happening tomorrow, Wednesday, May 8th, 2019 at 5 PM ET/2 PM PT. To be a part of it, you need to register.
The importance of developing consistent data protection policies across multiple cloud servicesMany IT departments manage multiple clouds to ensure redundancy and avoid vendor lock-in. But diversifying brings along a new set of risks that demand a consistent and constantly reviewed data governance solution.
In general, cloud vendors do not take responsibility for the security of your data. So, your policy must take full responsibility for endpoints, networks and cloud environments. Just a few of the must-haves on this list include limiting user’s permissions to only what they absolutely need, strong security practices including multi-factor authentication and password management, enforcing a uniform set of data loss prevention policies, and building a dynamic inventory of applications by the types of data stored, compliance requirements, and potential threats. Policies should be assigned to groups or roles rather than individual people.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.