We're Releasing Security Studies of Made Up Numbers

We're Releasing Security Studies of Made Up Numbers

March 12, 2019

CISO | Security Vendor Relationship Series

This week's podcast episode of the CISO/Security Vendor Relationship Podcast

We're Releasing Security Studies of Made Up Numbers

We're Releasing Security Studies of Made Up Numbers

From our live show in San Francisco, co-host Mike Johnson and our guest Melody Hildebrandt, CISO of FOX, discuss the following:

  • On CISO burnout. If you're passionate about the results you create as a security professional, the rewards of showing what you've accomplished greatly outweigh the stress. 

  • Don't over do it as a vendor. The more you claim you can do, your believability slowly declines - from a CISO point of view. Claim you can do it all and watch CISOs just snicker. Be careful making claims of doing it all.

  • Securing massive high-value assets. At FOX, they can have as many as 250 companies working on a single movie, and none of them are working within the four walls or the network of FOX. On top of that, security has no authority to dictate what applications a creative can and can't use. So they have to work under environments that are presented to them. They must be very careful as to how much of the finished project gets shipped around. All content is distributed on a need to see/know basis. So if you're only working on five seconds of a film, that's all you get and security concerns aren't nearly as high. But for a composer, who needs to see most if not all of a film, FOX must either distribute a low res or some type of altered version. 

Special thanks to New Context and Axonius for sponsoring this week's episode of the CISO/Security Vendor Relationship Podcast.

New Context

New Context helps fortune 500s build secure and compliant data platforms. New Context created “Lean Security”, a set of best practices designed to help enterprises manage and secure data for critical infrastructure, and offers professional services and a software solution, LS/IQ, to help enterprises build a secure and compliant data platforms for their business.

Huge congrats to Axonius for their two big wins at RSA this year. They were named Rookie Security Company of the Year by SC Media and they also won top prize at RSA's Innovation Sandbox. They've been touted as the company trying to solve the least sexy part of cybersecurity, asset management. Go to Axonius' site to learn more.

Mike Wiacek, co-founder and CSO of Chronicle on naming a security company

THANK YOU!

Nothing to pitch here. Just wanted to say thanks to all the fans of the podcasts I ran into at RSA. We recognize what you're trying to do to help the security industry and in return we appreciate you recognizing what we're trying to do to bring the security community closer together. Here I am with Al Wissinger and Chris Jordan of Fluency Security.

Allan Alford, CISO of Mitel, on the importance of security's role in the business

This week's episode of Defense in Depth

Security IS the Business

Defense in Depth: Security IS the Business

 On this episode of Defense in Depth:

Co-host Allan Alford, CISO of Mitel, and our guest Scott McCool, former CIO, Polycomm, discuss the following:

  • When a business becomes an idea, the only thing that matters is the perceived value by the owners.

  • If you deem security is the business, then it no longer can take a consultative role. It must take the role of brand and value building.

  • Explicit value is generating or saving money. Implicit value is what drives those two opposite ends of the spectrum.

  • A security department shouldn’t be focused on trying to get more budget for themselves. They should see where they are in the value chain and at any given point in time they must fully understand the business and see which department could generate the most business value.

  • If you only lobby for the security department in terms of its importance for getting budget, and not lobby for the overall business then you will lose credibility with your partners within the business.

Special thanks to this week's Defense in Depth podcast sponsor, SpyCloud.

SpyCloud

 about how you can protect employees and customers from account takeover with SpyCloud.

Mike Johnson, co-host of the CISO/Security Vendor Relationship Podcast discussing the overabundance of security companies

Hey #RSAC Exhibitors, Stop Looking So Bored

Hey #RSAC Exhibitors, Stop Looking So Bored

Every year I go to the RSA Conference, the trade show floor gets bigger, the attempts to attract people through gimmicks gets more intense, and many staff members working the booth could not look more bored. They're sending the wrong signal to attendees and it's hurting their brand.

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.