CISO Series Newsletter
Posts
Ultra Enhanced Deluxe AI with a Drop of Retsyn

Ultra Enhanced Deluxe AI with a Drop of Retsyn

August 01, 2018

CISO/Security Vendor Relationship Series

This week's podcast episode

Ultra Enhanced Deluxe AI with a Drop of Retsyn

What you'll learn from our CISOs this week

On this week's podcast, co-host Mike Johnson, CISO, Lyft, and guest Dennis Leber, CISO, Cabinet for Health and Family Services, Commonwealth of Kentucky and self proclaimed “Most Interesting Man in Information Security,” discuss the following:

When CISOs start a new job they assume they've got a good security team from the start.

CISOs feel that the term "Artificial Intelligence (AI)" has been hijacked by so many marketing teams that it's lost its meaning. To use the modifier "AI" can mean so many different variances of "smarts."

CISOs want the discussion of AI to be more around how does this new "smarter" solution solve their specific problem? They're sick and tired of the silver bullet explanation of AI. CISOs don't buy that AI is the magical elixir that will solve all your problems.

Depending on where you live, leaving your home wi-fi open can be extremely risky, or little to no risk at all.

CISOs know when they're being pitched with a mass email. If you want a better hit rate, do a little bit of research and acknowledge you know something about them before you try to sell them on solving problems with tools they don't use.

A pitch to a CISO in the government sector should not be the same as one in the private sector. Even if you wrote the world's most perfect pitch, and that government sector CISO loved it, there's nothing that CISO could do about it because of their rigid procurement process.

One vendor pitching a government agency first got to know the procurement process before ever addressing the CISO. That made the pitch a lot easier for the CISO to handle.

Special thanks to

Signal Sciences

for sponsoring this episode. If you’re using web application firewalls (WAFs), make sure you read

“Three Ways Legacy WAFs Fail,”

by their head of research, James Wickett.

Going to Black Hat?

As mentioned, starting next month I'll be the original CISO/Security Vendor Relationship Series with new articles and videos, plus a newsletter, ebook, and webinars. We are looking for a few more sponsors! I'll be at Black Hat, so if you're going to be there as well and your're interested in the series, let me know! Please just reply to this email.

Subscribe to the podcast

Got a podcast catcher? Search for "CISO" and chances you'll find the CISO/Security Vendor Relationship Podcast. If it doesn't come up, go ahead and click on any of these links to subscribe to the feed.

If you're already a subscriber, THANK YOU! If you like the show, please write a review.

Can you tell us "What's Worse?!"

In this week's episode I introduced a new segment, a game, called "What's Worse?!" in which I introduce two really bad security practices and the CISOs debate as to which one is worse.Listen to this latest episode and the two bad options the CISOs had to choose. Ask yourself, "Can you think of an even better challenge?"Criteria is it has to be two poor security practices, and they have to be similar in severity for the CISOs to debate, "What's Worse?!" Just reply to this email and send me your toughest "What's Worse?!" comparison.

Sponsor the show!

We've been extremely fortunate to have a number of vendors eager to sponsor the show. If you'd like to sponsor the podcast or the full series starting in just a few weeks, please feel free to reply to this email and I can send you details.