- CISO Series Newsletter
- Posts
- Use Your CRM. CISOs Are Tired of Repeating Themselves.
Use Your CRM. CISOs Are Tired of Repeating Themselves.
Use Your CRM. CISOs Are Tired of Repeating Themselves.
This week's podcast episode
Use Your CRM. CISOs Are Tired of Repeating Themselves.
What you'll learn:
On this week's podcast, co-host Mike Johnson, CISO, Lyft, and guest Ted Ross, CEO, SpyCloud, discuss the following:
Trade shows, specifically Black Hat and Defcon, are a great place to send your researchers to learn.
Everyone has a different experience at a trade show and everyone learns something different. Share the knowledge that's gathered. After everyone comes back, require employees to do a presentation of what they learned. That extends the ROI of sending everyone to the conference.
After an event, purchase and watch all the talks you didn't get to see. Split up that responsibility among your teammates and make sure to share the most interesting findings.
Security is a team sport. Connect with your teammates and learn from them.
When you keep sending messages to someone and they don't respond, the cute email with multiple choices as to why they're not responding (probably because they're trapped, right?) is not funny. Nobody likes it. Humor in email only works if you've already established a rapport with that person.
Account takeover is not a one-size fit solution. There is no consistent solution that works for everyone. Better to understand how authentication works.
Not all breaches that you hear about in the press are equal in severity. For example, a spambot list of emails with no passwords should not be nearly of as much concern as credentials being leaked.
Best solution to prevent account takeover is to go earlier in the process, even before authentication.
A good way to thwart cybercrime is to make it so expensive to attack you that it's financially not worth it.
Catching cybercriminals requires looking at historical breadcrumbs and creating connection points to alternate identities and IP addresses.
Get everyone on the same page with CRM. Security professionals feel as if vendors are not using their CRM because they find themselves repeating the same story to different salespeople from the same vendor. If you have some idea of a company's security needs (doesn't need to be everything), it's going to make the conversation go a lot smoother.
There's a breakdown in the sales process because salespeople have different perspectives of how they should use the company CRM. When employees have different definitions of the CRM, information in the CRM is often misleading.
Special thanks to SpyCloud for sponsoring this episode.
about how you can protect employees and customers from account takeover with SpyCloud.
Find me at Black Hat
On Wednesday, August 8th, I'll be at Black Hat in Las Vegas shooting a fun "man on the street" video at the Checkmarx booth, #1202. Come find me, and I'll ask you a thought provoking and fun question about DevOps and security.
Subscribe to the podcast
Got a podcast catcher? Search for "CISO" and chances are you'll find the CISO/Security Vendor Relationship Podcast. If it doesn't come up, go ahead and click on any of these links to subscribe to the feed.
If you're already a subscriber, THANK YOU! If you like the show, please write a review.
Contributions. Contributions. Contributions.
I am cranking out a ton more content for not just the podcast, but also the entire series so I am very open and receptive to story ideas, suggestions for segments of the podcast, or anything else. Just reply to this email or connect with me on LinkedIn.
Sponsor the podcast or the series!
Starting in just a few weeks I'll be restarting
with articles, videos, an ebook, and webinars. We've been extremely fortunate to have a number of vendors eager to sponsor the podcast. If you'd like to sponsor the podcast or the full series starting in just a few weeks, please feel free to reply to this email.