- CISO Series Newsletter
- Posts
- We Can Either Build Resilience or Just Always Be Perfect
We Can Either Build Resilience or Just Always Be Perfect
CISO Series Podcast
We Can Either Build Resilience or Just Always Be Perfect
The CISO's job is all about managing cyber risk to an organization. That's not all. The conversation around cybersecurity has increasingly shifted to a focus on building organizational resilience. Should the CISO role change to reflect that? Should CISOs become business resilience architects?
This week’s episode is hosted by David Spark, producer of CISO Series and Edward Contreras, senior evp and CISO, Frost Bank. Joining them is Ryan Bachman, executive vice president and CISO, GM Financial.
Listen to the full episode here.
Identity consolidation versus simplification
Organizations face pressure to consolidate identity tools as vendors expand their offerings through acquisitions. But the real need is simplification rather than consolidation, as Francis Odum of Software Analyst Cybersecurity Research points out. While vendors are eager to capture more market share by replacing multiple tools with their platforms, the challenge lies in the complexity of integration. Even when tools fall under one vendor umbrella, integrating entire technology stacks remains difficult. The key is conducting a case-by-case analysis to determine what can be retired versus what provides genuine value. Rather than pursuing single-pane-of-glass solutions, organizations should simplify processes to match their specific business needs, especially considering the constraints of legacy systems and the varying technical environments.
Entry-level pathways into cybersecurity
The cybersecurity field has matured to the point where it can offer genuine entry-level positions, despite claims that all professionals must start elsewhere first. Help desk roles consistently emerge as effective launching points because they develop troubleshooting skills directly applicable to security operations centers, as noted by Ira Winkler, CISO, CYE. The key factors for entry-level success include self-study, demonstrated interest in the field, and proper mentorship structures that incorporate peer reviews and guidance. While cybersecurity degrees are relatively new, internship programs and junior roles in application security, compliance, and other specialized areas can serve as effective starting points, provided they are accompanied by appropriate oversight.
Evolution of the CISO role toward business resilience
The CISO role is naturally expanding toward enterprise resilience and operational sustainability rather than splitting into separate functions. This evolution reflects the reality that cybersecurity is no longer just about protecting data but about protecting the entire enterprise, something Randolf Barr emphasized in a Dark Reading piece. However, breaking apart traditional CISO responsibilities may create problematic conflicts of interest, particularly between security and operations teams focused on availability and generating revenue. Regulatory guidance in certain sectors now requires a separation between information security leadership and operational decision-making to prevent conflicts.
Applying simplification principles to cybersecurity complexity
Cybersecurity complexity often mirrors business complexity, with security requirements scaling in tandem with organizational differentiation and expansion. The most effective simplification comes from frontline staff who experience daily operational pain points and can identify inefficient processes. However, meaningful simplification must consider cost-effectiveness; controls shouldn't cost more than the risks they mitigate. Some complexity stems from regulatory requirements that cannot be simplified, while other areas offer opportunities for automation and streamlined user experiences.
Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.
Thanks to Oscar Morales from Calian IT and Cyber Solutions for providing our "What's Worse" scenario.
Huge thanks to our sponsor, Doppel
Subscribe
Subscribe to CISO Series Podcast
Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.
Security You Should Know
Getting Actionable Intelligence with Stellar Cyber
Security teams are flooded with alerts and logs from firewalls, servers, and endpoint devices—but how do you separate the noise from real threats?
In this episode, Subo Guha, Chief Product Officer at Stellar Cyber, explains how their platform transforms overwhelming security data into real-time, actionable insights. He’s joined by Nick Espinosa, Host of the Deep Dive Radio Show, and Steve Zalewski, Co-host of Defense in Depth.
You can find this episode—along with product demos, expert takes, and insights from our sponsors—in the latest edition of the Security You Should Know newsletter.
Thanks to our podcast sponsor, Stellar Cyber
Subscribe
Subscribe to Security You Should Know
Please subscribe via Apple Podcasts, Spotify, Amazon Music, Pocket Casts, RSS, or just type "Security You Should Know" into your favorite podcast app.
Who should be listening to the CISO Series Podcast?
“Anybody who’s aspiring for a career in cyber security. Anybody who’s trying to understand more about the challenges and topics that CISO’s are facing. It’s a dynamic field, so therefore I could see anybody from members of boards of directors to other C-suite members, all the way to people who are venturing into this field, or the technology field, and want to learn more.“ - Ryan Bachman, executive vice president and CISO, GM Financial
Listen to the full episode of “We Can Either Build Resilience or Just Always Be Perfect”
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Security You Should Know Newsletter - Weekly
Reddit AMA on r/cybersecurity
Our monthly AMA on r/cybersecurity on Reddit is underway.
Our topic is “I’m a CISO/Security leader. I’m also a bald man with facial hair. Ask Me Anything.”
Join the conversation here. The discussion is going on all week.
We’ve compiled a qualified group of experts:
Fredrick Lee, CISO, Reddit
Todd Hughes, senior compliance analyst, Harbor IT
Josh Harguess, co-founder, CTO, Fire Mountain Labs
Jason Fruge, cybersecurity advisor, Risksilience LLC
Andrew Wilder, CISO, Vetcor
Rob Allen, chief product officer, ThreatLocker
Jerich Beason, CISO, WM
Michael Farnum, founder and president, HouSecCon
Edwin Covert, vp of advisory services, Fenix24
Gary Hayslip, CISO, Softbank Investment Advisers
LIVE!
Cyber Security Headlines - Week in Review
Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Bil Harmer, operating partner and CISO, Craft Ventures.
Thanks to our Cyber Security Headlines sponsor, ThreatLocker
Super Cyber Fridays!
Join us Friday for “Hacking the Internal Politics of Cybersecurity”
Join us on Friday, June 27, 2025, for Super Cyber Friday: “Hacking the Internal Politics of Cybersecurity.”
It all kicks off at 1 PM ET / 10 AM PT, when David Spark will be joined by Alexandra Landegger, global head of cyber strategy & transformation, RTX, and Bethany De Lude, CISO emeritus, The Carlyle Group, for an hour of insightful conversation and engaging games. And at 2 PM ET / 11 AM PT, stick around for our always-popular meetup. This time, it will be hosted right inside the event platform.
Remember to add it to your calendar via LinkedIn or on Airmeet link in the invite.
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.