View this email in your browser

CISO Series Podcast
We Need to Hire a Unicorn But We Only Have Budget for a Donkey

Everyone wants to nail their first cybersecurity hire. But it's an incredibly daunting task. You likely don't have the budget for the perfect employee who can do everything you need. So how do you find someone who can do the most good?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Jason Shockey, CISO, Cenlar FSB.

Ground the SOC in communication

Communication remains a significant challenge in cybersecurity. A recent study found that 18% of SOC practitioners find communication the least enjoyable part of their job, as Thomas Kinsella of Tines cited. While this statistic might seem small, it should be much smaller. One in five of your employees struggle with communications? That’s a recipe for disaster. The SOC would benefit from hiring communication professionals and project managers to create templates and norms that streamline interactions between engineers and other teams. CISOs must be able to translate technical language empathetically for both engineers and executives. Tell compelling stories that resonate with the listener if you want successful communication.

Training and mentoring talent

Are unnecessarily high barriers creating our talent problem in cybersecurity? SideChannel CEO Brian Haugli pointed out that ransomware groups have low thresholds for participation, which begs the question: why are we disqualifying so many candidates with stringent degree and certification requirements? Both HR and security leaders share responsibility for setting these restrictive job criteria. Training and mentoring employees are critical to retention and helping them grow into the positions you need the most. The corporate world has built a rigid system where certifications and degrees are often required, partly due to legal and visa issues. But these can be subverted with parallel job tracks. Training and development should be central to management, and the best leaders help their teams grow, not just those with technical prowess.

Nailing a first security hire

A startup's first security hire is a big decision. You have a lot of needs but limited resources. Hadas Cassorla, fractional CISO, Scale Security Group, argues for the efficiency of hiring a fractional CISO to build out a security strategy, manage risk, and establish board relationships without the cost of a full-time role. Generally, a fractional CISO is more suitable for short-term consulting, like writing policies, but not as a long-term solution. The first hire should be hands-on, solving immediate security issues and delivering day-to-day results. Having someone internal is vital for focusing on the company's needs and satisfying regulatory requirements. While a fractional CISO can help with setup, an internal security manager or director is crucial for ongoing, practical work, with the option to bring in a fractional CISO later for specific tasks or board engagements.

A case for optimism

Considering the rise of ransomware, state-sponsored attacks, and AI-related risks, finding cybersecurity optimism can be complex. Ross Haleliuk took that challenge head-on in a recent blog, offering reasons for optimism, such as the increasing prominence of the CISO role, improved security practices like bug bounties, and greater international collaboration. Strong villains make stronger heroes, and we have a new generation of AI tools that can fill gaps in cybersecurity defenses and help elevate the role of CISOs. The growing risk profile for CISOs is a positive sign, indicating a thriving, more connected economy. When handling pessimistic employees, try to channel that negativity constructively—whether by assigning them to focus on worst-case scenarios or leading them to develop rational, solution-oriented perspectives to improve cybersecurity defenses.

Listen to the full episode on our blog or your favorite podcast app, where you can read the entire transcript. If you haven’t subscribed to the CISO Series Podcast via your favorite podcast app, please do so now.

Thanks to Jordan Vint, US Marine Corps for providing our “What’s Worse” scenario.

Listen to the full episode.

Thanks to our podcast sponsor, Bitdefender

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

Defending Against What Criminals Know About You

"You're not going to be able to respond to the needs of your business, you're not going to be able to respond to the inputs, whether it's from threat intel or from a change in the org structure. And so I love this idea that in order to shift left, you have to respond to things as they happen, and the best way to do that is automated." - Damon Fleury, chief product officer, SpyCloud

Listen to the full episode of "Defending Against What Criminals Know About You."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be David Cross, SVP/CISO, Oracle.

Thanks to our Cyber Security Headlines sponsor, Dropzone AI

Super Cyber Fridays!
Join us TOMORROW [11-01-24], for "Hacking Your Cyber Brand"

Join us this Friday, November 1, 2024, for “Hacking Your Cyber Brand: An hour of critical thinking about building how people see your company in this industry.”

It all begins at 1 PM ET/10 AM PT on Friday, November 1, 2024, with guests Gianna Whitver, co-founder and CEO, Cybersecurity Marketing Society and Andy Ellis, partner, YL Ventures. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.