- CISO Series Newsletter
- Posts
- What's Worse?! "Culture of No" or No Culture?
What's Worse?! "Culture of No" or No Culture?
What's Worse?! "Culture of No" or No Culture?
This week's episode of CISO/Security Vendor Relationship Podcast
What's Worse?! "Culture of No" or No Culture?
, Mike Johnson and our guest Sean Catlett, CISO, Reddit, discuss:
Let's end the "culture of no".
We're definitely on that path, but it's far from over. There is still plenty of legacy negative attitude in security culture and that's not helping the business.
While we're at it, let's also end the blame game.
Blaming is never the solution. I worked at a company where we spent more time figuring out who to blame than solving the actual problem.
The security team shouldn't carry out all security procedures.
For the security team to be more effective, they should be delivering executables to the rest of the business.
Your proof of concept (PoC) should have a defined timeline.
Even if a prospect loves your product, your lack of clarity to the demands of a PoC can scare off a potential customer. If you can make it clear that a PoC shouldn't take longer than a set time (e.g., one day) to prove what you need it to prove, then your prospect will feel more comfortable moving forward.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Perimeter 81.
Perimeter 81 is a Zero Trust Network as a Service designed to simplify secure network, cloud and application access for the modern and mobile workforce. We allow cybersecurity professionals to easily build, manage and secure their organization’s networks in one unified, multi-tenant, cloud-native platform. Learn more at www.perimeter81.com.
TOMORROW live recording at the San Francisco CISO Executive Summit
It's a new milestone for the CISO/Security Vendor Relationship Podcast. Mike Johnson and I will be recording another live episode, but this time in a room full of CISOs. We'll be the closing keynote at Evanta's San Francisco CISO Executive Summit, tomorrow, May 15th, 2019. Attendance is kind of really exclusive (Don't blame me, I didn't write the rules). Registrants will be granted confirmation based upon qualifications and space availability. Check to see if you qualify.
Video extra from this week's episode of CISO/Security Vendor Relationship Podcast
Hiring and Trusting Remote Cybersecurity Workers
Right after we recorded this week's episode of
CISO/Security Vendor Relationship Podcast
with Sean Catlett, CISO of Reddit, we turned on the camera for a little bit of bonus footage.
, podcast co-host, Mike Johnson, asks Sean how he got around to hiring remote InfoSec workers and why he had to do it.
Whether your data is in transit or at rest, it’s vital to remember that neither state is secure. Data must be protected in both states, and encryption plays a major role in this. In addition to encryption standards for in-transit data such as TLS for email, HTTPS and SSL for websites and the use of a VPN when connecting from public Wi-Fi hotspots (even those that say they are secure), there is symmetric and asymmetric encryption, part of the Advanced Encryption Standard. Symmetric encryption happens when the sender and receiver of a message use a single shared key to encrypt and decrypt the message, which is something most internet traffic uses. Asymmetric encryption uses more CPU power and is harder to encrypt, and is used for secure online exchanges via the Secure Sockets Layer.More on CISO Series.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.