- CISO Series Newsletter
- Posts
- Worst Question Award Goes to "How Secure Are We?"
Worst Question Award Goes to "How Secure Are We?"
Worst Question Award Goes to "How Secure Are We?"
This week's episode of CISO/Security Vendor Relationship Podcast
Worst Question Award Goes to "How Secure Are We?"
, Mike Johnson and our guest, Helen Patton, CISO for Ohio State University, discuss:
CEO should ask questions about the security program.
First CEOs realized that 100 percent security was an impossibility. Then they learned the question "How secure are we?" yielded fruitless results. To better understand overall security, CEOs need to question CISOs about the security program they have in place, how mature it is, and how effective is it?
If you want diversity, you'll need to attract it, and look in not the usual places.
We create non-diverse environment when we hire people like ourselves and then ask those people we hired to refer more people like ourselves. Step out of your group into others. Also, be careful of language you use in job postings. Make sure it's neutral and doesn't speak to having a specific background.
New CISOs will have to negotiate responsibilities away from the CIO.
If as a new CISO you're struggling for security ownership from a CIO, first be patient. But once you get to the position you wanted, sit down with the CIO and ask could there have been a faster way to get to where the two of you got. Also, ask the CIO if there are any sacred cows that you need to avoid.
Talking security with non-security people requires context.
If you want a non-security person to care about security, you have to meet them where they are first. Start with home and personal security. They'll easily grok security's value if you can show them how they'll benefit from it personally. From there, walk them to business-level security.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Trend Micro.
The Pre-nup. It’s a difficult thing for most people to talk about in their personal lives, but it’s something that should always be considered when setting up a relationship with a cloud service provider. Not all business relationships last, and if your organization needs to move its data to another provider, it’s not like packing up your furniture and saying goodbye to your half of the dog. Read more...Check out more Cloud Security Tips sponsored by OpenVPN.
Save the date for live recordings in Las Vegas and NYC
We've got live recordings of the
CISO/Security Vendor Relationship Podcast
coming up. More details to come, but mark your calendars for Las Vegas, August 8th and New York City on September 5th. If you're interested in sponsoring we have some open opportunities. Go ahead and contact me
or reply to this email.
CISO/Security Vendor Relationship Podcast Live in Sydney 07-25-19
The CISO/Security Vendor Relationship Podcast will be heading to Sydney, Australia on July 25th, 2019 for a live recording of the podcast at the ADAPT CISO Edge conference. We're very excited to be the closing keynote for this exclusive event as our first overseas trip to record the podcast. Thanks to sponsors ADAPT and Dimension Data for making this event possible. Watch the preview video.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.