![]() ![]() We all want to live in a fantasyland, right? But we are there to serve a purpose, and our purpose is to educate our C-levelleadership about the risks that are present to the business. You know, security leadership is not a fantasyland, we don’t live in Disneyland, we can’t just make up budgets and steer everything exactly the way we want it to do. But if this does happen, how does a CISO handle their staff when best efforts get thwarted? I’m going to start with you, Matt, on this.Is this a real concern for CISOs, sort of like to have someone like Mudge come to the front? And again, Mudge may be completely legitimate but there are always a number of political issues that kind of stand in your way, and I know that, we don’t have to expose any. ![]() In those situations, it’s very possible to get a whistleblower who will want to broadcast their concerns. So, some of these may be sobering realizations, but we all know the cybersecurity professional who is bullheaded and won’t stand for any of this. And lastly, you’re going to find a lot of stuff to fix, you’ll be told why you’re not allowed to fix it. And despite having C-level cyber leadership, cyber decisions are nearly always subject to sales and marketing vetoes. And the bigger the cyber team, ironically, the less you’ll probably be able to do. Some highlights are: The bigger the organization, the bigger the cyber budget. And there are often many business imperatives that thwart the best of efforts, and Derek A. But security leaders can’t always push through security initiativethey know should be done. Now, as an outside observer, we simply do not have context to what’s going on. ![]() “Mudge,” the Twitter whistleblower,has people questioning Twitter’s privacy and security practices. It is the CISO for the Democratic National Committee, or the DNC as many of you know it. By the way, both Matt and our guest have been guests on the CISO Series Podcast before and thrilled to have them here. Let’s introduce our guest today, who you heard just moments ago. But I heard supposedly last year, someone actually did that. We can literally look at the Pacific Ocean where we’re sitting right now, and there is a pool, and I will just say absolutely not a single member actually went into either right now. We don’t take advantage of it enough, but it helps us to remember to get out once in a while. We don’t deserve this, kind of us pasty-white security professionals don’t deserve this beautiful sun, beach, and sand, do we? Because we don’t take advantage of it enough. I do want to mention that the name of this event is ISSA LA Information Security Summit, and I will say physically the most beautiful conference I’ve ever seen. More about Ostrich Cyber-Risk later in the show. Our sponsor today is Ostrich Cyber-Risk – Analyze your posture. We get lots of great stuff and lots of events, live in-person events like the one we’re having right now in lovely Santa Monica, but also tons of virtual events, so no matter where you are you can participate. We are available at and for those of you who don’t know about us, just check out the site. And joining me as my guest co-host, sitting right to my immediate left, to your right in the audience here, it is none other than Matt Crouse who is the CISO of Taco Bell. ![]() I am your producer David Spark of the CISO Series Podcast. We are live in Los Angeles we are at the ISSA LA event. It’s time to begin the CISO Series Podcast, recorded in front of a live audience in Los Angeles. Almost killed everyone’s email with one click. Biggest mistake I ever made in security. Benchmarked against industry-standards (NIST, CIS, ISO), Birdseye simulates risk scenarios, continuously tracks roadmap progress, and creates shareable reports. Ostrich Cyber-Risk “Birdseye” is a unified qualitative and quantitative cyber risk management application that allows you to quickly assess, prioritize and quantify your organization’s financial and operational risks in real-time, in one place. ![]()
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |