Invest Properly – BSW #241
Full Audio
View Show IndexSegments
1. Preventing Attacks Through Risk Management & Governance – Kevin Powers, Padraic O’Reilly – BSW #241
As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age.
This segment is sponsored by CyberSaint.
Visit https://securityweekly.com/cybersaint to learn more about them!
Announcements
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Throughout 2022, CRA's Business Intelligence Unit will be releasing research reports on the top topics across the security industry. Our first report will be on Third-Party Risk and the Supply Chain. To participate in the survey, please visit https://securityweekly.com/thirdpartyrisk. The results will be shared at our Third-Party Risk eSummit in January.
Guests
Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.
Kevin is the founder and director of the Master of Science in Cybersecurity Policy and Governance Program at Boston College, and an Assistant Professor of the Practice at Boston College Law School and in Boston College’s Carroll School of Management’s Business Law and Society Department. Along with his teaching at Boston College, Kevin is a Research Affiliate at the MIT Sloan School of Management, and he has taught courses at the U.S. Naval Academy, where he was also the Deputy General Counsel to the Superintendent. Kevin regularly provides expert commentary regarding cybersecurity and national security concerns for varying local, national, and international media outlets.
Hosts
2. 4 Things Boards Should Know, 4 in 10 Orgs Don’t Have a CISO, & Creating Culture – BSW #241
In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. What Did Your Board of Directors Know, and When Did They Know It?In the SolarWinds lawsuit, the more significant issue is really not that the Board allegedly knew about the risks; it’s that they reportedly knew and then did nothing to prevent or mitigate it. In 2021, the role of the Board has shifted to limiting the damage of these attacks and ensuring those risks are accounted for by their organization. What the Board needs from its CISO is clear communication on what projects you have in place and how they relate to existing and potential threats.
- 2. Four Things Your CISO Wants Your Board to KnowHere are four things your CISO wants your board to know. 1. In Order to Adequately Protect an Organization, Your Cybersecurity Budget Should be More Than 1% of Your Overall IT Spend 2. It’s Impossible to Provide Metrics on how Many Advanced Persistent Threats You’ve Blocked in the Past Month 3. Building a Culture of Cybersecurity as a Top-down Strategy is Imperative 4. Align Your Cybersecurity Strategy to an Acceptable Framework that Demonstrates Maturity Over Time
- 3. 4 in 10 Organizations Do Not Employ a CISO: ReportOrganizations across the world have experienced swift changes in their business operations during the new normal. In particular, the adoption of the distributed work environment became a challenge for many companies, resulting in the rise of cyberattack risks. Several enterprises have increased their cybersecurity budgets to deal with new cybersecurity challenges. As the struggle of mitigating cyberthreats seems to surge, some organizations are wary about hiring security professionals. A recent analysis from cybersecurity solutions provider Navisite revealed that over 45% of organizations don’t employ a Chief Information Security Officer (CISO). Of this group, 58% think their company should hire a CISO.
- 4. The CIO’s role in strengthening information securityIf you're a CIO charged with maximizing security outcomes, while at the same time ensuring projects are implemented and everything "just works," focus on strengthening your relationships with those who can help you. Security is about buy-in, and it's especially important for those who don't fully understand it.
- 5. 5 New Rules for Leading a Hybrid TeamHere’s how leaders can build great teams, even when those teams aren’t together in-person all the time. 1. Make work purpose driven. 2. Trust your people more than feels comfortable. 3. Learn in the small moments. Send people — and yourself — nudges. 4. Provide clarity. Be more decisive than feels comfortable. 5. Include everyone. Take a long hard look in the mirror.
- 6. Creating a culture of cybersecurityThink about cybersecurity not as an IT issue, but as a senior executive and leadership issue. Cybersecurity and cyber protection are often thought of as reactive measures, but organizations need to start seeing cyber protection as a way of planning. Similar to financial planning, cybersecurity should be incorporated as a part of everyday business. It's not an add-on; it should be embedded in the organization, or "embedded endurance strategy".