BSW #271 – Neal Bridges
Full Audio
View Show IndexSegments
1. Contrasting the CISO Role at Startups vs. Enterprises – Neal Bridges – BSW #271
Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Neal brings more than two decades of cybersecurity experience to his role as chief information security officer for Query.AI, where he is responsible for leading the company’s security strategy and operations, and guiding product development efforts to help customers achieve their desired security outcomes. Throughout his career, Neal has helped federal and commercial organizations develop and execute cybersecurity strategies, and has built teams at multiple Fortune 100 companies. He’s also successfully led go-to-market strategies and spearheaded multi-million-dollar merger and acquisition activity to achieve company growth objectives. Neal is the founder of Cyber Insecurity podcast where he discusses the latest cyber news and trends, and gives career advice to listeners who are new to the cybersecurity industry. In his spare time, Neal enjoys going off-roading in his Jeep, and researching how Web3 is going to change the way we use the internet.
Hosts
2. Embrace Common Business Language, Strategic Impact of DBIR, and Playing Favorites – BSW #271
In the leadership and communications section,CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. CISOs: Embrace a common business language to report on cybersecurityDespite the elevation of cybersecurity as a top board priority and concern, businesses need to address the “elephant in the room” — the failure of communication and common understanding between the CISOs, security programs, and their boards’ understanding of SPM. Organizations are recognizing that only a small percentage of their security teams are being effective when communicating security program strategies and risks to the board, according to a Ponemon study.
- 2. TIPS FROM A CISO: HOW TO CREATE A SECURITY PROGRAMHow to Develop a Sustainable and Adaptable Security Program? Security executives should focus their strategies on some specific perspectives: 1. Business awareness 2. Strategic positioning 3. Engagement 4. Build a strong team 5. Communication
- 3. The Upside of Playing FavoritesWhile managers should strive to treat their employees fairly, it’s only natural for them to develop stronger relationships with some people than with others. The good news is, new research suggests that this sort of favoritism doesn’t have to be destructive. Specifically, if the “boss’s favorite” is perceived as expressing authentic rather than hubristic pride, researchers found that witnessing favoritism could actually motivate other employees to improve and build stronger relationships themselves. With the right approach, employees, managers, and leaders can build an organizational culture that celebrates positive workplace relationships and gives everyone the tools they need to grow and succeed.
- 4. The Strategic Impact of Verizon’s 2022 Data Breach Investigations ReportLook no further than Verizon's Data Breach Investigations Report for data about the operational side of security — especially incidents and breaches. Now in its 15th (!!!) year, the report is one of the deepest and most comprehensive sources of information about the threats we face as an industry. The recurring themes are: - Data compromises result from external attacks. - The primary motive behind cybercrime is financial gain. - Most breaches are caused by stolen credentials, ransomware, and phishing. - Servers are attacked far more than any other asset. - Credentials and personal data are the most frequently targeted data types.
- 5. Cyber security training ‘boring’ and largely ignoredTwo-thirds of employees don’t bother to pay attention to cyber security training – and the fault does not lie with them. With three-quarters of UK and US organisations having experienced some kind of cyber incident in the past year, a significant proportion of employees seem to regard training exercises as something to be endured, rather than engaged with.
- 6. Make Shy Employees Part of Your Cybersecurity StrategyIntroverts aren't as antisocial as is commonly believed. But they do benefit from an environment that makes them feel comfortable. So how can we do that in a collaborative setting? Here are some strategies: - Keep groups small - Yet another meeting? - Offer a variety of communication channels - Respect boundaries (even if you don't fully understand them) - Allow appropriate time