Security Weekly
Business Security WeeklySubscribe
Leadership, Zero trust, Asset Management, Security Staff Acquisition & Development

BSW #272 – Saša Zdjelar

In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy.

Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience. Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Talking to Boards and C-Suites, Leadership Debt, and Adaptive Leadership – BSW #272

In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. How to Talk to Your Board (So They’ll Listen!)
    Five Tips to Ease Communication With the Board 1. Start with the basics 2. Know the difference between the board and leadership 3. Come prepared to talk about the following: - How issues affect your business - Current events - “What’s that red thing?” - The historical perspective - The risk narrative 4. Don’t do the following - Don’t go into minutiae - Don't complain - Don’t pretend everything is great if it isn’t 5. Seize an opportunity, if you can
  2. 2. The CISO’s Guide – How to Talk to Your Board & C-Suite About Cybersecurity
    Here are some basic questions that CISOs need to answer for the board and C-suite: - What are the risks we are facing? - What is the cybersecurity team doing about it? - Does the team have what it needs to make the right decisions and act quickly? - Are company assets, data, and systems secure? - How would we know if we have been breached? - How does our security program compare to other companies in the industry? - Do we have enough resources for our security program? - How effective is our program; is our investment correctly aligned?
  3. 3. The Number 1 Growth Killer is Leadership Debt
    You can avoid incurring too much leadership debt by: 1. Take ownership of your leadership debt 2. Work on your leadership skills 3. Develop a strong leadership team 4. Watch out for leadership debt symptoms, including - Team conflicts and team members blaming each other - You must approve too many decisions - High employee turnover - Teams work in silos
  4. 4. Adaptive Leadership in Times of Change
    How leaders within an organization decide issues is an important part of that organization’s success. This is because that decision-making process flows down to other parts of the organization; others emulate these actions and processes within the group (Offergelt et al., 2019). This article will discuss a leadership approach called adaptive leadership theory through the examination of a senior leader of a Fortune 500 firm during the early stages of the COVID-19 Pandemic. It will also describe an alternative theory of leadership demonstrate why it was not an optimal choice during this time.
  5. 5. 5 ways to unite security and compliance
    Which comes first, security or compliance? In an ideal world, they work together seamlessly. Here's how to achieve that: 1. Focus on data protection 2. Make security auditors your friends 3. Use compliance as a base to build better security 4. Fix the vulnerabilities you find 5. Measure improvements in security and risk posture
  6. 6. Overcoming the Barriers to Zero-Trust
    Below are three key barriers facing companies interested in implementing a zero-trust approach today: 1. Cost 2. Complexity 3. Scale
  7. 7. This One Communication Tip Will Save You Hours of Frustration
    The communication tip is this: ALWAYS clarify the point(s) you want to discuss. How do you clarify these points? ASK QUESTIONS. No matter how simple it may seem, do not assume what you think something means matches what the person meant.
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Josh Marpet
Josh Marpet
Executive Director at RM-ISAO

2. Zero Trust Is Not a SKU – Saša Zdjelar – BSW #272

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy.

Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Saša Zdjelar
Saša Zdjelar
SVP, Security Assurance at Salesforce

Saša Zdjelar is the SVP of Security Assurance at Salesforce where he leads a global organization and is the executive sponsor for strategic corporate security initiatives such as Zero Trust. Prior to Salesforce, Saša spent nearly two decades working in the Energy sector in various security and non-security roles working on strategy, enterprise security & architecture, software engineering, ERP systems designs/integration, program and product management, planning & stewardship, etc.

He is a member of the Forbes Technology Council, a Fellow at the Cyber Readiness Institute (CRI), a member of the Black Hat CISO Summit Advisory Board and BlackHat Content Review board, an active member in organizations such as Infragard, ISACA and ISSA, has been published in various industry publications, and has spoken at a number of industry conferences and universities. Saša holds a Bachelor’s degree in Management and Master’s degree in Decision Science from the University of Florida.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
Lee Neely
Lee Neely
Information Assurance APL at Lawrence Livermore National Laboratory
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

Leadership
Do You Really Want to Be a CISO? – Spencer Mott – CSP #150

Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO ...
Leadership
1% Leadership – Andy Ellis – BSW #329

Most leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that will let you emulate that leader. Or the lesson of book should have been written as a tweet: in 280 characters you could have learned one l...