BSW #265 – Bryan Ware and Victor Gamra
Full Audio
View Show IndexSegments
1. Boards & Cybersecurity, The New CISO Role, & Reskilling – BSW #265
In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. Being concerned is not enough – What boards should know and do about cybersecurityCybercrime is a growing threat that will require C-level attention in organizations across the globe. We offer four steps boards can take toward establishing fit-for-purpose cybersecurity capabilities: 1. Engage an objective expert view on the status quo of the organization’s cybersecurity maturity. Ideally, this assessment should ensure the necessary level of granularity while still providing readily understandable insights and priorities for the C-level audience (e.g., ADL’s Cybersecurity Matrix). 2. Ensure regular oversight of the organization’s key indicators for cybersecurity performance, both leading and lagging, providing assurance that the controls in place are offering the right level of protection. 3. Review fact-based and unvarnished updates on a regular basis. This not only facilitates progress tracking but also ensures that resources are allocated in the most effective way for reaching the intended maturity level. 4. Enable the required governance and funding to reach the organization’s target state, based on a dedicated action plan, while ensuring identified vulnerabilities are immediately addressed. By following these steps, boards can measure, manage, and command cybersecurity performance toward a sustainable reduction of risk.
- 2. Time to Look at the Role of the CISO DifferentlyThe role of the CISO is becoming a true leadership role and what is required to get things moving is political acumen, managerial experience and personal gravitas, over raw technology skills.
- 3. Staying Positive and On-Track in Uncertain TimesLeaders have had a very tough two years, trying to reassure and focus employees in the face of constant uncertainty, often struggling with their own stress and burnout as they address the rising mental health challenges of their employees. How can they stay centered, providing a clear and upbeat message to their teams while having to pivot frequently as conditions change? Here are three practical strategies for leaders to take care of themselves, all centering around understanding and managing one’s own mind: Beware of your ego; choose courage over comfort; and practice caring transparency.
- 4. In the Case of Cybersecurity, the Best Defense is EducationTeach your staff, install best-in-class edge protection, spam filtering, end-point protection, anti-virus, dark-web scanning, and backup. Overall, don’t overlook the most important step: Promote awareness and create a strong anti-cyber culture in your office.
- 5. How to Spot — and Develop — High-Potential Talent in Your OrganizationOrganizations typically look to past performance to identify future leaders. But an employee’s track record doesn’t tell you who might excel at things they haven’t done before, nor does it identify early-career high potentials or people who haven’t had equitable access to mentoring, sponsorship, development, and advancement opportunities. The authors have developed a model for predicting leadership potential that’s grounded not in achievements but in three observable, measurable behaviors: cognitive quotient, drive quotient, and emotional quotient. They outline the telltale behaviors in each area, and explain how managers can coach employees to develop and refine their skills.
- 6. Reskilling workers can help meet the cybersecurity staffing challengeDeveloping a reskilling program in four phases: Phase 1: Foundation. Each unit created a three-year business growth projection for the top five digital skills, called new service offerings (NSOs). The units also created talent plans to meet the anticipated business growth projections for each NSO. This resulted in 36 new offerings, with the top five skills needed for each. Phase 2: Skills Forecasting. We planned for both long-term (five years out) and short-term (quarterly) skills needs. We used a variety of external and internal inputs for this forecasting model, including revenues, employee skill data, past allocations, and market trends. Phase 3: Program Implementation. This enabled reskilling as an alternative talent pipeline. More than 90% of these reskilled employees have been deployed to projects using their new skills. Phase 4: Scaling. We encouraged people to learn about cybersecurity and create awareness of the reskilling program. Employees are induced to participate by giving them concrete financial and career incentives. Career incentives include skill tags. These skill tags quantify what they have learned in a way that is recognized in the market. For instance, “Cybersecurity expert” is a tag employees can earn to indicate their skill set and work on new projects internally and with clients.
- 7. Nominations for SC Media’s 2022 Women in IT Security now openTo submit nominations, please enter all information into the entry form. Entries will close June 24, at which time the editorial team and members of the SC Media advisory board will begin the difficult task of reviewing all nominations and selecting honorees to be unveiled in September.
2. Defining Cyber Risk & Is the Market Ready for Integrated Cyber Risk Management? – BSW #265
Defining Cyber Risk With Bryan Ware
This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk.
What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency?
In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).
This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!
Is the Market Ready for Integrated Cyber Risk Management?
Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.
Segment Resources:
https://fortifydata.com/request-an-assessment
This segment is sponsored by FortifyData. Visit https://securityweekly.com/fortifydata to learn more about them!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Guests
As Chief Executive Officer at LookingGlass, Bryan provides guidance, direction, and vision to help the company meet its mission, support its customers, and expand impact.
Bryan is highly regarded as a technology leader and innovator, having started companies, patented technologies, raised venture capital and private equity, and recently served as America’s lead cybersecurity executive at CISA.
Prior to joining LookingGlass, Bryan was the Founder and CEO of Next5, a technology-focused business intelligence company, ensuring US leadership in critical and emerging technologies including AI, quantum, space, bio, and more.
Bryan served as the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS), leading the 1,000-person, $1.25 billion organization through a period of intense volatility and aggressive interference from nation-state adversaries. At CISA, he developed the agency’s first five-year strategy to modernize its sensor and computing infrastructure, transform the way the agency delivers services, and scale to protect U.S. critical infrastructure. Prior to his operational role at CISA, Bryan was an Assistant Secretary at DHS, serving as the Secretary’s advisor on cybersecurity and emerging technology matters, and leading strategic initiatives across the U.S. government and its allies.
Victor Gamra, CISSP, CISM, PCIP is the Founder and CEO of FortifyData. Prior to building a trusted Cyber Risk Intelligence company, Victor was the CISO for a Credit Reporting Agency in Atlanta and saw the opportunity fill a gap in the market with a platform that uses live data for accurate cyber risk exposure representation that reduced false positives and misattributions. Victor has previously spoken at cybersecurity events, training programs and industry specific virtual events.