BSW #283 – James Turgal
In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more!
Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropriately skilled people and a methodology. Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly
Full Audio
Segments
1. Data, People & Methodology: 3 Pillars of a Cyber Risk Quantification Program – James Turgal – BSW #283
Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropriately skilled people and a methodology.
Announcements
Follow us on LinkedIn for updates across our organization, show highlights, and more! You can find us by searching for Security Weekly Productions.
Guest
James Turgal is the former executive assistant director for the FBI Information and Technology Branch (CIO). He now serves as Optiv Security’s vice president, cyber risk, strategy and board relations. James has personally helped many companies respond to and recover from ransomware attacks and is well-versed in speaking with top-tier media.
James draws on his two decades of experience in investigating and solving cybercrimes for the FBI. He was instrumental in the creation of the FBI’s Terrorist Watch and No-Fly Lists.
Hosts
2. Cybersecurity Leadership, CareerMistakes, and 13 Horror Stories for Cyber Halloween – BSW #283
In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more!
Announcements
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Hosts
- 1. Is Cybersecurity Leadership Broken?
A new report by cybersecurity firm Savanti, argues that the industry’s leadership is broken and failing to deliver cyber success for businesses. The report provides a number of recommendations, including:
- CISOs should be hired, managed and measured as business leaders rather than technical experts;
- Recruitment should prioritise communication skills for CISOs;
- Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change;
- Cyber leaders need to achieve change through influence rather than control;
- Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy;
- CISOs should be integrated into all forward-looking aspects of business growth.
- 2. How To Translate Cybersecurity Terms for The CEO
There is a much better way to communicate with the C-suite when it comes to security projects and initiatives. It is communication that revolves around using real, actual data based on methodologies such as risk assessments and threat modeling. Present this data in business terms that the C-suite can understand; for example, revenue loss from a breach on the prevention side, or customer experience enhancements with a data access control framework on the business enabler side, to show the impact and metrics they would be concerned with.
- 3. Reimagining the Role of the CISO
Perhaps it's time to reimagine the role of the CISO. Maybe it's better to see the CISO's importance reflected in organizational impact rather than organizational status. Perhaps embedding security in functional units will result in better security.
- 4. What Hurricane Preparedness Can Teach Us About Ransomware
So how can organizations use the fundamentals taught by natural disasters to respond to a paralyzing ransomware attack?
- Have a Plan
- Test Your Plans
- Effective Communication
- 5. 4 Business Ideas That Changed the World: Emotional Intelligence
In the early 1990s, publishers told science journalist Daniel Goleman not to use the word “emotion” in a business book. The popular conception was that emotions had little role in the workplace. When HBR was founded in October 1922, the practice of management focused on workers’ physical productivity, not their feelings.
Daniel Goleman popularized the idea in his 1995 book, and companies came to hire for “EI” and teach it. It’s now widely seen as a key ingredient in engaged teams, empathetic leadership, and inclusive organizations. However, critics question whether emotional intelligence operates can be meaningfully measured and contend that it acts as a catchall term for personality traits and values.
- 6. Cybersecurity career mistakes
Being there, done that.
Mistake 1: Going against the flow Mistake 2: Not understanding your strengths Mistake 3: Not to take care of your network Mistake 4: Getting comfy Mistake 5: Losing a feeling of the job market Mistake 6: Not learning things that are not technical Mistake 7: Not getting professional certifications Mistake 8: Waiting for someone to promote you
- 7. 13 Cybersecurity Horror Stories to Give you Sleepless Nights
Twas a dark and stormy night, and the cybersecurity team stood patiently in their Scrum meeting. “Tell us a tale,” the CISO said, and one of their number raised their hand. They caught the eye of their colleagues, and began…
