Application security, Careers, Cloud security, Leadership, Threat intelligence

7 Tips, 5 Simple Tips, & 3 Strategies for CISOs – BSW #228

This week, in the Leadership and Communications section, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more!

Full episode and show notes


  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at

  • Don't forget to check out our library of on-demand webcasts & technical trainings at


Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. Real IT leadership: Selling the transformative dream - It's one thing to cook up a great new initiative, but making it happen requires powers of persuasion, solid partnerships, and access to genuine technical insight.
  2. 2. 7 tips for better CISO-CFO relationships - A successful CISO/CFO relationship will help ensure an organization has the right resources for its risk profile. Here are some best practices for CISOs when working with the CFO in their organization: 1. Speak the CFO’s language 2. Leverage data-rich economic models to quantify risk 3. Communicate on a regular basis 4. Invest in your own financial literacy 5. Understand the budget process 6. Don’t neglect planning 7. Separate subjective and objective analysis
  3. 3. 3 Strategies to Secure Your Digital Supply Chain - Today, most software products rely on thousands of prewritten packages produced by vendors or drawn from open source libraries. The most commonly used of these third-party software supply chain components are highly prized targets for cyber criminals. If attackers were to infiltrate them, they could compromise thousands or even millions of companies across industries and around the world. The good news is that firms don’t have to feel helpless; they can rely on others outside the firm to unearth vulnerabilities. Corporate leaders and IT teams can take three steps to prioritize and remediate vulnerabilities and forestall supply chain cyberattacks: 1. IT managers should rely more on automated tools to fix simple vulnerabilities 2. Businesses should conduct cost-benefit analysis for vulnerability patching 3. Procurers should demand that critical technology vendors implement “hot patching”
  4. 4. 5 Simple Tips to Help You Write a Powerful Email That Gets Read - Follow these tips to help you compose an effective email: 1. Pay Attention to the Subject Line 2. Don’t Forget About Formatting 3. Make Your First Sentence Count 4. Keep Your Email Short 5. Your Email Should Have Only One Call to Action
  5. 5. The Endless Digital Workday - The shift to remote work ended the traditional 9–5 workday: employees work in bursts, at night, between caregiving tasks, and whenever they can find time between the endless distractions of messages, calls, and emails. New research, however, shows that for many teams, this means people are quite literally working at all hours of the day, which also means that they’re almost never all working at the same time. Is this bad though? Researchers found that it depends on the task. For some tasks, being on at the same time improved productivity; for others, the distractions created by coworkers made it harder to finish the tasks, and productivity went up in what used to be considered off hours. Importantly, employees proved to be good judges of how to manage their time to be most productive. There are still lessons for managers. As a first step, write a team charter to establish norms and expectations, which should include specific times when the majority of the team is on together. That said, don’t force overlap or micromanage people. Finally, make it okay for people to be offline.
  6. 6. Cyber professionals need regular training, and a pay raise - You can’t have solid cybersecurity without the right people. You’ve heard that before. Organizations need people with the right skills and they need to pay them commensurate with that skill. Yet, the skills shortage continues driven, according to one new study, by low pay.
  7. 7. These are the Top 4 Cybersecurity Skills In-demand in 2021 - Cybersecurity is one of the fastest-growing sectors and cybersecurity skills are in demand across verticals. Let’s learn about the top four in-demand cybersecurity skills in 2021: 1. Application development security 2. Cloud security 3. Risk management 4. Threat intelligence
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
prestitial ad