CISO MindMap 2022, Top CISO Strategies, & The Missing Link in Cybersecurity – BSW #263
Full episode and show notes
In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!
Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
VP, Product at Living Security
- 1. CISO MindMap 2022: What do InfoSec Professionals really do?Recommendations for 2022–2023: 1. Re-evaluate ransomware defenses, detection and response capabilities, perform a business impact analysis and identify critical processes, applications and data. 2. Reduce/consolidate security tools/technologies and vendors. More tools don’t necessarily reduce risk but do add the need for maintaining expertise on security teams. 3. Train staff on business acumen, value creation, influencing and human experience to serve business better. I can’t emphasize this enough. 4. Take an inventory of open source software (both direct and indirect use) and make it part of your vulnerability management program. 5. Build team expertise in technology fields including machine learning (ML) models, model training, API security, service mesh, containers, DevSecOps. 6. Maintain a risk register.
- 2. World’s Largest Cybersecurity Benchmarking Study Finds that Top Executives Believe their Organizations are Not Prepared for New Era of RiskGround-breaking analysis reveals industry metrics and best-performing cybersecurity strategies: 1. Take cybersecurity maturity to the highest level 2. Ensure cybersecurity budgets are adequate 3. Build a rigorous risk-based approach 4. Make cybersecurity people centric 5. Secure the supply chain 6. Draw on latest technologies but avoid product proliferation 7. Prioritize protection of links between information and operating technologies 8. Harness intelligent automation 9. Improve security controls for expanded attack surfaces 10. Do more to measure performance
- 3. Equifax’s Jamil Farshchi: Security shouldn’t be a trade secretEquifax CISO Jamil Farshchi has pulled back the curtains on cybersecurity operations, saying that he believes “transparency to all stakeholders to the deepest degree reasonable” makes for a more secure company.
- 4. CISO Shares Top Strategies to Communicate Security’s Value to the Biz5 Key Tips for Communicating Security Effectiveness: 1. Know your audience 2. Don't start with metrics 3. Be quantitative 4. Remember that security is a team effort 5. Pair empowerment with accountability
- 5. The missing link in the cybersecurity marketI’d like to offer a different approach to solving the market failure, so organizations can enjoy the benefits of both worlds – mitigating cyberthreats through a range of products without drastic integration and maintenance efforts. Vertical innovation should continue to protect new technologies and neutralize new threats; however, at the same time, entrepreneurs and venture capitalists need to encourage horizontal innovation. Horizontal innovation sprouts “horizontal products,” weaving together capabilities from different categories and segments into an effective defensive front. At the core of horizontal innovation lies smart integration, orchestration and automation capabilities powered by AI algorithms.
- 6. Security leaders chart new post-CISO career pathsCISOs themselves, however, have some pathways mapped out: - 47% of survey respondents said they want to become board members; - 44%, chief security officers (a role that includes physical as well as information security); - 18%, entrepreneurs/consultants; - 16%, chief risk officers; - 12%, CIOs; - 8%, private equity officers; - 3%, CEOs; and - 2%, developers of new tools at a security firm. Some 5% said “other,” while 3% said they preferred not to answer. Only 9% wanted to retire.
- 7. 5 Interview Questions That Screen for Success in Hybrid WorkplacesSuppose you're hiring for a new hybrid role. In that case, it's important to remember that you'll be screening a diverse mix of candidates, some of which are familiar with working independently and some which might be entirely new to the idea of in-office work. To hire for success, consider asking the following questions. 1. What makes you want to work in a hybrid work environment? 2. If you have worked in a remote or hybrid role before, what were the challenges you faced and how did you overcome them? 3. What's your ideal schedule in a hybrid role -- how often would you like to work at home and be in the office? 4. How essential is teamwork and collaboration to you, and how do you expect to make this work while working remotely? 5. How comfortable are you with learning new technology?