See this episode’s highlights:How building an intentional brand connects you to the C-suite. (01:00)To build an intentional brand, create three lists. (09:45)Shout-out to Houston’s late, great Atchafalaya River Cafe. (20:56)Use the tactics of framing and priming to reinforce your brand. (23:13)CISOs tend to see their budget as the key thing capping the cybersecurity function’s potential enterprise impact, when in fact the function’s (and the CISO’s) reputation has just as much to do with the role cybersecurity can play. And, unlike the budget, which has many drivers beyond our control, CISOs can exert almost complete control over their brand! In this episode of CISO Edge podcast, Gartner experts Leigh McMullen and Chris Mixter share the steps needed to create an intentional — and impact-amplifying — CISO (and cybersecurity function) brand.Leigh C. McMullen is a Distinguished Vice President, Analyst in Gartner's CISO, Security and Risk Management team. Leigh leverages his experience as both a line-of-business manager and IT leader to provide CISOs with insight on navigating and making a difference within the C-suite. Additionally, he provides clients with a holistic view of cybersecurity leadership research, specializing on the topics of future operating models, vision and strategy, politics, influence, business engagement, internal marketing and communications.
Join Gartner experts Chris Mixter and Richard Addiscott in this episode of CISO Edge to debunk the myths around why employees behave nonsecurely, why most tactics and executive communications around employee behavior don’t work, and to explore ways to rapidly increase the value delivered by your secure behavior and culture program (SBCP).What if I told you that “lack of cyberawareness” isn’t the reason people behave nonsecurely? (03:50)Where do your employee-related security incidents come from? (09:56)How can we move from compliance-centric to behavior-centric cybersecurity? (13:48)Help executives understand what is a defensible level of performance around human risk exposure. (26:15)Richard Addiscott is a Vice President Analyst in Gartner's global security and risk management practice, helping CISOs and senior cybersecurity executives deliver highly effective information security programs and build high performing cybersecurity teams. With more than 20 years of experience in industry, Richard has held enterprise information security and IT leadership, information security consulting and advisory, IT governance, and business development roles across the public, private, and not-for-profit sectors.
Join Gartner experts Chris Mixter and Peter Firstbrook as they debunk the myths about vendor consolidation and provide CISOs with practical guidance on navigating this sea change in how cybersecurity technology is sold and operated. Does vendor consolidation contravene defense in depth? (05:34)Take a data-centric perspective to evaluate consolidation opportunities. (12:09) Questions for CISOs ask cybersecurity technology vendors about their pivot to platform-centric architectures. (21:29) Questions for CISOs to ask themselves about their cybersecurity talent in the platform era. (27:29) Gartner Distinguished VP Analyst Peter Firstbrook utilizes his 25+ years of experience as an industry analyst to help clients improve their security posture to defend and respond to malicious attacks. Peter is responsible for endpoint protection platform (EPP), endpoint detection, and remediation (EDR), extended detection and response (XDR) markets, as well as topics such as security vendor consolidation, workspace security and generative AI security.
Join Gartner experts Chris Mixter and Will Candrick on this episode of the CISO Edge Podcast to learn how to implement a capability that many cybersecurity organizations see as beyond their program’s abilities or too risky to attempt: cyber deterrence. Why now is the time to explore cyber deterrence. (2:41) Where deterrence fits into your cybersecurity program. (12:15)Bad actors are rational and you can use that against them (16:39)Introducing the Gartner PARC Framework for prioritizing deterrence tactics. (20:39)How deterrence contributes to cybersecurity team engagement. (28:25)This podcast explores research found in CISO Edge: Use Cyber Deterrence to Stop Attacks Before They StartWill Candrick is a Senior Director Analyst within Gartner’s risk and security management group. Will brings extensive experience researching cybersecurity management challenges, and regularly advises CISOs and their teams on maturing security and risk practices. In particular, Will focuses on cybersecurity strategic planning, incident response, awareness, metrics, board reporting and policies. Before Gartner, Will held research roles at CEB researching management best practices for CISOs and their teams. Will has a bachelor’s degree in economics with a concentration in political economy from Carleton College.
This episode explores:How, despite geopolitical instability, CSCOs can meet growing performance expectations by increasing their supply chain’s flexibility in key areas. (1:20)Definitions and applications of terminology associated with this process, such as “trust boundaries” and “supply chain elasticity.” (5:10)Concerns of increased complexity associated with supply chain elasticity. (8:30)Methods to assess geopolitical risks’ potential impacts on a supply chain. (13:18)Recommendations for CSCOs seeking to increase their supply chain’s elasticity. (16:35) In this episode of the Supply Chain Podcast, host Lindsay Azim and guest Pierfrancesco (Pier) Manenti, research vice president for the Gartner supply chain strategy team, discuss findings from Supply Chain Executive Report: Empowering Growth Through Geopolitically Elastic Supply Chains. As countries cloister their markets in response to various geopolitical tensions, accessing a global marketplace is becoming harder for CSCOs. Lindsay and Pier explore how “supply chain elasticity,” a concept explored in the Executive Report, can help CSCOs alleviate these market access issues while driving growth. The discussion includes key definitions and actions, success stories from organizations already applying these principles and recommendations for CSCOs to improve elasticity within their own supply chains.Pierfrancesco (Pier) Manenti is research vice president for the Gartner supply chain strategy team. Pier provides insights and advisory support to chief supply chain officers (CSCOs) and heads of strategy of global manufacturing and retail corporations, especially with regards to future trends and key challenges affecting end-to-end supply chain strategy. He focuses on strategic transformation, digitalization, agility and design for profitability.
Join Gartner experts Chris Mixter and Jeremy D’Hoinne on this episode of the CISO Edge Podcast for a conversation on the steps that CISOs must take to fulfill their multiprongmandate: defending the enterprise from AI-fueled attacks, and enabling business and cybersecurity functional use of generative AI (GenAI) — all without losing focus on their other mission-critical priorities.This episode explores:Is generative AI simply a version of a movie CISOs have seen before? (02:32)What are the most promising use cases for generative AI within cybersecurity? (6:48)How do we avoid inflated expectations around secure development in the GenAI era? (12:29)What are the key skills and cybersecurity culture we need to make the most of GenAI? (17:25)As a Gartner research VP for security operations and infrastructure protection, Jeremy D'Hoinne assists chief information security officers and their teams to develop strategies to protect against advanced threats. Jeremy’s research includes exposure management and how to run a continuous threat exposure management (CTEM) program; it also covers related technologies, such as cybersecurity validation technologies,including breach and attack simulation (BAS). He also studies the intersection of artificial intelligence and cybersecurity with a focus on the disruptions caused by large language models and generative AI.
Join Gartner experts Eric Grenier and Chris Mixter on this episode of CISO Edge for a conversation on the steps that CISOs must take to close the gap between prioritizing employee productivity and cybersecurity in end-user device management.Eric Grenier is a Director Analyst with Gartner, focusing on endpoint security including endpoint protection (EPP) and endpoint detection and response (EDR). Eric’s research and advisory supports clients implementing EPP and EDR tooling, securing endpoints and using tools like unified endpoint management (UEM) and strategies such as bring your own device (BYOD) and bring your own PC (BYOPC) that allows users to remain productive from wherever they work and be secure. In addition to his work at Gartner, he is also a professor at Central Connecticut State University.
Join Gartner experts Chris Mixter and Bart Willemsen for a conversation on the steps that CISOs must take to evolve their role in privacy from merely supporting compliance to improving cyber risk management.This episode of CISO Edge Podcast explores the role that privacy can play in accelerating cybersecurity’s priorities: The five questions smart CISOs ask to focus their privacy efforts. (4:30)How to counteract “data hoarding” with a tool already at cybersecurity’s disposal. (8:30)This month’s obligatory GenAI-focused conversation. (12:10)How CISOs can use privacy legislation to their advantage. (17:10)Where to use privacy-enhancing technology to enhance cybersecurity. (25:20)Bart Willemsen is a Gartner VP Analyst with focus on privacy and related challenges in an international context, as well as on ethics, digital society, and the intersection of these disciplines with modern technology including AI. He has a broad, in-depth history of experience, and was among the earlier Fellows of Information Privacy (FIP), and has held accreditations like CIPP/E, CIPM, CISA, CISM, bringing proven and multidisciplinary best practices to our worldwide clients. Before Gartner, Bart held various roles as (chief) privacy and security officer where he implemented, audited and oversaw privacy and security and compliance program strategies for holding companies and their subsidiaries.
The U.S. Securities and Exchange Commission’s (SEC’s) new cybersecurity disclosure rules standardized the timing and location of reporting material cybersecurity incidents, and disclosing risk, governance and strategy processes. In this episode of the CISO Edge Podcast, Gartner experts Chris Mixter, Alissa Lugo and Lisa Neubauer have an in-depth discussion on how general counsel and chief information security officers can team up to accelerate compliance with these high profile new expectations. Guest Speaker: Lisa NeubauerLisa Neubauer is a Senior Director Analyst with Gartner, advising chief information security officers, chief information officers, security leaders and non-IT executives on maturing their security and risk management programs and practices. In particular, Lisa focuses on executive/board reporting, strategy, metrics, governance, policy and security organizational structure. Guest Speaker: Alissa LugoAlissa Lugo is a Senior Director Analyst with Gartner, providing C-suite, boards, and general counsel advice relating to corporate governance challenges facing their companies. Alissa assists clients on a wide range of corporate governance issues, including emerging corporate governance trends, board and management matters, director lifecycle events, corporate secretarial duties, developing and improving ESG programs, and assessing and improving corporate governance practices and board processes.
Attrition is a natural part of any function, yet cybersecurity organizations are often caught off-guard and see productivity and morale drop when staff depart. Having a strategy for planned and unplanned turnover is a crucial component of your cybersecurity programs’ greater success. In this episode of the CISO Edge Podcast, Gartner experts Chris Mixter and Victoria Cason discuss the three essential components of an effective talent release program: transition planning, offboarding and alumni relations.
CISOs today are taking on more responsibilities and doing so faster. However, this rapid expansion comes at the cost of stability and amorphous priorities. CISO Edge podcast host Chris Mixter talks to Gartner VP analyst Nader Henein about trust — who needs to trust CISOs, what trust means to each constituency, and how CISOs can build trust with each one.This episode explores :The connection between trust and the CISO’s effectiveness in role. (02:00)What trust means to the C-suite and board in the context of cybersecurity (07:30)What trust means to the CISO’s peers around the organization. (16:15)How CISOs should build and maintain trust with their direct reports. (23:00)How CISOs can support the development of trust from the organization’s customers. (29:24)
Despite CISOs making meaningful increases in time, money and technology to third-party cyber risk management (TPCRM), enterprises continue to be plagued by disruptive third-party-originating cyber incidents. Chris Mixter and Rahul Balakrishnan use Gartner’s latest global benchmarking to debunk the conventional wisdom around TPCRM, which drives cybersecurity leaders to increase effort without improving outcomes. Chris and Rahul also provide three practices that CISOs can implement immediately to improve TPCRM effectiveness.This episode explores:Why cybersecurity should stop customizing due diligence questionnaires (06:20) How to increase the likelihood that accepted third-party cyber risks become managed risks (13:30)Making contingency planning a core element of third-party cyber risk management (21:45)
In this episode of the CISO Edge podcast series, Gartner experts Mary Ruddy and Chris Mixter explore what cybersecurity leaders across the spectrum of identity and access management maturity need to do to accelerate their progress to an identity-first cybersecurity program. Decentralization of computing resources, channels, entities and devices makes traditional perimeter-based security strategies and tools insufficient. Security and risk management leaders must put identity at the core of cybersecurity strategy and invest in continuous, context-aware controls. However, getting to a level of IAM program maturity where you are able to deliver continuous, context-aware identity and access controls at scale feels like a massive leap to many CISOs, whose IAM programs struggle to deliver their basic capabilities at a consistent level of quality. This conversation will provide guidance to CISOs to enable their IAM teams to rapidly advance down the path to identity-first security.
Savvy cybersecurity leaders must look to new approaches to training employees to combat social engineering. While phishing tests are seen by cybersecurity leaders around the world as essential in the fight against email-based attacks, abundant evidence exists that the outcomes do not justify the investment. Phishing testing’s lessons are not extensible to other behaviors, the exercise foments a culture of distrust between cybersecurity and the workforce (name one other function that deliberately tries to to trick employees in the name of training), and, combined with the reality that it only takes one employee clicking to generate the worst-case outcome, phishing testing is more an exercise in security theater than a contributor to a secure culture.Andrew Walls is a vice president and distinguished analyst in Gartner’s cybersecurity practice. Prior to joining Gartner in 2007, Andrew held cybersecurity leadership posts in industries from chemical/pharmaceutical R&D to banking.
02:00 Why you shouldn’t try to “patch” burnout05:50 Bring some actual choice into the phrase “Cybersecurity is a lifestyle choice”11:40 Recalibrate your collaboration habits14:42 Rebalance your digital dietGartner predicts that by 2025, burnout will have caused 50% of current CISOs to change jobs — of which, 25% for roles outside cybersecurity entirely — and it’s not hard to understand why! CISOs today find themselves in demand across the spectrum of operational and executive-level decisions — a massive shift for an executive role that only a few years ago had to fight for “a seat at the table.” CISOs need a new toolkit in order to manage their stress and thrive amid the varied, often conflicting, and always high-stakes demand for their time and expertise, because the grass is not greener elsewhere!In this podcast, Gartner experts will share practitioner-tested tactics for CISOs to avoid — not patch — the risk of burnout by reimagining their scarcest resource: their time.
In this podcast, Thielemann and Mixter discuss:Unclear ownership/commitment to securing CPS (06:10)The inability to defend what people don’t know they have (09:10)The cultural and language divide between IT cybersecurity and CPS teams (12:22)Insufficient OEM commitment to security by design (24:55)Across industries, the expanding use of cyber-physical systems (CPS) brings massive potential for value creation internally and for customers and citizens. Currently, most enterprises take a siloed approach to managing risks — IT cybersecurity is managed here, while the security of cyber-physical systems is managed over there. Unfortunately, this virtually ensures that the risks will outweigh the potential benefits. Cybersecurity leaders — whether they own CPS security or not, or are inside or outside industries traditionally considered “critical infrastructure,” have an essential role to play in ensuring the enterprise addresses risks.