You're Not Going Anywhere Until You Clean Up That Cyber Mess
The images and links for this episode can be found at CISO Series (https://cisoseries.com/youre-not-going-anywhere-until-you-clean-up-that-cyber-mess/)
Our CISOs and Miss Manners have some rules you should follow when leaving your security program to someone else. It's all coming up on CISO/Security Vendor Relationship Podcast.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is newly free agent CISO, Gary Hayslip (@ghayslip).
Thanks to this week's podcast sponsor Trend Micro
On this week's episode
Why is everyone talking about this now?
Mike, you asked a question to the LinkedIn community about what department owns data privacy. You asserted it was a function of the security team, minus the legal aspects. The community exploded with opinions. What responses most opened your eyes to the data privacy management and responsibility issue you didn't really consider?
Hey, you're a CISO, what's your take on this?'
Someone who is writing a scene for a novel, asks this question on Quora, "How does a hacker know he or she has been caught?" Lots of good suggestions. What's your favorite scenario? And, do you want to let a hacker know he or she has been caught, or do you want to hide it? What circumstances would be appropriate for either?
Mike decides What's Worse?! and also what's good for business.
First 90 days of a CISO
Paul Hugenberg of InfoGPS Networks asks, "What fundamentals should the CISO leave for the next, as transitions are fast and frequent and many CISOs approach their role differently. Conversely, what fundamentals should the new CISO (or offered CISO) request evidence of existence before saying YES?" Mike, this is a perfect question for you. You exited and you will eventually re-enter I assume as a CISO. What did you leave and what do you expect?
Ask a CISO
Fernando Montenegro of 451 Research asks, "How do you better align security outcomes with incentives?" Should you incentivize security? Have you done it before? What works, what doesn't?
Imagine how hard it would be to live in a house that is constantly under attack from burglars, vandals, fire ants, drones, wall-piercing radar and virulent bacteria. Most of us are used to putting a lock on the door, cleaning the various surfaces and keeping a can of Raid on hand for anything that moves in the corner. But could you imagine keeping a staff of specialists around 24/7 to do nothing but attack your house in order to find and exploit every weakness?