Is There a Konami Code For Cyber Talent?

We often talk about a talent shortage in cybersecurity. Maybe we aren't looking in the right places. There are lots of other fields rife with talent that could successfully transition into our industry. So what can we do to create and encourage that pipeline?

This week’s episode is hosted by me, David Spark , producer of CISO Series and Mike Johnson , CISO, Rivian . Joining us is Kelly H. , vp of information security, technology and enterprise applications, CarGurus .

Security leaders should drive compliance

Security professionals might not like compliance requirements, but that doesn’t change that they are needed for your organization. Since you’ve got to meet these standards anyway, there should be a way to adopt risk-based compliance, argued Bill Frank of Monaco Risk Analytics Inc in a recent piece on LinkedIn. As Mike Johnson pointed out, compliance sets out end states for your organization, but not how to get there. Security leaders should embrace this opportunity to manage any tradeoffs needed to meet them. Walling off compliance will only take you out of the conversation and not allow you advocacy for any risks these might bring up. 

Where should CISOs be talking budget

CISOs need to effectively communicate with the board. Changes in the threat landscape and regulation demand it. But does that apply to talking budgets? Certainly CISOs need to keep the board informed of risks, but should budget questions come to the board's attention? There are effective strategies for connecting security metrics to broader business goals, as outlines by Deb Radcliff in a recent CSO Online piece. But the place for these discussions should be with the C-Suite, centered around how funds will be used to manage risk. Directly connecting these two will make any budget conversation a lot easier. 

Wading into a broader cybersecurity talent pool

Solving the cybersecurity talent deficit centers around training. Usually organizations see this as bringing people in from other aspects of the business like IT and upskilling them. But what about spreading a broader net? There are a lot of professions well outside of corporate confines that feature curiosity and problem solving that make for good cybersecurity practitioners, argued Jim Broome of DirectDefense in a piece on Dark Reading . Organizations are starting to recognize this. After decades of trying to formalize cybersecurity into a degree, many practitioners enter the field with no formal background, just an aptitude and interest. But organizations still need to work on making entry level positions available to these newcomers and create a more sustainable pipeline. 

What to do when a vendor pulls rank

As a CISO, you expect to hear a lot from vendors. We talk about managing that inundation of solicitations all the time. But what about when a vendor decided to “pull rank” and contact your CEO directly? That question came up on the cybersecurity subreddit, with some suggesting blocking vendors outright that try the tactic. Others suggested proactively educating the CEO. Remember that the CEO gets pitches from vendors outside of cybersecurity as well, this isn’t new to them. As a CISO, take charge of the communication and make sure the CEO is in the loop on any productive vendor conversations. And keep a list of vendors to try to pull rank to make sure it isn’t a pattern. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to David Ratner of HYAS for providing this week’s “What’s Worse?!” scenario.

Huge thanks to our sponsor, Panoptica: Cisco Cloud Application Security

Best advice I ever got in security…

"Early on in my career, I received advice from somebody that was actually not in the security space, and they said try not to boil the ocean. Back in my early days, I was very excited to try to implement a lot of different things at once because I felt like, “Oh, there’s a risk here. There’s a risk here. There’s a risk here. We have to be able to mitigate all of these risks.” But in reality, security is a very broad landscape, and you can’t boil the ocean. You can’t bite off everything at once, so prioritizing those critical gaps is very, very important." - Kelly Haydu, vp, infosec, technology, and enterprise applications, CarGurus

OPEN AUDITION! Looking for Next Hosts on CISO Series

Your favorite hosts of CISO Series shows are not going anywhere.

BUT, we’re developing a new show and we’re looking for your NEXT favorite CISO Series hosts.

And we’re looking for a pair of them, possibly two pairs!

Submit a recording to be CISO Series hosts

• We’re looking for a two-person recording. You and a friend get on the microphone and explain something, anything in cyber.
• The recording should be 5-10 minutes in length. Audio only.
• Send your submissions via our contact form or via info@cisoseries.com. Label it “PODCAST AUDITION.”
• DEADLINE: THURSDAY March 7th, 2024

Go to the blog post on details on how to deliver the IDEAL submission.

Tracking Anomalous Behaviors of Legitimate Identities

“How much do I travel for work? A ton. Should my company be alerted every time that I log in from not my house? No. And that’s the real challenge. Context is changing.“ - Adam Koblentz , field CTO, Reveal Security

Listen to full episode of "Tracking Anomalous Behaviors of Legitimate Identities."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Thom Langford , CISO, Velonetic.

Thanks to our Cyber Security Headlines sponsor, Conveyor

Join us Friday, 02-23-24, for Super Cyber GAME SHOW Friday

We're going to have a return of Super Cyber GAME SHOW Friday this Friday, February 23rd, 2024. Come join CISO Series and watch the competitors go at it.

From The Weather Company , we’ll have brand new CISO Jonathan Waldrop and his coworker Jason L. They’ll be battling against Howard Holton , CTO of GigaOm and his teammate Alex Wood , CISO of Uplight .

Who will emerge victorious?

Participate in the games and stick around for our meetup at the end.

It all starts at 1 PM ET/10 AM PT. And at the end of the hour, we'll have our meetup. BE THERE!

REGISTER

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.