Sign up to save your podcasts
Or
Share 5th December 2023 - Cyber Security Agony Uncles | th4ts3cur1ty.company
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
5th December 2023 - Cyber Security Agony Uncles | th4ts3cur1ty.company
Stephen and Rich answer our viewers' questions. This month...
"I am the Head of Information Security at a company that supplies to the public sector. It is large enough that people should know who we are but dull enough that nobody does. We aren't public sector though. I listen to this podcast and you guys seem pretty switched on. So I hope that you'd think of something that I hadn't yet. I've got a wretched relationship with our CFO. It's safe to say he hates me and this feeling is very much mutual. He is able to squash every aspect of my security strategy. None of which is necessary by the way. In fact a lot of it is basic funding for cyber hygiene. It's baffling how we get the contracts we get. When we literally don't even enforce 2FA. I completely understand that CFO seek to strike a balance between investing enough in Cyber Security to mitigate risks and ensuring cost effectiveness. They often want to understand the justification for Cyber Security budgets and how the organisation can measure the ROI on Cyber Security investments. I get it. I empathise. But he's just being difficult, it's 100% personal but there's no point in me saying this because I have no evidence of it. My entire strategy was denied the same day I had submitted it. Normally it takes 2 or so weeks. I escalated it, was told the ROI wasn't clear, so I resubmitted it and again it was denied. There's a guy in HR who has got funding for in office standing desks and we all work from home! Can you see my frustration! I am actually desperate."
Question: Would either of you confront this person? Or is there avenue around this that I could be exploiting but aren't.
View all episodes
Stephen and Rich answer our viewers' questions. This month...
"I am the Head of Information Security at a company that supplies to the public sector. It is large enough that people should know who we are but dull enough that nobody does. We aren't public sector though. I listen to this podcast and you guys seem pretty switched on. So I hope that you'd think of something that I hadn't yet. I've got a wretched relationship with our CFO. It's safe to say he hates me and this feeling is very much mutual. He is able to squash every aspect of my security strategy. None of which is necessary by the way. In fact a lot of it is basic funding for cyber hygiene. It's baffling how we get the contracts we get. When we literally don't even enforce 2FA. I completely understand that CFO seek to strike a balance between investing enough in Cyber Security to mitigate risks and ensuring cost effectiveness. They often want to understand the justification for Cyber Security budgets and how the organisation can measure the ROI on Cyber Security investments. I get it. I empathise. But he's just being difficult, it's 100% personal but there's no point in me saying this because I have no evidence of it. My entire strategy was denied the same day I had submitted it. Normally it takes 2 or so weeks. I escalated it, was told the ROI wasn't clear, so I resubmitted it and again it was denied. There's a guy in HR who has got funding for in office standing desks and we all work from home! Can you see my frustration! I am actually desperate."
Question: Would either of you confront this person? Or is there avenue around this that I could be exploiting but aren't.