Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at [email protected]. This week's question is:How can someone with decades of tech industry experience as a software developer, engineering manager, advisor, etc., transition into cyber security? How can that wealth of experience be applied to a cyber security company to be the most effective and utilised.Don't forget to like and subscribe to our channel.#infose #cybersecuritycompany #cybersecurity #cybersecurities

One-time only special episode featuring our CEO, Eliza-May Austin and Head of Strategic Solutions, Rosie Anderson.If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at [email protected]. This week's question is:I'm the head of it for a tech company in the UK and I've been tasked with getting everyone back in the office four to five days a week this is not going to go down well with the team how on Earth do I manage this situation um by the way that they did write somewhere about I don't know where that's gone in the question um but they did write somewhere about their discretionary bonus it being implied that that is hindering on it as well so they really do have to get everyone back in the office from an IT perspective.Don't forget to like and subscribe to our channel!

Monthly cyber security podcast, with our experts Stephen Ridgway and Rich Benfield. If you are in a sticky situation, or need any advice to do with cyber security answered anonymously and on the podcast, email us at [email protected]. This week's question is:I'm Head of our IT department, and I'm constantly getting pushback from the development team about our security protocols being too restrictive. How can we find a middle ground that keeps our systems secure without stifling Innovation and making our developers' jobs harder?Don't forget to like and subscribe to our channel!

Welcome to this Cyber Security Agony Uncles Podcast episode. Have any industry problems and need advice from experienced cyber security professionals aka our agony uncles? Email us [email protected] if you have any questions that you would like to be answered anonymously.This episode's question:I'm a consultant working in various vCISO roles for multiple companies. Recently, I've noticed a troubling trend: vendors are blatantly lying to SMEs that lack cyber representatives, and they're getting away with it. One of my customers recently reduced my hours to just a couple per month because a provider of a prominent tool assured them they had eradicated all cyber risk. When I tried to explain that this was nonsense, they dismissed it as me trying to hold onto my hours. It feels like cyber security is the wild west—companies can’t use fake eyelashes in mascara ads, but in cyber security, anything seems to go. I'm embarrassed and frustrated. What is happening, and how can I address this without looking jealous or like I'm trying to upsell things myself?Don't forget to like and subscribe to our channel.#infosec #cybersecurity #cybersecurities

Stephen and Rich answer our viewers' questions. This month...

"I work in incidence response, I'm absolutely burnt out, have lost all interest in keeping abreast of the latest security knowledge and I just don't care about cyber anymore. I'm incredibly tempted to just quit and go and do training and awareness or GRC. Something none technical that requires less research and investment. The thing that's stopping me is that I'm a woman and it's such a cliche that women in cyber aren't technical and I don't want to add to those appalling stats but I'm just so tired of this shit. It's so hard and i can't be bothered. From burnt out Becky."

Question: What should I do about it?

Stephen and Rich answer our viewers' questions. This month...

Question: Does a CSO need to be technical to be successful?

Stephen and Rich answer our viewers' questions. This month...

"I'm a SESO across the pond in the States. I have a relatively high profile, a ton of followers on LinkedIn. I'm invited to speak at conferences and I've got a great job. However, I cannot shake this feeling that I don't know what I'm doing. I know people talk about imposter syndrome a lot in Cyber Security and I don't think it's that. I genuinely think, no, I know that I'm not very good at my job. My knowledge is superficially deep but my employer keeps me around because of my reasonably high profile. I'm far too into my career to start back at basics with certifications. Also, my employer isn't going to fund certs that somebody new to the industry would be doing, not to mention that would give the game away. I'm just not good at this and nobody has seemed to notice yet!"

Question: What do I do? Where do I start?

Stephen and Rich answer our viewers' questions. This month...

"I have recently started working in Cyber Security and while I love the challenge and the constant learning, I can't help but feel the constant pressure to keep up with rapidly advancing technology. It seems like every day there's a new vulnerability or a tac vector to worry about."

Question: How do I maintain a healthy work-life balance to prevent burnout in an industry where the stakes are so high and the pace is relentless?

Stephen and Rich answer our viewers' questions. This month...

"I am the Head of Information Security at a company that supplies to the public sector. It is large enough that people should know who we are but dull enough that nobody does. We aren't public sector though. I listen to this podcast and you guys seem pretty switched on. So I hope that you'd think of something that I hadn't yet. I've got a wretched relationship with our CFO. It's safe to say he hates me and this feeling is very much mutual. He is able to squash every aspect of my security strategy. None of which is necessary by the way. In fact a lot of it is basic funding for cyber hygiene. It's baffling how we get the contracts we get. When we literally don't even enforce 2FA. I completely understand that CFO seek to strike a balance between investing enough in Cyber Security to mitigate risks and ensuring cost effectiveness. They often want to understand the justification for Cyber Security budgets and how the organisation can measure the ROI on Cyber Security investments. I get it. I empathise. But he's just being difficult, it's 100% personal but there's no point in me saying this because I have no evidence of it. My entire strategy was denied the same day I had submitted it. Normally it takes 2 or so weeks. I escalated it, was told the ROI wasn't clear, so I resubmitted it and again it was denied. There's a guy in HR who has got funding for in office standing desks and we all work from home! Can you see my frustration! I am actually desperate."

Question: Would either of you confront this person? Or is there avenue around this that I could be exploiting but aren't.

Stephen and Rich answer our viewers' questions. This month...

"I'm the Head of Information Security. It's a title in name only because quite frankly I don't have any authority. I'm just the person people point at when things go wrong or when something scary or unrelated crops up int the news. I love my job though but I do find I have a repeat issue, in that I don't seem to get a sign off for any budget ever. I know other none security departments have managed to, so it's not like the company doesn't have the funds or the inclination to spend money. I spoke to your CEO Eliza at a conference about this and she gave me great advice about approaching a topic of budgets in the language of finance and business risk rather than security. I tried this and I still can't get sign off. I'm one of three people in the security team and the burden of responsibility is on my shoulders but I can't get any tooling, can't get more people and it feels kind of pointless. It's almost like I've been in this role to impress our investors because nothing I do seems to work. I'm not asking for the earth, I'm literally asking for vulnerability management of key assets and login and monitoring of key assets first."

Question: How can I relay the new fees basic measures in a way that gets me somewhere?