Sign up to save your podcasts
Or
Share Episode 146: What Security Looks Like for a Security Company
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Episode 146: What Security Looks Like for a Security Company
In episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:
- 00:58. Introductions with Angelo and Stephanie
- 02:07. A pro and a con of IT consulting work
- 04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS
- 06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls
- 07:08. How IT and IT security are essential to corporate strategy
- 07:45. The use of governance to support merging three business units into an integrated security company
- 12:04. The value of security champions in adapting to regulatory and business changes
- 15:15. What IT and Security teams can accomplish when they work as partners
- 17:18. The use of data to inform Board decisions and conversations around risk
- 20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams
- 25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 2020
- 29:30. Advice for folks starting out in security
- 31.28. The importance of collaboration and culture in implementing security as an organization
Resources
- Episode 144: Carrying on the MS-ISAC's Character and Culture
- The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber Maturity
- Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1
- CIS Controls v8.1 Mapping to ISO/IEC 27001:2022
- CIS Controls v8.1 Mapping to SOC2
- CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3
- Reasonable Cybersecurity
- Episode 110: How Security Culture and Corporate Culture Mesh
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].
View all episodes
By Center for Internet SecurityIn episode 146 of Cybersecurity Where You Are, Tony Sager is joined by Angelo Marcotullio, Chief Information Officer at the Center for Internet Security®(CIS®); and Stephanie Gass, Sr. Director of Information Security at CIS. Together, they look back on periods of transition at CIS to discuss what security looks like for a security company. Here are some highlights from our episode:
- 00:58. Introductions with Angelo and Stephanie
- 02:07. A pro and a con of IT consulting work
- 04:12. The importance of soft skills in bringing the Multi-State Information Sharing and Analysis Center® into CIS
- 06:12. Looking at security from a corporate perspective with the CIS Critical Security Controls
- 07:08. How IT and IT security are essential to corporate strategy
- 07:45. The use of governance to support merging three business units into an integrated security company
- 12:04. The value of security champions in adapting to regulatory and business changes
- 15:15. What IT and Security teams can accomplish when they work as partners
- 17:18. The use of data to inform Board decisions and conversations around risk
- 20:38. How getting a seat at the table helps with understanding a Board's risk appetite and communicating that out to teams
- 25:01. How infrastructure built for growth, not the smallest business case, produced a smooth transition to work from home in March 2020
- 29:30. Advice for folks starting out in security
- 31.28. The importance of collaboration and culture in implementing security as an organization
Resources
- Episode 144: Carrying on the MS-ISAC's Character and Culture
- The CIS Security Operations Center (SOC): The Key to Growing Your SLTT's Cyber Maturity
- Guide to Implementation Groups (IG): CIS Critical Security Controls v8.1
- CIS Controls v8.1 Mapping to ISO/IEC 27001:2022
- CIS Controls v8.1 Mapping to SOC2
- CIS Controls v8.1 Mapping to NIST SP 800-171 Rev 3
- Reasonable Cybersecurity
- Episode 110: How Security Culture and Corporate Culture Mesh
If you have some feedback or an idea for an upcoming episode of Cybersecurity Where You Are, let us know by emailing [email protected].