Sign up to save your podcasts
Or
Share Four Key Questions Every CISO Should Ask Their Board
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Four Key Questions Every CISO Should Ask Their Board
Dr. Eric Cole of Secure Anchor joins us in this episode to talk about the misconceptions of what a CISO should really be. This episode focuses on the corporate side of cyber security and the line between a CISO and a security engineer.BACKGROUND Dr. Cole has over 30 years of cyber security experience. Before that, he was a hacker for eight years for the CIA. After spending almost an entire decade hacking into systems, he decided to switch from offense to defense, which he describes as being more challenging.
MISCONCEPTIONS ON THE CISOBeing a CISO is not a technical role. The CISO is a strategic position that focuses on the strategy of execution. They focus on the growth of the business while understanding finance, revenue and how they can incorporate cyber security into that equation. Anyone in a technical mindset should not be a CISO – CISOs need to communicate and task their teams instead of running head-first into the data center. Anyone that enjoys doing the latter should consider switching to a security engineer.
FINDING THE RIGHT FITUnsure if you selected the right CISO? They need to be comfortable in conservations revolving business decisions. The answers to “What business are we in? How does our organization make money?” should be as seamless as answering their name or where they’re from.
ADVICE FOR A NEW CISODr. Cole reveals the secret to briefing a board: keep it short and simple. The only thing board executives care about is the potential for risk and what it will cost to fix that risk if it occurs. Going into this with a data, tech-focused perspective will not allow for a thorough understanding of the situation between the CISO and other executives. In another light, putting out little fires as a CISO is not going to scale well. A CISO entering the company should look at the processes in place within the organization and see how they can get security injected into it. Instead of managing the symptoms, get to the root of the diagnosis.
THE NEW CISOWhen asked that the new CISO means to Dr. Cole, he emphasizes a business executive that is entrusted with helping the organization grow and be successful through cyber security. This CISO would use their focus on cybersecurity as a business enabler instead of viewing themselves as a technical resource.
LINKSExabeamDr. Eric Cole - TwitterDr. Eric Cole - YouTubeDr. Eric Cole – Books on Amazon
View all episodes
By Steve Moore
4.9
3737 ratings
Dr. Eric Cole of Secure Anchor joins us in this episode to talk about the misconceptions of what a CISO should really be. This episode focuses on the corporate side of cyber security and the line between a CISO and a security engineer.BACKGROUND Dr. Cole has over 30 years of cyber security experience. Before that, he was a hacker for eight years for the CIA. After spending almost an entire decade hacking into systems, he decided to switch from offense to defense, which he describes as being more challenging.
MISCONCEPTIONS ON THE CISOBeing a CISO is not a technical role. The CISO is a strategic position that focuses on the strategy of execution. They focus on the growth of the business while understanding finance, revenue and how they can incorporate cyber security into that equation. Anyone in a technical mindset should not be a CISO – CISOs need to communicate and task their teams instead of running head-first into the data center. Anyone that enjoys doing the latter should consider switching to a security engineer.
FINDING THE RIGHT FITUnsure if you selected the right CISO? They need to be comfortable in conservations revolving business decisions. The answers to “What business are we in? How does our organization make money?” should be as seamless as answering their name or where they’re from.
ADVICE FOR A NEW CISODr. Cole reveals the secret to briefing a board: keep it short and simple. The only thing board executives care about is the potential for risk and what it will cost to fix that risk if it occurs. Going into this with a data, tech-focused perspective will not allow for a thorough understanding of the situation between the CISO and other executives. In another light, putting out little fires as a CISO is not going to scale well. A CISO entering the company should look at the processes in place within the organization and see how they can get security injected into it. Instead of managing the symptoms, get to the root of the diagnosis.
THE NEW CISOWhen asked that the new CISO means to Dr. Cole, he emphasizes a business executive that is entrusted with helping the organization grow and be successful through cyber security. This CISO would use their focus on cybersecurity as a business enabler instead of viewing themselves as a technical resource.
LINKSExabeamDr. Eric Cole - TwitterDr. Eric Cole - YouTubeDr. Eric Cole – Books on Amazon
More shows like The New CISO
View all
Security Now (Audio)
1,965 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
a16z Podcast
999 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Cybersecurity Today
165 Listeners
CISO Series Podcast
186 Listeners
Defense in Depth
78 Listeners
Life of a CISO with Dr. Eric Cole
32 Listeners
Cyber Security Headlines
119 Listeners
CISO Tradecraft®
48 Listeners
CISO Stories Podcast (Audio)
11 Listeners
Risky Bulletin
33 Listeners
Bulletproof Cyber
7 Listeners