The Future of Security Leadership

Jason Hicks, Global CISO at Kudelski Security, joins the podcast to talk about the future of security leadership. He covers the challenges of managing a security team, communication skills for technical leaders, coping with scope creep, and the rise of the branded CISO.

You can find the Kudelski report co-authored by Jason and referenced in the podcast here.

Timestamps:

01:40 — It is critical to the success of a security program for the CISO to speak business.

04:14 — “You have to be one to lead one” still holds true.

06:41 — The rise of the branded CISO.

11:24 — The CISO tenure remains short and there are several reasons why.

14:29 — Coping with scope creep.

17:11 — Top three issues for CISOs right now.

Training Cybersecurity

In this podcast, Scott Edwards, Senior Director of the Netskope Academy, talks about cybersecurity training. He discusses how training has evolved and the value it brings to companies who invest in their employees. He talks about the key skills cybersecurity trainers need: an ability to understand the technology deeply and an ability to educate. Finally he muses on whether virtual training has eclipsed the need for a brick and mortar classroom setting.

04:55 — If you train your employees you will have better outcomes with the security products you buy.

06:23 — Training benefits the company and the individual.

08:19 — Trainers require two assets: deep knowledge and an ability to make that knowledge learnable.

12:14 — Training hasn’t changed much but delivery has. Technology has enabled that.

15:45 — Is the future remote or classroom-based training?

Cloud is a Fresh Start

Lamont Orange, CISO of Netskope, returns to the podcast with friend and fellow CISO, George Gerchow of Sumo Logic. They discuss their approaches to crisis management during COVID and the message is clear: it’s people first, then business and security. They go on to talk about what diversity looks like in cybersecurity and the strength that it brings.

Finally, they cover the acceleration of digital transformation that companies are facing right now. Despite the challenges, cloud is the future and this is an opportunity for a fresh start. Lamont recommends, “Don’t take what you knew up to the cloud with you as your company is going; let’s look at fresh.”

01:54 — How to manage during a crisis? Gather a wide ranging and representative group to make quick decisions and reassure staff and customers alike.

04:48 — Diversity in cybersecurity.

10:27 — In the new normal, work from home presented new challenges for the SOC.

11:34 — Ensure your BCP plan covers succession planning. Start shadowing now.

15:36 — Digital transformation has gone from a five-year plan to a three-month plan.

You can find Lamont Orange’s previous podcast with us here.

Cyber Curious

Mike Hamilton, Founder and CISO of CI Security joins the podcast to talk about his career in cybersecurity. He discusses the founding and purpose of PISCES and how they offer network monitoring at no cost to the public sector.  He goes on to talk about the increased cyber threats that have come with the chaos of Covid-19 and the very real risk posed by nation states. He finishes the podcast by explaining that cybersecurity remains an industry that values the curious and the intelligent. He encourages those individuals, no matter their background, to explore a cyber career. He explains, “I am more concerned with your curiosity than your degrees.”

04:27 — The story of PISCES: linking public sector network monitoring with the education system to provide analyst students with live fire training. 

07:55 — Among the chaos of Covid-19, nation state cyber attacks are even more of a concern.

09:37 — Elections are run by counties and local government is known to have poor security. 

11:39 — Biggest election issue is manipulation and misinformation.

14:20 — Most hired roles in cybersecurity right now? Auditors and analysts.

For more on cyber hiring, listen to our recent podcast with Mike Manrod.

Radical Transparency

Uncomfortable with the privacy implications while watching his children interact with a smart speaker, Thomas Stachura decided to find some middle ground. He invented a solution and his company Paranoid Inc. is bringing it to consumers. In this episode he talks about people’s polarized attitudes towards privacy and the way COVID has amplified the divide.

He is honest about the commercialization of his products — after all, the purpose of a business is to make money — and says the only way to build consumer trust is through radical transparency.

Worryingly, Thomas sees the power of decision making around privacy in the hands of big tech and not the government, with corporations setting tougher rules for government than they ask of themselves. For Thomas, the solution is simple, the power “needs to go with the individual, and the way to do that is to give the right tools to empower them.”

05:19 — COVID is polarizing attitudes to privacy.

09:07 — How do you build customer trust? Radical transparency.

12:27 — A passionate inventor and a reluctant CEO.

15:36 — Corporations, not government, are setting the privacy rules.

For more on privacy, listen to our recent podcast with Jodi Daniels, Data Privacy Advisor at Red Clover Advisors.

Cloud: Adopt and Adapt

In this episode, Merritt Baer, Principal Security Architect at Amazon Web Services, talks about all things cloud. She discusses her own path to security and the steps she is taking to encourage new voices and faces into the industry. She explains, “The idea that security can be part of this emergence and this innovative side of technology, I believe that strongly.”

She describes cloud as an experiment that has worked. It offers a new approach to security and with its ability to adapt and survive upheaval is well suited to the challenges posed by the current pandemic. As for the future, Merritt sees cloud as a maturing of the industry and is definitely here to stay.

01:30 — Journey to cybersecurity

05:38 — Cloud is a game changer; it allows you to think differently about security.

08:52 — Mindshift is required.

10:48 — Unfortunately, security exemplifies the negative aspects of the tech world.

15:38 — Cloud is an experiment that has worked.

If you are curious about a career in cybersecurity, Merritt would be happy to have a short conversation with you. You can reach her via email at [email protected] or on Twitter @MerrittBaer.

Practical Privacy

Jodi Daniels, Practical Data Privacy Advisor, talks about the tools companies can use to keep their data and their employees safe during remote working, including multifactor authentication, strong passwords and virtual private networks. If they don’t already have one in place, Jodi recommends that every company develop a remote working policy and revisit security policies. She points out, “this is likely not the first and last time we’re going to be doing this.”

For end users wondering which companies are digitally trustworthy, Jodi recommends starting with their privacy policy: when is it dated, do they update it, is it custom or generic? Businesses that place data privacy at the center of their business and corporate culture will be stronger for it. Jodi explains, “it’s just one more part to the puzzle to ensure that we’re meeting expectations, that we’re earning customer trust and that we’re protecting customer data.”

03:56 — With a remote workforce companies are facing access management challenges.

06:56 — Managing employee privacy.

11:02 — Setting employee productivity expectations.

12:07 — In business, privacy needs to be added to the core considerations.

15:08 — How can end users can decide which companies to trust?

For more on privacy issues, listen to our recent podcasts with Cat Coode and Kavya Pearlman.

“It is all about who you know in security, and it’s a very small industry … It’s really important to have a very good reputation and reach out and connect to people because that’s where the jobs are.“

Olivia Rose, CISO at Large, rejoins the podcast for a conversation about how to get your cyber start. She discusses her recent article on LinkedIn giving the pointers she wished she had known when she’d known when she’d started. She explains that your career is a long game, making connections now and showing your passion for the industry will help people remember you when the next job opens up.

01:14 — Qualification and experience requirements for cyber entry-level jobs are unreasonable.

03:10 — It’s all about your connections.

05:34 — Show your drive and passion in conversation with security leaders; that’s what will make you stand out when the next job comes up.

08:02 — In cybersecurity, experience wins over education every time.

11:16 — Volunteer locally.

14:10 — The pandemic, cloud and remote working means the boundaries have exploded.

If you’d like to hear more about cybersecurity hiring, listen to our recent podcast with Mike Manrod, CISO of Grand Canyon Education.

“In the effort to connect, we are also exposing ourselves to risk”

Cat Coode, Data Privacy Expert at Binary Tattoo joins the podcast for a second time. She talks about the digital dangers we face at home as we work remotely and try to stay connected to each other. She cautions that we should be wary of the information we share. The tools we use for telemedicine consultations may be HIPPA compliant, but what about our home routers? 

Cat points out that there are no regulations that cover working from home. Companies need to step up and ensure that the policies they apply in the workplace also apply to employees at home. And those conference call screenshots we’re sharing on social media? Stop now. They expose to every participant to evils like phishing emails and social engineering. She would like to see us all learn how to use our digital tools correctly. She explains, “All tools are like knives; they’re inherently dangerous, unless you use them safely.”

00:50 — The telemedicine tools you are using may be HIPPA compliant, but what about your home environment?

04:31 — There are no regulations to cover privacy and working from home. Companies need strong policies.

06:35 — Sharing conferencing images on social media exposes those involved to risk.

08:27 — People’s main privacy questions right now center on contact tracing.

13:31 — Digital tools are like knives – if you don’t use them safely they are dangerous.

You can listen to Cat’s first podcast with us here.

Wide Angle Perspective

In this episode, Lamont Orange, CISO of Netskope, joins the podcast to talk about the evolution of the CISO role and skill set now that security has become a business issue. He explains, “It requires cross-functional execution and audit to ensure that your organization is protected. So those soft skills are more important now than they’ve ever been.”

He discusses managing security for the company while remote working and describes feeling pretty good about what Netskope has created and achieved as he uses their products. He goes on to talk about the other challenges posed by COVID-19 to businesses and recommends that leaders should adapt without losing sight of the fundamentals. He says, “Don’t be afraid to throw out the old models. We need to work on models that allow us to innovate our profession and also allow us to innovate at the speed of the business.”

03:31 — Security is a business function now.

08:29 — What does it feel like to be customer zero of your organization?

11:10 — A warp speed jump to the cloud with remote working

12:45 — Pre-COVID, during COVID, post-COVID – we’re always managing risk.

14:38 — Some companies may switch to remote working permanently.

16:41 — Don’t be afraid to throw out the old models.

If you enjoyed this podcast and would like to hear from Netskope, you can find our podcast with CEO Sanjay Beri here.