CISO Series Podcast

We Pick the Best Security Awareness Programs for Your Staff to Ignore


Listen Later

All links and images for this episode can be found on CISO Series (https://cisoseries.com/we-pick-the-best-security-awareness-programs-for-your-staff-to-ignore/)

It doesn’t matter which security awareness training program you purchase. Your staff is going to do whatever they can to either tune out or get out of this annual compulsory exercise.

This week’s episode of CISO/Security Vendor Relationship Podcast was recording in front of a live audience at athenahealth in Watertown, Massachusetts. The recording features me, David Spark (@dspark), producer of CISO Series, my guest co-host, Taylor Lehmann (@BostonCyberGuy), CISO, athenahealth, and guest Marnie Wilking, global head of security & technology risk management, Wayfair.

David Spark, producer of CISO Series, Taylor Lehmann, CISO, athenahealth, Marnie Wilking, global head of security & technology risk management, Wayfair

Check out all the photos from our recording.

Thanks to this week's podcast sponsors, Check Point and Skybox Security.

It's no secret that today's cyber attacks are targeted and sophisticated. Leaving even one point of entry vulnerable to a cyber attack endangers your entire organization. Check Point created the Secure Your Everything Resource Center to help you develop a comprehensive approach to prevent cyber attacks.

At Skybox, we remove complexities from cybersecurity management. By integrating data, delivering new insights and unifying processes, we help you control security without restricting business agility. Our comprehensive solution unites security perspectives into the big picture, minimizes risk and empowers security programs to move to the next level.

On this week's episode

Pay attention, it’s security awareness training time

Jinan Budge of Forester finished a report on security awareness training programs. She found a trend that supported both the need for compliance and the need to actually train employees to be more security aware. We discuss what actually works to get people to be more aware of cybersecurity.

What do you think of this vendor marketing tactic?

At RSA, I talked to a vendor who told me about their new solution. It was so unique that Gartner was creating a new category for their product with yet another acronym. UGGH, another category for which you have to educate the market? And now you have to convince buyers to create a new line item for this category? And now what is that going to do to your marketing budget? It didn't take much convincing for me to point out that their product was just third-party risk management.

Admittedly, cybersecurity professionals love the new and shiny, but where do we draw the line about learning something new in cybersecurity and adding confusion to the marketplace?

It's time to play, "What's Worse?!"

Two rounds, lots of debate.

Where does a CISO begin?

When we hear about digital transformation, it is being done for purposes of speed, accuracy, and business competitiveness. Scott McCool, former CIO at Polycom was on our show Defense in Depth, disputed the common notion that security serves the business. Instead, he believes that security IS the business. And if you deem that to be true, then security can no longer can take a consultative role. It must take the role of brand and value building.

This is more than just a discussion of "shifting left." What are actions that security must take to make it clear that they are part of making the business fast, innovative, and competitive?

Um... maybe you shouldn't have done that

We tell talks of the worst proof of concept (POC) efforts.

Audience question speed round

We close out the show with a series of quick answers to audience questions.

...more
View all episodesView all episodes
Download on the App Store

CISO Series PodcastBy David Spark, Mike Johnson, and Andy Ellis

  • 4.8
  • 4.8
  • 4.8
  • 4.8
  • 4.8

4.8

183 ratings


More shows like CISO Series Podcast

View all
Security Now (Audio) by TWiT

Security Now (Audio)

1,972 Listeners

Risky Business by Patrick Gray

Risky Business

361 Listeners

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

628 Listeners

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

366 Listeners

Hacked by Hacked

Hacked

182 Listeners

CyberWire Daily by N2K Networks

CyberWire Daily

1,007 Listeners

Smashing Security by Graham Cluley & Carole Theriault

Smashing Security

311 Listeners

Click Here by Recorded Future News

Click Here

400 Listeners

Darknet Diaries by Jack Rhysider

Darknet Diaries

7,864 Listeners

Cybersecurity Today by Jim Love

Cybersecurity Today

171 Listeners

Hacking Humans by N2K Networks

Hacking Humans

315 Listeners

Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth

74 Listeners

Cyber Security Headlines by CISO Series

Cyber Security Headlines

129 Listeners

Risky Bulletin by risky.biz

Risky Bulletin

33 Listeners

Hacker And The Fed by Chris Tarbell & Hector Monsegur

Hacker And The Fed

158 Listeners