Sign up to save your podcasts
Or
Share Why 3rd Party Security Testing is the New Password Rotation
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Why 3rd Party Security Testing is the New Password Rotation
Identifying Burnout In The Workplace
Burnout is a common occurrence in any industry, but especially among those looking to carve out their place in the industry. No one works well when they aren’t at their best, identifying burnout early on can stop it in its tracks. If you’re noticing someone is acting out of character or being short, they may be experiencing burnout. Another tell can be the hours you’re seeing someone put in, no one should be up at midnight still working.
Advice To A Younger You
Networking can get you to great places, starting early in your career can really put you where you want to be a few years down the road. Don’t be shy, get out there and meet people within the industry. Network both inside and outside of the company you’re a part of.
Transitioning Into Leadership
Not everyone is cutout for management. When taking a leadership role you need to be able to prioritize your team and realize you’re directly responsible for those who work with you. To be a good leader you have to take all the knowledge you’ve learned up to this point and be able to teach it to others in a way that makes sense to each individual. Empathy plays a huge role in leadership, you must be able to put yourself in the position of others and understand their point of view. Being open to feedback and being able to take it with an open mind is essential in leadership; it’s going to come both solicited and non-solicited.
Third Party Risks And Why We Don’t Love It
What is third party risk? It’s when a company brings in another company to handle a certain project or service. Within security this plays a huge risk because you’re essentially giving this other company access or information to the inner workings of your company. From a security standpoint this is a huge risk and variable, so doing thorough and meticulous research into the companies brought is key. This can ruffle some feathers with the third party, but at the end of the day you’re in charge of security so you need to fulfill your duties to the company you’re employed with. The real issue arises when you’ve done the research, and don’t feel that the third party is a good match for the company, yet leadership above you wants to move forward regardless. The CISO is now tasked with trying to figure out how they can make this work with the third party, whether that means changing language within the contract, adjusting the work the third party is doing, or reworking how you present your findings to leadership above you.
Warning Signs Of A Bad Third Party Review
How many exceptions are you making to be able to work with this vendor? Does it seem it like some rules are being bent? Policies and procedures aren’t being followed? These are all huge warning signs. Another warning sign is an across the board process for each new vendor, this isn’t the most effective way to lower risks, and this can lower sales and revenue. Some vendors will be more risky then others, so there should be separate policies for different companies based on their risks.
What Being A New CISO Means To Me
Building relationships while being honest and transparent is key to being a CISO. If we all viewed ourselves as a vendor and service provider we could all get the tasks at hand done. Also be on the lookout for my book being released in summer 2020:
Startup Secure Banking In Cybersecurity, From Founding To Exit
Resources:
Steve Moore: Linkedin
Chris Castaldo: Linkedin
Exabeam: Website
Dataminr: Website
View all episodes
By Steve Moore
4.9
3737 ratings
Identifying Burnout In The Workplace
Burnout is a common occurrence in any industry, but especially among those looking to carve out their place in the industry. No one works well when they aren’t at their best, identifying burnout early on can stop it in its tracks. If you’re noticing someone is acting out of character or being short, they may be experiencing burnout. Another tell can be the hours you’re seeing someone put in, no one should be up at midnight still working.
Advice To A Younger You
Networking can get you to great places, starting early in your career can really put you where you want to be a few years down the road. Don’t be shy, get out there and meet people within the industry. Network both inside and outside of the company you’re a part of.
Transitioning Into Leadership
Not everyone is cutout for management. When taking a leadership role you need to be able to prioritize your team and realize you’re directly responsible for those who work with you. To be a good leader you have to take all the knowledge you’ve learned up to this point and be able to teach it to others in a way that makes sense to each individual. Empathy plays a huge role in leadership, you must be able to put yourself in the position of others and understand their point of view. Being open to feedback and being able to take it with an open mind is essential in leadership; it’s going to come both solicited and non-solicited.
Third Party Risks And Why We Don’t Love It
What is third party risk? It’s when a company brings in another company to handle a certain project or service. Within security this plays a huge risk because you’re essentially giving this other company access or information to the inner workings of your company. From a security standpoint this is a huge risk and variable, so doing thorough and meticulous research into the companies brought is key. This can ruffle some feathers with the third party, but at the end of the day you’re in charge of security so you need to fulfill your duties to the company you’re employed with. The real issue arises when you’ve done the research, and don’t feel that the third party is a good match for the company, yet leadership above you wants to move forward regardless. The CISO is now tasked with trying to figure out how they can make this work with the third party, whether that means changing language within the contract, adjusting the work the third party is doing, or reworking how you present your findings to leadership above you.
Warning Signs Of A Bad Third Party Review
How many exceptions are you making to be able to work with this vendor? Does it seem it like some rules are being bent? Policies and procedures aren’t being followed? These are all huge warning signs. Another warning sign is an across the board process for each new vendor, this isn’t the most effective way to lower risks, and this can lower sales and revenue. Some vendors will be more risky then others, so there should be separate policies for different companies based on their risks.
What Being A New CISO Means To Me
Building relationships while being honest and transparent is key to being a CISO. If we all viewed ourselves as a vendor and service provider we could all get the tasks at hand done. Also be on the lookout for my book being released in summer 2020:
Startup Secure Banking In Cybersecurity, From Founding To Exit
Resources:
Steve Moore: Linkedin
Chris Castaldo: Linkedin
Exabeam: Website
Dataminr: Website
More shows like The New CISO
View all
Security Now (Audio)
1,965 Listeners
Risky Business
360 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
a16z Podcast
1,000 Listeners
CyberWire Daily
1,014 Listeners
Smashing Security
314 Listeners
Cybersecurity Today
165 Listeners
CISO Series Podcast
186 Listeners
Defense in Depth
78 Listeners
Life of a CISO with Dr. Eric Cole
32 Listeners
Cyber Security Headlines
118 Listeners
CISO Tradecraft®
48 Listeners
CISO Stories Podcast (Audio)
11 Listeners
Risky Bulletin
33 Listeners
Bulletproof Cyber
7 Listeners