Integrating with the Business with Ayman Elsawah

Jan 24, 2024

In this podcast, Ayman Elsawah and Allan discuss the role of CISOs in business integration. They explore how CISOs can go beyond enabling the business to actually being a part of it. Topics include sales cycle involvement, product security integration, and combating cybersecurity complacency.

Ask episode

Chapters

Transcript

Episode notes

Introduction

00:00 • 2min

Evolving Role of CISO in Business and Product Security

01:36 • 14min

Navigating Cybersecurity Consulting and User Experience Insights

15:45 • 3min

Unified Single Sign-On for Enhanced Security and User Experience

18:29 • 11min

Navigating Perspectives on Security and Engineering Perspectives on Availability

29:58 • 2min

Mission to Combat Complacency in Cybersecurity

31:46 • 3min

Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest is Ayman Elsawah, who, like Allan these days, is a fractional CISO and founder of his own security company. He has done the fractional CISO thing many times. He has also been a professor, a security consultant, and a cloud-specific security consultant. His tenure includes eBay, NCC Group, Justworks and Masterclass. Ayman and Allan are talking about how cybersecurity teams can integrate themselves with the rest of the business.

So we talk about the role of the CISO in business enablement all the time. Allan argues, based on the wise words of Scott McCool, a friend and mentor, that we are not here to enable the business. Rather we are here to BE the business. The distinction is that enablement still puts the CISO off to the side of the goings on. Being the business means that the CISO is part of the process, in there with sleeves rolled up alongside CRO, CMO, CFO, CEO, COO, etc. So let’s ask the question twice:
1. In a B2B context, what are three things a CISO can do to enable the business?
2. In a B2B context what are three things a CISO can do to BE the business?
  1. Presumably one of these involves being part of the sales cycle?
3. Let’s drill in on the company’s products/services. Not talking about sales, but rather the products and services themselves, how can we as security practitioners be an integral part of products and/or services? What are three ways we can be the business there?
4. What about the relationships? How do we strengthen being the business with regards to relationships with our peers?
5. What about customer-facing activities beyond sales? How do we be the business with regards to our customers?
6. Challenge round, what about B2C? Melanie Ensign in a panel she was part of said that one way Cybersecurity can help B2C is by reducing support tickets. This is pure genius. Any other B2C tips?
7. You have your own podcast, and a newsletter, book…. Tell our listeners all about what you offer the cybersecurity world...

Y'all be good now!