The Cyber Ranch Podcast

Integrating with the Business with Ayman Elsawah

Jan 24, 2024

In this podcast, Ayman Elsawah and Allan discuss the role of CISOs in business integration. They explore how CISOs can go beyond enabling the business to actually being a part of it. Topics include sales cycle involvement, product security integration, and combating cybersecurity complacency.

35:09

Creator website

Episode guests

Ayman Elsawah

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Transitioning from appsec to product security is crucial for CISOs, aligning security efforts with business products/services.

CISOs should aim to be an integral part of the business, working alongside C-level executives to drive security initiatives.

Deep dives

Expanding the Role of a CISO Beyond Enterprise Security

Many CISOs exclusively focus on enterprise security without understanding the product they secure, missing out on a crucial aspect of their role. The transition from appsec to product security is noted as imperative. Being actively involved in product security means understanding the product intricacies and aligning security efforts with business goals.

Introduction

2min

Evolving Role of CISO in Business and Product Security

14min

Navigating Cybersecurity Consulting and User Experience Insights

3min

Unified Single Sign-On for Enhanced Security and User Experience

11min

Navigating Perspectives on Security and Engineering Perspectives on Availability

2min

Mission to Combat Complacency in Cybersecurity

3min

Howdy, y’all, and welcome to The Cyber Ranch Podcast! Our guest is Ayman Elsawah, who, like Allan these days, is a fractional CISO and founder of his own security company. He has done the fractional CISO thing many times. He has also been a professor, a security consultant, and a cloud-specific security consultant. His tenure includes eBay, NCC Group, Justworks and Masterclass. Ayman and Allan are talking about how cybersecurity teams can integrate themselves with the rest of the business.

So we talk about the role of the CISO in business enablement all the time. Allan argues, based on the wise words of Scott McCool, a friend and mentor, that we are not here to enable the business. Rather we are here to BE the business. The distinction is that enablement still puts the CISO off to the side of the goings on. Being the business means that the CISO is part of the process, in there with sleeves rolled up alongside CRO, CMO, CFO, CEO, COO, etc. So let’s ask the question twice:
1. In a B2B context, what are three things a CISO can do to enable the business?
2. In a B2B context what are three things a CISO can do to BE the business?
  1. Presumably one of these involves being part of the sales cycle?
3. Let’s drill in on the company’s products/services. Not talking about sales, but rather the products and services themselves, how can we as security practitioners be an integral part of products and/or services? What are three ways we can be the business there?
4. What about the relationships? How do we strengthen being the business with regards to relationships with our peers?
5. What about customer-facing activities beyond sales? How do we be the business with regards to our customers?
6. Challenge round, what about B2C? Melanie Ensign in a panel she was part of said that one way Cybersecurity can help B2C is by reducing support tickets. This is pure genius. Any other B2C tips?
7. You have your own podcast, and a newsletter, book…. Tell our listeners all about what you offer the cybersecurity world...

Y'all be good now!

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

The Cyber Ranch Podcast

Integrating with the Business with Ayman Elsawah

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Expanding the Role of a CISO Beyond Enterprise Security

Being Integral to the Business as a CISO

Enabling the Business in a B2B Context as a CISO

Fostering Relationships and Security Culture for CISO Success

Remember Everything You Learn from Podcasts