CISO Series Podcast

If You Care About Security, Maybe This Guilt Tactic Will Work

Aug 22, 2023

The podcast discusses tactics that security vendors should avoid when engaging with CISOs, the struggles organizations face in hardening their environments, and advice for early-stage CISO professionals. It also covers cybersecurity breaches, including the severity of ransomware vs internal security breaches.

39:27

Creator website

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Building strong relationships with departmental leadership and key individuals is crucial for CISOs to enhance interdepartmental incident response and gain endorsement for security programs.

Addressing vulnerabilities such as default passwords, unpatched software, and poor configurations, and implementing tools to enhance system security are crucial for organizations struggling with hardening their environments.

Deep dives

Importance of Building Strong Relationships and Creating a Culture of Security

One of the key points highlighted in the podcast is the importance of CISOs building strong relationships with departmental leadership and key individuals within the organization. Additionally, creating a company culture of security is emphasized as it helps with interdepartmental incident response and gains endorsement and buy-in from stakeholders.

Introduction

2min

Inside Jokes, Security Events, and Hardening Environments

13min

Discussing Security Breaches and Cyber Risk Quantification

3min

Cybersecurity Breaches: Ransomware vs Internal Security

16min

Attributes and Advice for the CISO Role

5min

All links and images for this episode can be found on CISO Series.

Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, Jeff Hudesman, CISO, Pinwheel.

Thanks to our podcast sponsor, Balbix

Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs.

In this episode:

What can a vendor do that will actually make a CISO want to respond to a message?
What are we doing right and wrong when it comes to hardening our environments?
Do you think organizations are still struggling with hardening their environments and if so, why?

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CISO Series Podcast

If You Care About Security, Maybe This Guilt Tactic Will Work

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Importance of Building Strong Relationships and Creating a Culture of Security

Challenges and Importance of Hardening Systems

Best Practices for Engaging with CISOs and Cybersecurity Sales

The Need for Cybersecurity Expertise on Boards

Remember Everything You Learn from Podcasts