Defense in Depth

If and When Should a CISO Have a Long Term Security Plan?

Jan 23, 2025

Mike Johnson, CISO of Rivian, and Gaurav Kapil, CISO of Bread Financial, dive deep into the necessity of long-term cybersecurity strategies. They discuss how new CISOs can balance immediate pressures with strategic planning. The conversation highlights the importance of having a flexible vision that adapts to evolving threats. Effective communication with C-suite executives is emphasized as vital for aligning cybersecurity goals. They also stress the indispensable nature of planning, even as strategies must adjust in a dynamic landscape.

29:20

Creator website

Episode guests

Gaurav Kapil

Mike Johnson

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Understanding an organization’s unique culture is crucial for a new CISO before rushing to create a long-term security plan.

Establishing a clear vision is more vital than having a rigid multi-year plan, promoting collaboration and adaptability within the team.

Deep dives

Navigating Long-Term Strategy as a New CISO

A new CISO often faces the challenge of establishing a long-term cybersecurity strategy shortly after starting their role. Many initial resources suggest developing a documented strategy within the first 90 days, which can lead to significant pressure. However, it is recognized that grasping the company’s unique environment and operational culture takes time, making it unrealistic to create a comprehensive multi-year strategy immediately. As such, it's advised that new CISOs focus more on understanding the organization before rushing into planning.

Intro

2min

Adapting Security Strategies in a Dynamic Landscape

9min

Navigating Change and Strategy in Security Leadership

5min

Navigating CISO Expectations

11min

The Indispensable Nature of Planning in Cybersecurity

2min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial.

In this episode:

It helps to have a vision
The benefit of planning
It’s never too early to start
Don’t make rash decisions

Thanks to our podcast sponsor, ThreatLocker

ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Defense in Depth

If and When Should a CISO Have a Long Term Security Plan?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Navigating Long-Term Strategy as a New CISO

The Importance of Vision Over Detailed Planning

Building Relationships and Communicating Expectations

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Defense in Depth

If and When Should a CISO Have a Long Term Security Plan?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Navigating Long-Term Strategy as a New CISO

The Importance of Vision Over Detailed Planning

Building Relationships and Communicating Expectations

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights