Defense in Depth

If and When Should a CISO Have a Long Term Security Plan?

Jan 23, 2025

Mike Johnson, CISO of Rivian, and Gaurav Kapil, CISO of Bread Financial, dive deep into the necessity of long-term cybersecurity strategies. They discuss how new CISOs can balance immediate pressures with strategic planning. The conversation highlights the importance of having a flexible vision that adapts to evolving threats. Effective communication with C-suite executives is emphasized as vital for aligning cybersecurity goals. They also stress the indispensable nature of planning, even as strategies must adjust in a dynamic landscape.

29:20

Creator website

Episode guests

Mike Johnson

Gaurav Kapil

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Understanding an organization’s unique culture is crucial for a new CISO before rushing to create a long-term security plan.

Establishing a clear vision is more vital than having a rigid multi-year plan, promoting collaboration and adaptability within the team.

Deep dives

Navigating Long-Term Strategy as a New CISO

A new CISO often faces the challenge of establishing a long-term cybersecurity strategy shortly after starting their role. Many initial resources suggest developing a documented strategy within the first 90 days, which can lead to significant pressure. However, it is recognized that grasping the company’s unique environment and operational culture takes time, making it unrealistic to create a comprehensive multi-year strategy immediately. As such, it's advised that new CISOs focus more on understanding the organization before rushing into planning.

Intro

2min

Adapting Security Strategies in a Dynamic Landscape

9min

Navigating Change and Strategy in Security Leadership

5min

Navigating CISO Expectations

11min

The Indispensable Nature of Planning in Cybersecurity

2min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Gaurav Kapil, CISO, Bread Financial.

In this episode:

It helps to have a vision
The benefit of planning
It’s never too early to start
Don’t make rash decisions

Thanks to our podcast sponsor, ThreatLocker

ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

Defense in Depth

If and When Should a CISO Have a Long Term Security Plan?

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Navigating Long-Term Strategy as a New CISO

The Importance of Vision Over Detailed Planning

Building Relationships and Communicating Expectations

Remember Everything You Learn from Podcasts