The Cyber Ranch Podcast

Howdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast!  What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!)  I am your host, Allan Alford, CEO of Alford & Adams Consulting.  I have co-host on this episode, Dani Woolf, of the Audience 1st podcast!  On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off).  What we’re doing on this joint endeavor is interviewing various CISOs and other folks about their roles in cyber.  This week’s show focuses on the cons of cybersecurity – the beefs, gripes, grumps, complaints and fears about cybersecurity.  Next week we’ll end on a positive note, but this show as an opportunity for CISOs to scream into the void.  Without further ado, here we go…   WARNING:  Some naughty language this episode.

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Drew Simonis, CISO @ Juniper Networks, former CSO @ Hewlett Packard Enterprise, former CISO at Willis – you get the idea.  Drew’s posts on LinkedIn are pure fire – not in the hot takes way, but because of the quality of the thinking behind them.  Drew has also been on the show a couple of times now, and we keep inviting him back because he’s always worth hearing from.  Drew and Allan were chatting this afternoon about the idea that oftentimes cybersecurity does not matter – and that that’s okay!  So we decided to record a show on that topic.   Drew and Allan share some real-world stories where they put security on hold for the benefit of the business: VP of R&D had been told he had to get a new product off the ground that was only quasi-planned for. He had properly allocated headcount, but realized his cloud costs were going to rise dramatically.  At the time Allan had a big security initiative he was pushing for out-of-bandwidth.  They met and talked.  His out-of-bandwidth need was stronger than Allan's in terms of benefits to the business.  Allan backed him AND also made sure that his extra cloud spend included a few more security features in AWS.  Win-win.  Drew has a similar tale. Flat-out, Top line was declining and we could not figure out specifically why. New competitor explained some of it, but not all of it.  Market fatigue?  But that was not all of it.  CRO wanted more sales folks to throw at the problem.  CISO backed him and agave away project budget to support him. Company had a mismanaged an expansion. Building was paid for, but nobody had thought about the IT costs and headcount.  CIO was trying to figure out where to get bodies to populate the new site.  Allan gave up 2 headcount for 2 more quarters. Startup: CISO took on Marketing department temporarily when head of Marketing left. Slowed down the security focus, but Marketing needed some hands-on attention beyond what the CEO could give.  It paid off for the business. CISO Joined forces with head of Pro Services to push through a security initiative that benefited key customers for him (contracts he could now secure), but also gave me some more generalized security comfort. Spent huge amount of what could have been security operations time training sales teams on security as differentiator in the market. Benefited top line. Drew and Allan share many more stories and break down why in each of these cases, deprioritizing daily security operations was the right thing to do! Y'all be good now!

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest today is Ankur Ahuja, 2x CISO, Ted-X Speaker, Startup Investor, Board Advisor, etc. etc.  Ankur is currently SVP and CISO at Billtrust, and he’s got some Big 4 in his DNA too (ten years, in fact!).  Ankur wanted to chat about how CISOs can drive business growth, so I asked him to come on down to the ‘Ranch and have a chat with me.   It's more than attending sales calls. It's more than security questionnaires   Listen for some clever new tips on driving business growth!  

Melanie Ensign is a communications strategist and corporate anthropologist for cybersecurity, privacy, and risk organizations.  She is founder and CEO of Discernible, a multi-disciplinary Center of Excellence for security, privacy, & risk teams. Her team includes experts in communications, product development and management, compliance, security and privacy engineering, and behavioral science. Melanie is here at the 'Ranch to talk specifically about the fact that so many CISOs feel they are in organizations that simply don’t care about cybersecurity.  She’s got some good insights into this one, and it’s the perfect topic for her expertise. Allan asks Melanie: Allan put up a LinkedIn poll asking folks “Do you feel organizations properly prioritize cybersecurity?” The results were pretty sobering.  What are your thoughts? Is the problem really the organization or is it us? Probably a mix of the two, or maybe one or the other depending upon the environment and the individual CISO? Assuming it’s the organization, how can a CISO avoid such organizations in the first place? How do you vet a company for its commitment to cybersecurity? If you find yourself in a company that does not seem to care about cybersecurity, what should be your next steps? Allan has emphasized over the years that all CISOs are salespeople times two. We sell the problem, then we sell the solution.  Is that a fair perspective in your mind?  How many other leaders have to sell their mission in general?  I think we all end up selling specifics… What communication skills can improve the situation for CISOs?

In this episode, Allan tackles the idea of selling the CISO mission. He deconstructs the types of CISOs and the "selling" they must do.  Sometimes you really are selling, but most of the time you should be solving business problems. Allan speaks to: Business objectives met Business risks reduced Maturity And also deconstructs the art of selling itself. Hint: Business Impact Analysis is a valuable tool in this whole process. Special thanks to Helen Patton and Melanie Ensign for prompting this exploration. Y'all be good now!

Our guest this week is Jonathan Rau, VP and Distinguished Engineer over at Query, and a proponent of what he calls "SecDataOps".  Jonathan is quite active on LinkedIn and his takes, though often spicy, tend to be spot-on.  Allan has come to enjoy following Jonathan's posts, and he was excited to have Jonathan come on the show and share his insights. Allan asks Jonathan, in a VERY lively conversation: What is SecDataOps? What is its focal point? Who should be in charge? What skills are required to participate? Who has those skills? What about the trifecta of people/process/technology? What is wrong in the community with our approach? Y'all be good now!

This is part two in our neurodiversity series.  Our guest roster this time also includes Dr. Ursula Alford, a psychologist who routinely works with the neurodiverse populace. The lineup of guests covers ADHD, Autism, challenges unique to women with neurodiversity, how leaders should manage neurodivergent team members and more. Y'all be good now!

Geoff Hancock is Deputy CEO and CISO for Access Point Consulting, Former Global Director and CISO over at World Wide Technology.  He’s also a Senior Fellow and Adjunct Professor at George Washington University and has held various C-suite and executive roles at Verizon, CGI Federal Advanced Technology, Microsoft, and Advanced Cybersecurity Group.  He is back at the 'Ranch this week to talk about CISO Communications. Allan asks Geoff: You say the first step is prioritizing clarity in communication. What does that mean to you? Your next step is developing strategic storytelling. Can you elaborate on that one? How do we enhance crisis communication? How do we engage stakeholders proactively? What about data? How do we leverage it in decision making? How does one bolster their leadership presence? How do you implement a feedback loop? What practical tools and strategies can be utilized for effective communication? It's a fantastic show full of great insights, and you will thoroughly enjoy listening to it. Y'all be good now!

Join Allan LIVE! at Zero Trust World in Orlando as he asks 12 guests "What does Zero Trust Mean to You?" and a wide variety of other questions. Conference highlights are discussed as well, including hacker activities, hacker demonstrations, incredible talks, etc. Allan also learns all about The Tech Degenerates, and organization furthering partnership and comradery amongst cybersecurity vendors, MSPs, MSSPs, CISOs, etc. (Allan has since joined their Discord group!) Another great highlight is a chat with Carlos Rodriguez about the vCISO life. This show is sponsored by our good friends at ThreatLocker - visit https://threatlocker.com and tell them you heard about them down here at the 'Ranch! Y'all be good now!

How does cybersecurity relate to the four horsemen of the apocalypse?  Famine, Pestilence, War, and Death?  In this episode, Dr. Chase Cunningham, renowned Zero Trust expert, author, instructor, Chief Strategy Officer, advisor, etc., examines the 4 conditions on our planet represented by the four horsemen, ties it all to cybersecurity, and then solves it all with Zero Trust.  It's quite a ride and an adventure you should listen to! Allan tries to keep up in this episode that jumps from topic to topic, but all with a zero trust underpinning. It's another LIVE! episode recorded at Zero Trust World 2024 in Orlando. Sponsored by our good friends at ThreatLocker. Y'all be good now!