Building Security from Scratch: One Year as CISO at a Start-up – Guillaume Ross – BSW #233
We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.
Segment Resources:
Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/
Guillaume has been a defender, a consultant, and CISO. He likes securing organizations, clouds, products and more, by refusing to implement the same things that have been tried and failed thousands of times already.
He is currently an IANS faculty member, teaches courses through IANS and Pluralsight, and is owner and consultant at [Caffeine Security](https://caffeinesecurity.com/)
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO – BSW #233
This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Matt Alderman
- Who actually owns cyber security: CISO vs. CIO – CyberTalkBoth CISOs and CIOs commonly operate within the cyber security space. A recent survey indicates that 48% of security teams report to a CISO, while 25% report to the CIO. Although there was no measurable difference in terms of strategies deployed by CISOs vs. CIOs, defining who should take cyber security ownership is becoming increasingly important.
- The CISO and the C-Suite: How to Achieve Better Working RelationsThe CISO is a relatively new arrival to the C-Suite. It’s also one that is still finding its place among more established leadership positions. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed. But to empower them to defend against cyberattacks, the working relationship between the CISO and other members of the C-suite need to shift.
- How Should the CSO Work With the Chief Privacy Officer?The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working.
- A Day in the Life of a Modern CISOA Chief Information Security Officer (CISO) is the highest-ranking in the company’s information security organization. One of the primary objectives of a CISO is to build a security posture that is compliant with legal, regulatory, and contractual obligations of information security. CISOs are also capable of protecting the organization from emerging external and internal threats. A CISO achieves this objective through various organization-level controls and disciplines. 1. Establish a Security Strategy 2. Risk Assessment 3. Security Governance 4. Vulnerability Management 5. Verifications (Audits, Penetration tests, red team exercises) 6. Program Management 7. Leadership 8. People Management
- How to Say “No” After Saying “Yes”Whether you have overbooked yourself, realized you have a conflict, or otherwise can’t or don’t want to participate in a project, it’s essential to uncommit gracefully. Doing so will keep your reputation intact and your relationships strong. The author offers six tips to help you go about saying no after you’ve already said yes with tact and professionalism: 1) Consider the cost. 2) Shift your perspective. 3) Be diplomatic but truthful. 4) Preserve the relationship. 5) Offer an alternative. 6) Learn from it.
- Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus?In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security" 1. Strengthen the Cybersecurity Fundamentals 2. Cybersecurity Must Be a Boardroom Agenda 3. Leverage Intelligent Automation and Other Advanced Technology 4. Shift to A Zero Trust Architecture 5. Focus on Securing Your Cloud Infrastructure 6. Develop Robust Continuity Plans
- Decode different types of business interruption insuranceMost business continuity and disaster recovery (BCDR) administrators are aware that business interruption insurance is available to cover some or all downtime-related costs, including lost income. However, many aren't sure what a policy includes or excludes, or how it can be acquired. 1. Add coverage to a property/casualty policy 2. Consider what the plan covers 3. Read the fine print
