Time To Move Away From “G – little R – Big C” (GRC) – John Wheeler, Padraic O’Reilly – BSW #250
How to move from legacy GRC processes and systems to a more automated approach that promotes visibility, agility, and alignment from assessment to Boardroom.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Padraic O’Reilly is Founder and Chief Innovation Officer at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, risk management consultant, and deep cybersecurity expertise supports his current activity which spans working directly with public and private organizations to assess, measure, remediate, and communicate cyber risk. Working closely with large, highly regulated enterprise teams and CISOs, Padraic is dedicated to driving tangible value through linking cyber risks to control posture, innovating with CRQ models and AI, and enhancing cyber to business communication.
An expert in AI and financial modeling, Padraic works with global enterprises to research and deploy risk quantification, analysis, and communication strategies from board to SEC reporting. Padraic has been featured in publications and broadcasting stations such as CNN, the Wall Street Journal, Forbes, Fortune, the New York Times, and Bloomberg.
John A. Wheeler is Strategic Advisor to CyberSaint and the founder and CEO of Wheelhouse Advisors, a global risk management strategy and technology advisory firm. John has over 30+ years of industry experience is a recognized expert, frequent speaker and author on the effective use of risk management practices and technology in large and midsize businesses. Prior to joining CyberSaint, John was Senior Director, Analyst for risk management technology solutions and services at Gartner, a leading research and advisory organization. Wheeler spent over ten years at Gartner advising thousands of CISO and CIO buyers, CEOs, Boards of Directors, as well as technology product and services companies within the $9 billion Integrated Risk Management market. Prior to his time at Gartner, Wheeler led teams at Truist (formerly known as SunTrust), transforming and modernizing the organization’s risk management, Sarbanes-Oxley (SOX), and audit programs. He had leadership positions at Turner Broadcasting and Emory Healthcare, and also held positions in IT and risk consulting at Big Four firm EY in addition to Accenture.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
5 Leadership Lessons, 6 Steps to Success, & 6 Tips to Say No – BSW #250
In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (that actually work!), and more!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!
Matt Alderman
- 5 Leadership Lessons General Marshall can Teach UsGeneral Marshall is an unlimited source of leadership inspiration. Here are some takeaways from his leadership accomplishments. 1. George C. Marshall was a great leader because he was able to think ahead and plan for the future. He understood his role as a senior leader. He wasn’t supposed to be inundated with the details of a plan. He knew that diving into that much detail would take his eyes off of the organization’s vision. Good leaders let subordinate leaders do their jobs. 2. He was also able to adapt to changing circumstances and make quick decisions when necessary. World War II was a dynamic event. The country was divided into two theaters, the European and Pacific regions. General Marshall needed the military to be flexible. Fortunately, he had leadership under him that was adaptable and innovative. 3. General Marshall showed leadership by empowering the leaders below him to do their jobs successfully. He made sure they understood what needed to be done and why it was important to accomplish the mission, but trusted them enough to make most of the decisions at their level. 4. George Marshall was a master of communication and knew how to get people to work together towards a common goal. He was able to communicate even in the midst of crisis. “What is important now is leadership- leadership by example, leadership on the part of everybody who has any influence whatever with human beings… It isn’t what they think about us; it’s what they think we think about them that counts.” — George C. Marshall 5. Finally, Marshall believed in leading by example and setting the right tone for his team. “I think leadership is the ability to influence people. The most effective way that I can influence people is by setting a tone and example.” — George C. Marshall
- Top cybersecurity leadership challenges and how to solve them"If I'm being honest about our situation, we're on our own when it comes to building out the infosec program," wrote Todd Barnum, CISO at GoPro in his book, The Cybersecurity Manager's Guide: The Art of Building Your Security Program. "Neither the culture nor any executive sponsor will provide much support."
- Delta CISO Debbie Wheeler: Security can’t be seen as a competitive advantageWith the complexity and criticality of security in the aviation industry, Wheeler warns against viewing security as a competitive advantage. Instead, she says, a more collaborative approach is required.
- Cybersecurity incident response: The 6 steps to successCybersecurity incident response is not only about handling an incident – it’s also about preparing for any possible incident and learning from it. Here are six steps for a successful and efficient cybersecurity incident response: 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned
- 6 Effective Tips to Politely Say No (that actually work!)6 Tips to Help You Say No: 1. Switch Out “No” for “Later” 2. Rehearse Your No 3. Don’t Offer an Explanation 4. Do Offer An Alternative 5. Use “No” Body Language 6. Slay the Procrastination Dragon
- What’s the Optimal Workplace for Your Organization?More than two years in the Covid-19 pandemic, companies are struggling with how to reimagine their workspaces for their strategic needs. Too often, leaders push the decision down the road when, in fact, taking decisive action now can pay off later. But how do you determine whether in-person, hybrid, or remote options are best for your organization? Start by asking two questions: What is your strategy for future growth? And what is the size of the organization you need right now? Then, map your answers to better understand how your needs around innovation and execution translate to physical (or virtual) spaces.
