BSW #272 – Saša Zdjelar
Full Audio
View Show IndexSegments
1. Talking to Boards and C-Suites, Leadership Debt, and Adaptive Leadership – BSW #272
In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. How to Talk to Your Board (So They’ll Listen!)Five Tips to Ease Communication With the Board 1. Start with the basics 2. Know the difference between the board and leadership 3. Come prepared to talk about the following: - How issues affect your business - Current events - “What’s that red thing?” - The historical perspective - The risk narrative 4. Don’t do the following - Don’t go into minutiae - Don't complain - Don’t pretend everything is great if it isn’t 5. Seize an opportunity, if you can
- 2. The CISO’s Guide – How to Talk to Your Board & C-Suite About CybersecurityHere are some basic questions that CISOs need to answer for the board and C-suite: - What are the risks we are facing? - What is the cybersecurity team doing about it? - Does the team have what it needs to make the right decisions and act quickly? - Are company assets, data, and systems secure? - How would we know if we have been breached? - How does our security program compare to other companies in the industry? - Do we have enough resources for our security program? - How effective is our program; is our investment correctly aligned?
- 3. The Number 1 Growth Killer is Leadership DebtYou can avoid incurring too much leadership debt by: 1. Take ownership of your leadership debt 2. Work on your leadership skills 3. Develop a strong leadership team 4. Watch out for leadership debt symptoms, including - Team conflicts and team members blaming each other - You must approve too many decisions - High employee turnover - Teams work in silos
- 4. Adaptive Leadership in Times of ChangeHow leaders within an organization decide issues is an important part of that organization’s success. This is because that decision-making process flows down to other parts of the organization; others emulate these actions and processes within the group (Offergelt et al., 2019). This article will discuss a leadership approach called adaptive leadership theory through the examination of a senior leader of a Fortune 500 firm during the early stages of the COVID-19 Pandemic. It will also describe an alternative theory of leadership demonstrate why it was not an optimal choice during this time.
- 5. 5 ways to unite security and complianceWhich comes first, security or compliance? In an ideal world, they work together seamlessly. Here's how to achieve that: 1. Focus on data protection 2. Make security auditors your friends 3. Use compliance as a base to build better security 4. Fix the vulnerabilities you find 5. Measure improvements in security and risk posture
- 6. Overcoming the Barriers to Zero-TrustBelow are three key barriers facing companies interested in implementing a zero-trust approach today: 1. Cost 2. Complexity 3. Scale
- 7. This One Communication Tip Will Save You Hours of FrustrationThe communication tip is this: ALWAYS clarify the point(s) you want to discuss. How do you clarify these points? ASK QUESTIONS. No matter how simple it may seem, do not assume what you think something means matches what the person meant.
2. Zero Trust Is Not a SKU – Saša Zdjelar – BSW #272
Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy.
Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Saša is the Chief Trust Officer (CTrO) at ReversingLabs and an Operating Partner at Crosspoint Capital with ~20 years of Fortune 10 global executive leadership experience. His CTrO scope includes leadership, oversight and governance of the CISO/CSO function, including product security, as well as partnering with other leaders on corporate and product strategy, strategic partnerships and research, and customer and technology advisory boards, including sponsoring the ReversingLabs CISO Council. Prior to ReversingLabs and Crosspoint Capital, Saša served as the Senior Vice President of Security at Salesforce, where he led a global organization encompassing enterprise security, product security, offensive security, security engineering/automation, bug bounty programs, technical product/program/project management, and mergers & acquisitions. He also played a crucial role as the executive sponsor for strategic corporate security initiatives, such as Zero Trust.
Prior to his tenure at Salesforce, Saša spent nearly two decades at ExxonMobil, holding various positions focusing on business and technology strategy, enterprise security & architecture, software engineering, ERP systems design/integration, program and product management, planning & stewardship, compute and hosting platforms, and digital/cyber resilience.
Saša is an active participant and founding member of several CxO/CISO leadership communities. He is also a member of the Forbes Technology Council, Member of the Board at the National Technology Security Coalition (NTSC), a Fellow at the Cyber Readiness Institute (CRI) and Center for Global Enterprise (CGE), a member of the BlackHat CISO Summit Advisory Board and BlackHat Content Review Board. His insights have been published in various industry publications, and he has spoken at numerous industry conferences and universities.
Saša holds a Bachelor’s degree in Management and a Master’s degree in Decision Science from the University of Florida.