Why CISO’s Fail: Some Practical Lessons for the Future – Barak Engel – CSP #173
Full Audio
View Show IndexSegments
1. Why CISO’s Fail: Some Practical Lessons for the Future – Barak Engel – CSP #173
Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Guest
As the pioneer of the vCISO concept and original vCISO, Barak has served as CISO in dozens of organizations including Stubhub, Mulesoft, Amplitude Analytics, BetterUp, and many others, usually a few at a time. His consulting firm, EAmmune, has managed security programs for hundreds of brands globally. Barak has made numerous contributions to the field with his thought-provoking insights about security as a human discipline and business enabler. His first book, “Why CISOs Fail”, was inducted in 2021 into the Cybercannon, with a second edition set for release in March 2024. His second book, “The Security Hippie”, was released in 2022.
Barak serves on multiple security company advisory boards, is a member of the Theia Institute, a security think tank, and a board member in several non-profit organizations.
Host
Todd Fitzgerald has built information Fortune 500/large company security programs for 20 years. Todd serves as VP, Cybersecurity Strategy and Chairman of the Cybersecurity Collaborative Executive Committee, was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books including #1 Best Selling and 2020 CANON Hall of Fame Winner CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), ground-breaking CISO Leadership: Essential Principles for Success, as well as contributions to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.