Cybersecurity Leadership, CareerMistakes, and 13 Horror Stories for Cyber Halloween – BSW #283
In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. Is Cybersecurity Leadership Broken?
A new report by cybersecurity firm Savanti, argues that the industry’s leadership is broken and failing to deliver cyber success for businesses. The report provides a number of recommendations, including:
- CISOs should be hired, managed and measured as business leaders rather than technical experts;
- Recruitment should prioritise communication skills for CISOs;
- Cyber risk should be owned by the board, embedded in organisational processes and led with sufficient budget and staffing to drive organisation-wide change;
- Cyber leaders need to achieve change through influence rather than control;
- Boards need independent trusted cyber advisors, including ex-CISOs, to help them effectively interrogate all aspects of cyber leadership and strategy;
- CISOs should be integrated into all forward-looking aspects of business growth.
- 2. How To Translate Cybersecurity Terms for The CEO
There is a much better way to communicate with the C-suite when it comes to security projects and initiatives. It is communication that revolves around using real, actual data based on methodologies such as risk assessments and threat modeling. Present this data in business terms that the C-suite can understand; for example, revenue loss from a breach on the prevention side, or customer experience enhancements with a data access control framework on the business enabler side, to show the impact and metrics they would be concerned with.
- 3. Reimagining the Role of the CISO
Perhaps it's time to reimagine the role of the CISO. Maybe it's better to see the CISO's importance reflected in organizational impact rather than organizational status. Perhaps embedding security in functional units will result in better security.
- 4. What Hurricane Preparedness Can Teach Us About Ransomware
So how can organizations use the fundamentals taught by natural disasters to respond to a paralyzing ransomware attack?
- Have a Plan
- Test Your Plans
- Effective Communication
- 5. 4 Business Ideas That Changed the World: Emotional Intelligence
In the early 1990s, publishers told science journalist Daniel Goleman not to use the word “emotion” in a business book. The popular conception was that emotions had little role in the workplace. When HBR was founded in October 1922, the practice of management focused on workers’ physical productivity, not their feelings.
Daniel Goleman popularized the idea in his 1995 book, and companies came to hire for “EI” and teach it. It’s now widely seen as a key ingredient in engaged teams, empathetic leadership, and inclusive organizations. However, critics question whether emotional intelligence operates can be meaningfully measured and contend that it acts as a catchall term for personality traits and values.
- 6. Cybersecurity career mistakes
Being there, done that.
Mistake 1: Going against the flow Mistake 2: Not understanding your strengths Mistake 3: Not to take care of your network Mistake 4: Getting comfy Mistake 5: Losing a feeling of the job market Mistake 6: Not learning things that are not technical Mistake 7: Not getting professional certifications Mistake 8: Waiting for someone to promote you
- 7. 13 Cybersecurity Horror Stories to Give you Sleepless Nights
Twas a dark and stormy night, and the cybersecurity team stood patiently in their Scrum meeting. “Tell us a tale,” the CISO said, and one of their number raised their hand. They caught the eye of their colleagues, and began…