Name: What it REALLY means to be a Chief Information Security Officer
Start: 2021-08-12T17:34:00Z
End: 2021-08-12T17:34:36.000Z
Location: BrightTALK
Rating: 0

This episode of Life of a CISO reveals the no-so-secret secrets of being a world class CISO. Knowing the technical and business aspects of being a CISO can be learned, but success is a result of consistent daily practice. By that I mean you can take my CISO certification course, but if you don’t believe in yourself, there’s nothing I can do to make you successful. Success is the result of habits that are done every day, not one big moment. What works for me (and I think will work for you) is getting a good night’s sleep, hit the gym, journal and write down your daily goals, read, and schedule your day as rigidly as possible. Yes, it really is that simple, but simple doesn’t mean easy. Try to match my routine for 30 days and you may find that you’ll get much more out of your day.

Daily Habits of world class CISOs

This episode of Life of a CISO is all about getting a seat at the table. The executive table, that is. If you want to be a world class CISO, you have to be invited to the board room and be involved in executive-level decisions, just like the CEO, CIO, CFO, etc. If you’re not a “Chief” Information Security Officer, you aren’t a CISO. Now, be careful, because some of you really like the idea of a fancy title and a big payday, but don’t really want to be in meetings all day, you’d rather be knee-deep in code. If that’s the case, then a CISO position isn’t for you. But if what you really want is to be treated equally to other C-level executives, then this episode will show you what you need to do to get to the next level.

If you want to be a World Class CISO, you need to have a seat at the table

This episode of Life of a CISO is all about communication. If you went to a doctor and he said, “you’re fine, keep doing what you’re doing,” that’s good news...but only if that’s true. A doctor is supposed to give you guidance on how to stay healthy, and to be honest with you about where you are falling short. In the same way, a CISO’s job is not to pat executives on the back and say everything is fine, but also not to scare them. A CISO must communicate what the top threats are, how to deal with them, and what are the costs and risks. A CISO’s job is not to try to fix every single problem, because that would take an infinite budget and cripple functionality; it’s up to the CISO to explain that the top threats are, and what other threats exist, but aren’t a top priority. That way, the executives are aware that cybersecurity is never “fixed,” but the CISO is on top of things, fixing the top issues and being aware of other threats.

How to Communicate Cybersecurity Threats to Executives

This week on Life of a CISO, I teach how to become a world class CISO by exercising your brain. Being a world-class CISO is much less about technical knowledge and much more about problem solving and out-of-the-box thinking to solve problems that can’t be found in technical manuals. One of the best things to do is to exercise your mind by literally setting time aside to just think. Too many of us “relax” by checking social media or watching TV, which doesn’t really relax us at all. Instead, set aside time to think. It will feel weird at first, but that time will get you into flow state where you can be at your most productive. In order to become a world-class CISO, set specific goals for yourself with laser-focus. The more specific you are in your goal, the closer you can get to achieving them, and the more clear you can be on when you achieve them, the harder you will work to meet that deadline.

Mental Exercises to Make You a World-Class CISO

How do you best prepare your systems for the inevitable breach you are going to face? You need to have a prepared and well thought out strategy for how you are going to separate and segment your systems in a way that minimizes the damage of any attacks that infiltrate your systems. 

As a cybersecurity professional you have to know one truth... You will be breached. It is no longer a matter of if but when and the measurement of your success is how quickly is it detected and how much or how little damage did the breach actually do. Are you going to have 2 hour breaches or 2 year breaches?

Zero Trust is
  - A Mindset of Separation 
  - A Framework for Successful Cyber Security
  - A Solution to The Major Threats Today

Join me to find out how to implement Zero Trust in your organization for the best chance at protecting your critical data.

How to Implement Zero Trust: Protect Against Advancing Threats

Do you have a clear roadmap of the highest priority items within your organization to minimize the threat of a breach?

Let's face it, many organizations are spending a significant amount of money on cybersecurity. They have world-class security engineers, and they're still getting breached.

Plain and simple, they're overlooking key areas of the organization.

If we go in and look at most of the major breaches over the last 18 months, they're really coming down to organizations not knowing critical assets in the exposure. Almost every breach could be described, at a high level, of a system that was accessible from the internet simply missing patches, having known vulnerabilities that contained critical data or had access to critical business processes.

In this webinar, we're going to look at: 
Why are attacks happening? 
What are the core areas of focus? 
What is a security assessment? 
What are the qualities of an effective security roadmap? 
How can you get better visibility, validation, or confirmation that your security is up to par for the current attack vectors that are out there and that you have properly protected and secured your systems and information?

Because the bottom line is we know organizations are going to be targeted. 

It doesn't matter who you are, you are a target and cybersecurity is your responsibility. 

Ultimately, it comes down to early detection... and one of the phrases that I always like to say, "May all your breaches be minor." 

Join me live and let's assess if your organization is at risk!

Is Your Organization At Risk?

Thank you for joining me for this episode of Life of a CISO. On this episode, I reveal three secret ninja tricks that will be invaluable tools for any CISO. The first is the 2 questions. Most security engineers will ask just one question: “What is the value and benefit of doing a certain thing?” But the second question is “What is the risk or exposure?” So you can then decide if the value is worth the risk. Ninja trick number 2: Have a risk assessment every quarter. Ninja trick number 3: Instead of having a pile of graphs and charts, be able to make a presentation with only one slide, which has 4 columns: Top risks, likelihood of it happening, cost of the breech, and cost to fix it. If you have these three tools, you are one step closer to being a great CISO.

How to Prevent Cyber Attacks in 2021 (3 Ninja Tricks for CISO's)

This episode of Life of a CISO is all about overcoming limited beliefs. Many of us have invisible scripts and unconscious limiting beliefs that keep us from achieving our dreams. For example, for centuries, it was thought that it was impossible to run a 4-minute mile. Until 1954, when that record was broken by Roger Bannister. Within 3 months, it was broken a second time. It was impossible to run a mile in 4 minutes...until it wasn’t. It wasn’t shoes or steroids, it was just the belief that it couldn’t be done. A person who overcame limited beliefs was Marie Callender. She was a waitress at a restaurant nearly about to go out of business, and she took a chance and added her home-made pies to the menu. It was so successful that she ended up buying a commercial oven and owning the restaurant, which stopped selling burgers and only sold pies. If she limited herself to thinking she was only good enough to be a waitress, or that she didn’t have time, then no one would know her name, instead of being the biggest name in pies. A third story I like to tell is the British Crew (Rowing) Team. The 8-person boat was the team that was thrown together of all the slowest people kicked out of other boats, but they each dedicated their lives to the single focus of making the boat go faster and getting the gold. And they won gold at the olympics. If you examine your limiting beliefs, do what you do best, and become obsessed with a goal, you will become a world class CISO.

How to Overcome Limiting Beliefs and Become a World-Class CISO

In this episode of Life of a CISO, I review some of the common tips, tricks, tactics, and catchphrases that every world class CISO should know. Many CISOs think that they have to educate executives on the ins-and-outs of what they are doing to make the organization more secure against attacks. But in fact, the job of a CISO is to make the executives be able to focus on growing the business and think about security as little as possible. But at the same time, it is the CISO’s job to know the basics of the business they are in; specifically, they must know, off the top of their heads, what an organization is known for, what its competitive advantage is, and how it makes money. For example, McDonald’s doesn’t sell hamburgers, what they sell are hamburgers that are cheap and fast. CISOs, although they are not supposed to teach technical lessons on cybersecurity to executives, they must teach executives how to avoid scams and social engineering attacks. A common attack now is to send an email “warning” of a COVID outbreak, and use that to get the target. I recommend against telling executives what not to do, and instead tell them what to do. I hope you enjoy this episode of Life of a CISO

Cyber Security Top Best Practices of Sucessful CISOs in 2021

On this episode, I answer the question, “What is required to be a CISO.” You might think that it takes years of experience in a security engineer position to be a great CISO, but in fact, too much experience as an engineer can hinder your ability to get a CISO position; because in order to be a CISO, you have to think like a CISO, and too much experience as a security engineer will ingrain thought processes that make you think like an engineer. To be clear, this is not to say that you can’t retrain yourself to think like a CISO, just that one doesn’t naturally follow the other. Once you do have that CISO mindset, the next step is to get that first interview. Then the second, and possibly third, and so on until you get the job. There is no number that is the right number, but if you think like a CISO, then every failed interview is a chance to get feedback that gets you closer to a successful one. This episode includes ways to get yourself out of a powerless mindset, and into a powerful one, and ways to ace every interview, even if you don’t get the job right away. Watch the episode to find out how you can get that first CISO position.

The #1 Trait that will turn you into a World Class CISO

In this episode of Life of a CISO, I tell you part two of my career in being a CISO before we even had the word for it. I have found that the harder I work, especially when it comes to serving other people, the luckier I get. An example of this good luck is when I was given an opportunity to do a presentation when the original presenter missed her flight and wasn’t available. This was my first public presentation, and I had no preparation, and I was even using someone else’s notes! But I rose to the occasion and it went well. An important lesson from that experience was to be true to myself, not try to be someone else, and that lesson is also what gave me the confidence to start my own business, Secure Anchor, after I worked for McAfee. One big tip I have for everyone is that you have time that you think you don’t. Stop doing things that don’t serve you and use that time to do things that do, like taking care of your mind and body.

How I Became a Cyber Security Innovator (Part 2)

I get asked all the time how I became one of the world’s first CISOs, and how my education and work experience influenced my life and career. In this episode of Life of a CISO, I take you in the time capsule and tell you my story. In the 1980s, when personal computers had floppy disk drives and 64KB of memory, I was told that computers and networking are the future. I decided to learn both business and computers in college, which in my mind, set me up for a possible future career in computers, but also prepared me for a career in business which would serve me in any career field. Through a combination of luck and persistence, I had summer internships at Grumman Aerospace and the CIA. I learned the most advanced computer systems at the time, and learned that cybersecurity was my purpose in life. To find out the whole story, watch this video.

How I Became a Cyber Security Innovator (Part 1)

On this episode of Life of a CISO, I answer some questions I’ve been asked to help viewers become a world-class CISO. How do you calculate risk in an organization and communicate that calculation to executives? What makes someone a good or bad fit to be a CISO? Do you have to be an expert in cybersecurity to be a world-class CISO? How do you get the first CISO position with no experience? How do I ace the interview? Should I continue my formal education? And finally, I end with a 45 Day CISO challenge. If you complete this challenge, in 45 days, you will have enough knowledge and make the right contacts to be well-suited to find your first CISO position. To find the answers to these questions, watch this video.

How World Class CISOs Manage Risk | Does a CISO need to be technical?

This episode of Life of a CISO is all about mindset. If you want to be a successful person, whether it’s as a CISO or anything else in life, you have to find your limiting beliefs, and then turn them into empowering truths. What are the things that are holding you back? What is the 4 minute mile in your life that seems impossible but isn’t? Once you find them, you have to become obsessed. Do everything you can that is in alignment with your ultimate purpose. Then, bake your pie. That means, do the thing you are passionate about, and do it better than anyone, and outhustle everyone, and you will become undeniable.

How to Develop a World Class CISO Mindset

On this episode of Life of a CISO, I go through the steps you must take to prepare for your interview as a CISO. Remember, you may not get the job on the first try, but if you make it your goal to have 500 interviews, you will absolutely succeed. Here is what you need to know to ace the interview: If you want to be a world class CISO, you must own the interview by understanding the business, take control of the first 3 minutes, and speak the language of the executive. Also know what is the business, how do they make money, and what is their competitive advantage? Have a world class CISO mindset, not a security engineers mindset. Good luck out there!

How to Prepare for a CISO Interview

On this episode of Life of a CISO, I explain why it’s important that CISOs are expected to have a seat at the executive table. Executives all have their specialties, whether it’s growing the business or counting the beans, and a CISO is also an executive position. As a CISO, it’s your job to understand the threats that the business is facing, and to speak the language of the executives (which is money!) to enable the business. In the same way that an insurance adjuster calculates and quantifies risk, that’s what a CISO does. For example, a ransomware attack has X percent of being perpetrated against your organization, and if it were successful, it would cost Y dollars of damages. You may not realize this, but the adversary is doing his own calculations on how much he can ransom you for before you go on the offensive and fight him back; he wants to make it as painless as possible to pay him off and make your problem go away. As a CISO, you need to communicate how much money the executives can save by strengthening their defenses against attackers. This is high-level executive management, which is separate from the nuts and bolts of writing code and monitoring activity “on the ground.” That’s why a CISO is a “Chief” Information Security Officer.

CISO V.S CEO_  Why CISOs Need to Have a Seat at the Executive Table

Although I use the word CISO every day, on this episode of Life of a CISO, I review what it really means to be a Chief Information Security Officer. The CISO’s primary job is oversight and accountability, and in order to do this, he must understand what the organization’s cybersecurity threats are, and be able to communicate that information to both executives and engineers. Engineers understand very technical terms like “hashing algorithm” and “crypto-free zone,” and executives understand one language: MONEY! If you can properly explain what your security needs are, and how much it “really” costs to protect your organization, then you can let the executives focus on growing the organization and the IT department focus on keeping the organization safe.

What it REALLY means to be a Chief Information Security Officer

Cyber Defence

Information Security

Cyber Security

The IT security community on BrightTALK is composed of more than 200,000 IT security professionals trading relevant information on software assurance, network security and mobile security. Join the conversation by watching on-demand and live information security webinars and asking questions of experts and industry leaders.

IT Security

As an IT professional, many of the problems you face are multifaceted, complex and don’t lend themselves to simple solutions. The information technology community features useful and free information technology resources. Join to browse thousands of videos and webinars on ITIL best practices, IT security strategy and more presented by leading CTOs, CIOs and other technology experts.

What it REALLY means to be a Chief Information Security Officer

Presented by

About this talk

More from this channel