Difference between revisions of "BSWEpisode165"
|Line 14:||Line 14:|
= Interview: Richard Clarke =
= Interview: Richard Clarke=
Revision as of 16:14, 2 March 2020
Recorded March 2, 2020 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Richard Clarke, Chairman and CEO at Good Harbor
Dick Clarke is the founder and CEO of Good Harbor Cyber Security Risk Management, and advises leaders in the public and private sectors on all issues of cybersecurity and crisis management. Clarke served in the White House on the National Security Council under President George H.W. Bush, President Bill Clinton, and President George W. Bush for an unprecedented ten years, as its chief counterterrorism expert and then as Special Advisor to the President on Cyber Security. In his role as the nation’s “Cyber-Czar,” Clarke developed the country’s first National Strategy to Defend Cyberspace. Since leaving government, Clarke has authored or co-authored nine books, including the international bestseller, "Against All Enemies," and his latest with Robert Knake, "The Fifth Domain."
Segment Topic: The Fifth Domain
- THE GREAT CEO WITHIN - If you’re looking for a primer on many of the responsibilities of being a startup CEO, read The Great CEO Within by Matt Mochary.
- CISOs who leave after 2 years may not finish what they start - The average tenure for a CISO is about 2.1 years, according to research from Korn Ferry. The information security industry has a 0% unemployment rate, competition for talent is unrelenting — even in the C-suite. "Unless you sit in a role for an extended period of time, you don't know that the next transition is coming," said Dave Estlick, CISO of Chipotle.
- Most CISOs ready to move jobs if something better comes along - The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached. The research analysed responses from 500 senior security practitioners and CISOs working at businesses with over 500 heads around the world and found that only 7% of US CISOs were not actively looking or willing to consider a change of employment, compared to 11% in APAC and 16% in the UK and Ireland.
- How 4 CISOs handle stress on the job - Nearly 90% of CISOs say they are under moderate or high stress, according to a Nominet survey. Here’s how 4 CISOs handle stress:
- Andy Kim, CISO at Allstate, approaches cybersecurity like an automobile assembly line. His team pulls in the metaphorical steering wheel, air bags, brakes and seat belts. "Security just happens because it is part of the product delivery, like air bags and brakes," he said.
- A good CISO knows they "will never get risk to zero" and security is a distributed effort throughout an organization, says Greg Touhill, former US Federal CISO. "Never over-promise and under-deliver."
- "It's important for any high stress role to be able to step away and take time off. Time off does not mean you are tethered to your phone every waking minute," said Jadee Hanson, CISO at Code42. "I am talking about real time off, where you can step away from work and recharge, gain perspective, and come back refreshed to tackle the countless problems that will always be there."
- While public relations may be less forgiving, industry recognizes a CISO's performance is quantified beyond a singular event. "Developing a strong team, building relationships, growing trust with key stakeholders and the ability to align executive leadership is key to success”, says Dave Estlick, CISO at Chipotle.
- Innovation requires radical choices - “Risk is where innovation occurs”, says Margaret Heffernan, author of Uncharted: How to map the future together. She says start with a “Blank canvas” and instil family values in the business.
- A New Framework for Executive Compensation - The Evolution to a New Standard in Long-Term Incentive Pay:
- Stakeholder outcome-focused
- Financial and nonfinancial goals
- End-to-end cycles, using the same outcome measures for each cycle
- Goals that improve: (1) at a set amount over prior cycle and (2) relative to peer performance