From Security Weekly Wiki
Revision as of 03:37, 2 March 2020 by Matt (talk | contribs)
Jump to navigationJump to search

Recorded March 9, 2020 at G-Unit Studios in Rhode Island!

Episode Audio


  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting and clicking the button to join the list! You can also submit your suggestions for guests by going to and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Summer Fowler, Argo AI

    Summer Fowleris the CIO at Argo AI

    Summer Craze Fowler is the Chief Information Officer at Argo AI and an adjuct faculty member at Carnegie Mellon University. Argo AI is an artificial intelligence company developing self-driving vehicles with a focus on making affordable, safe transportation available to everyone. Summer was previously a technical director at Carnegie Mellon University’s CERT cybersecurity program where she spent 11 years researching and developing cyber security risk and resilience solutions for the US govt and the nation’s critical infrastructure. Summer is a member of an audit committee for a large healthcare company and is a cyber risk advisor for a FinTech company. She also develops and teaches for several Executive Education programs for CISOs, CROs, CIOs, and insurance professionals. She is passionate about helping women launch and advance in careers and serves on the board of a local non-profit, PA Women Work. Summer is often requested to speak at cyber events around the world - notably the World Conference on IT, RSA, and to provide testimony in the US Congress.

    Segment Topic:
    InfoSec World Conference 2020

    Segment Description:
    I am the Co-Chair of the Leadership Board for InfoSec World Conference in Orlando, FL this March 2020. This is an excellent opportunity for Executive, Management, and Technical teams to attend a conference together to learn more about both the business of cyber security and the latest in technical capabilities.

    Segment Resources:

    Leadership Articles

    • THE GREAT CEO WITHIN - If you’re looking for a primer on many of the responsibilities of being a startup CEO, read The Great CEO Within by Matt Mochary.
    • CISOs who leave after 2 years may not finish what they start - The average tenure for a CISO is about 2.1 years, according to research from Korn Ferry. The information security industry has a 0% unemployment rate, competition for talent is unrelenting — even in the C-suite. "Unless you sit in a role for an extended period of time, you don't know that the next transition is coming," said Dave Estlick, CISO of Chipotle.
    • Most CISOs ready to move jobs if something better comes along - The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached. The research analysed responses from 500 senior security practitioners and CISOs working at businesses with over 500 heads around the world and found that only 7% of US CISOs were not actively looking or willing to consider a change of employment, compared to 11% in APAC and 16% in the UK and Ireland.
    • How 4 CISOs handle stress on the job - Nearly 90% of CISOs say they are under moderate or high stress, according to a Nominet survey. Here’s how 4 CISOs handle stress:
    1. Andy Kim, CISO at Allstate, approaches cybersecurity like an automobile assembly line. His team pulls in the metaphorical steering wheel, air bags, brakes and seat belts. "Security just happens because it is part of the product delivery, like air bags and brakes," he said.
    2. A good CISO knows they "will never get risk to zero" and security is a distributed effort throughout an organization, says Greg Touhill, former US Federal CISO. "Never over-promise and under-deliver."
    3. "It's important for any high stress role to be able to step away and take time off. Time off does not mean you are tethered to your phone every waking minute," said Jadee Hanson, CISO at Code42. "I am talking about real time off, where you can step away from work and recharge, gain perspective, and come back refreshed to tackle the countless problems that will always be there."
    4. While public relations may be less forgiving, industry recognizes a CISO's performance is quantified beyond a singular event. "Developing a strong team, building relationships, growing trust with key stakeholders and the ability to align executive leadership is key to success”, says Dave Estlick, CISO at Chipotle.
    • Innovation requires radical choices - “Risk is where innovation occurs”, says Margaret Heffernan, author of Uncharted: How to map the future together. She says start with a “Blank canvas” and instil family values in the business.
    • A New Framework for Executive Compensation - The Evolution to a New Standard in Long-Term Incentive Pay:
      • Mission/purpose-driven
      • Stakeholder-centric
      • Stakeholder outcome-focused
      • Financial and nonfinancial goals
      • End-to-end cycles, using the same outcome measures for each cycle
      • Goals that improve: (1) at a set amount over prior cycle and (2) relative to peer performance

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+