BSWEpisode165

From Security Weekly Wiki
Revision as of 16:12, 2 March 2020 by Matt (talk | contribs)
Jump to navigationJump to search

Recorded March 2, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Richard Clarke


    Leadership Articles

    • THE GREAT CEO WITHIN - If you’re looking for a primer on many of the responsibilities of being a startup CEO, read The Great CEO Within by Matt Mochary.
    • CISOs who leave after 2 years may not finish what they start - The average tenure for a CISO is about 2.1 years, according to research from Korn Ferry. The information security industry has a 0% unemployment rate, competition for talent is unrelenting — even in the C-suite. "Unless you sit in a role for an extended period of time, you don't know that the next transition is coming," said Dave Estlick, CISO of Chipotle.
    • Most CISOs ready to move jobs if something better comes along - The shortage of skilled security pros is creating an active recruitment market, with over 80% of CISOs saying they would consider a new role if approached. The research analysed responses from 500 senior security practitioners and CISOs working at businesses with over 500 heads around the world and found that only 7% of US CISOs were not actively looking or willing to consider a change of employment, compared to 11% in APAC and 16% in the UK and Ireland.
    • How 4 CISOs handle stress on the job - Nearly 90% of CISOs say they are under moderate or high stress, according to a Nominet survey. Here’s how 4 CISOs handle stress:
    1. Andy Kim, CISO at Allstate, approaches cybersecurity like an automobile assembly line. His team pulls in the metaphorical steering wheel, air bags, brakes and seat belts. "Security just happens because it is part of the product delivery, like air bags and brakes," he said.
    2. A good CISO knows they "will never get risk to zero" and security is a distributed effort throughout an organization, says Greg Touhill, former US Federal CISO. "Never over-promise and under-deliver."
    3. "It's important for any high stress role to be able to step away and take time off. Time off does not mean you are tethered to your phone every waking minute," said Jadee Hanson, CISO at Code42. "I am talking about real time off, where you can step away from work and recharge, gain perspective, and come back refreshed to tackle the countless problems that will always be there."
    4. While public relations may be less forgiving, industry recognizes a CISO's performance is quantified beyond a singular event. "Developing a strong team, building relationships, growing trust with key stakeholders and the ability to align executive leadership is key to success”, says Dave Estlick, CISO at Chipotle.
    • Innovation requires radical choices - “Risk is where innovation occurs”, says Margaret Heffernan, author of Uncharted: How to map the future together. She says start with a “Blank canvas” and instil family values in the business.
    • A New Framework for Executive Compensation - The Evolution to a New Standard in Long-Term Incentive Pay:
      • Mission/purpose-driven
      • Stakeholder-centric
      • Stakeholder outcome-focused
      • Financial and nonfinancial goals
      • End-to-end cycles, using the same outcome measures for each cycle
      • Goals that improve: (1) at a set amount over prior cycle and (2) relative to peer performance


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+