Do CISOs Have More Stress than Other C-Suite Jobs?

Do CISOs Have More Stress than Other C-Suite Jobs? - Defense in Depth

Why do CISOs seem more stressed out than other C-level executives?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Jared Mendenhall, Head of information security, Impossible Foods.

Got feedback? Join the conversation on LinkedIn.

Huge thanks to our sponsor Compyl

GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That’s why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.

Full transcript

[David Spark] Why do CISOs seem more stressed out than other C-level executives?

[Voiceover] You’re listening to Defense in Depth.

[David Spark] Welcome to Defense in Depth. My name is David Spark. I am the producer of the CISO Series. And joining me for this very episode, you know him as Geoff Belknap, CISO of LinkedIn. Geoff, say hello to the audience.

[Geoff Belknap] Hello, everybody. And welcome back.

[David Spark] I am hoping it’s welcome back. I’m hoping what you said on the last episode didn’t offend them and make them run away and unsubscribe.

[Geoff Belknap] So rarely it does. I hear very little of that, so I think everyone has forgiven us.

[David Spark] You rarely get a message from someone saying, “I love your show so much, I unsubscribed.” That doesn’t happen.

[Geoff Belknap] “If only Geoff Belknap wasn’t the cohost, this show would be amazing.”

[David Spark] We never hear that ever. Our sponsor for today is Compyl. That’s Compyl, and they are your all in one information security and compliance program. And we’ll be talking about them more later in the show. Let’s discuss our topic for today. This comes from a discussion on Twitter, which is unusual since we usually take discussions most often from LinkedIn. But this one came from Twitter. And the question was do CISOs undergo more stress than other C-level executives. And the question was posed on Twitter, as I said, from Frank McGovern of StoneX Group. Now, he posited that the role is not fully formed. CISOs don’t get enough resources, and possibly because they’re not given proper authority as an actual C-level executive. So, Geoff, this is obviously a very skewed question to a very skewed audience, but do the blurred lines of the CISO job increase the stress? And I’ll even say even more so than the CISO, who I got to assume that person has the most stress.

[Geoff Belknap] I think the short answer is no. I don’t think my job is more stressful than the CEOs job or the COO, or head of sales, or the general counsel. I definitely identify with the sense that it is not a fully formed role. Not every company understands what a CISO is, or should do, or what their requirements for the role should be. But I think we’re getting pretty close to figuring it out, and I think part of figuring it out is realizing that being a senior executive is challenging.

[David Spark] Yes, it is. And we had a lot of great comments from the Twittersphere. We’re going to get to that. and the person who’s going to help us in this discussion is somebody I got to meet in person. You unfortunately missed meeting him, but it was during our live audience recording that we did in Mountain View, California. So thrilled that he could come. He is the head of information security over at Impossible Foods, Jared Mendenhall. Jared, thank you so much for joining us.

[Jared Mendenhall] It’s great to be here, David. Thank you.

What are they looking for?

2:51.078

[David Spark] @smbciso… That is the Twitter handle. You’ll hear me mention many a Twitter handle on this episode. @smbcisco says, “Most organizations, the CISO is not a true officer of the company role. The role is not well defined and has different archetypes compared to other CXO roles.” This is a very much reoccurring theme, I’m going to say. Matt Stewart, who goes by @jackcerebellum, said, “No one can agree who the CISO actually works for or is responsible to.” That is something that’s come up many, many times. So, just comparing it to other C-level rules, whether they’re considered as C-level executive or not, of the others, it’s probably the last formed of the well known ones. There are as the sort of new C-level roles. But would you say it’s the last well known, Geoff?

[Geoff Belknap] I think it’s definitely the least well known in the sense that if you queried a thousand leaders what a CISO is, I think everybody would know roughly that it should exist and how information security works. I don’t think everyone would agree what the scope of the role is.

[David Spark] Yes.

[Geoff Belknap] And I think to Matt’s point, I don’t think anyone would agree who they should report to. I do think that creates a fair amount of stress for people that are in the role or looking to get into the role because not knowing what you’re responsible for… If I left my job, which is wonderful… And just so you know, I’m not thinking about leaving.

[David Spark] You’re telling me this? Don’t you want to tell the people at LinkedIn?

[Geoff Belknap] This is just for my boss. If you’re ever listening to this, I love you.

[David Spark] Has your boss ever listened to this?

[Geoff Belknap] And you’re perfect. That is a wonderful question, and I really don’t want to know.

[David Spark] [Laughs]

[Geoff Belknap] But my point is if I were to leave this role and go into another role, it is not a safe bet that that role would be the same in terms of scope, in terms of reporting.

[David Spark] Let me back track that same question. You’ve had other CISO roles.

[Geoff Belknap] I have.

[David Spark] Were they very different than the one you have now?

[Geoff Belknap] They have all been different, and special, and perfect in their own little way. But I have reported to a CEO, a CFO, a CIO, a CTO. I don’t think I’ve reported to general counsel previously. But I’ve reported all over the place.

[David Spark] Didn’t you at one time report to the head chef?

[Geoff Belknap] I did not, but I definitely… In a previous world, I did manage the warehouse and had been strapping stuff to pallets and stuff. Real start ups are a trip. But my point is, it is not a solved fact of like who the CISO reports to, what the CISO scope is, and how the CISO needs to operate. That is stressful. I have to figure that out in every new job, and it’s part of the discussion. And that’s a complicated political bureaucratic problem for you to solve. You also have to solve like how are you going to solve problems in this organization that doesn’t necessarily know how you fit in. And because the role is relatively new, you might be the first CISO that organization has ever had. Maybe you’re busy teaching that company what a CISO even is while you’re also trying to solve these very complex legal, regulatory, and technical problems.

[David Spark] Jared, I’m throwing this to you. Are you the first head of information security for Impossible Foods?

[Jared Mendenhall] I am, yes.

[David Spark] So, this is all brand new for people at your company.

[Jared Mendenhall] That’s correct, yeah. So, we started the information security program about three and a half years ago. I also have my boss listening, and she’s amazing, too. So, that’s… A shoutout to her.

[David Spark] There’s a lot of butt kissing of bosses on this episode. We haven’t had that before.

[Laughter]


[Jared Mendenhall] I think what they’re kind of getting to here is when you’re trying to justify why you’re there and why you’re part of an organization, it’s really hard to do our jobs. I think that adds to the stress potentially. So, I think having somebody there in the executive suite that’s supporting us that’s got our back so to speak, that makes such a huge difference and I think why it’s so important.

[David Spark] So, how much did you know…? First of all, in the three and a half years, has your reporting structure changed as to who you report to?

[Jared Mendenhall] No, thankfully. However similar to Geoff, I have reported to CTOs, and VPs, and other people in different organizations. But I would say here is broadly speaking we tend to get into these drawn out debates about where a CISO belongs, but I think it’s almost an advantage that we don’t belong in a specific spot because I think it changes based on the organization that you’re a part of. At the end of the day, what you want is the person above you that is going to be your biggest fan and your biggest advocate. So, I think as a community we have to stop getting hung up on where we report to and who’s actually helping us and helping define and support our mission.

[Geoff Belknap] I think that’s great – let’s focus on the outcomes, not the reporting relationships.

Where are we falling short?

7:52.708

[David Spark] David Weissbohn of Governors State University said, “I feel like the job itself isn’t more stressful, but it is somewhat less respected, even underfunded and misunderstood, is often cast in a bad light when the increasingly inevitable happens.” Now, I know our two guests are not going to say anything of that level since their bosses are listening in. Bruno Guerrero of Datasec said, “Most CISOs are actually InfoSec managers without real C-level experience. This turns down lack of business plan to engage authority and resources.” And Marshall Banana… I don’t know if that’s his real name, but he goes by @_mbanana, said, “Usually they seem to report to another C-level but have expectations of an independent entity.” So, a lot of this speaks to what level of authority you have, and what I’m reading in this is a whole mess of confusion, kind of tagging onto what we said in the previous one with the reporting structure. Responsibility without authority is a bad place to be. And that, I think, is irrespective of a C-level position. Yes, Jared?

[Jared Mendenhall] Yeah, I think like you said, when I hear these statements, I go back to authority and expectations. And because the role changes per organization, as part of our role as a CISO in the organization, it’s our job to help define those expectations – what things should we be doing, explain and train our executives so that they understand what we’re supposed to be accomplishing. But in terms of authority, I think the thing that we have to be careful with is if we don’t have authority or budget to solve a problem, it’s not our problem anymore. Because we’re not able to fix it. That’s, to me, more of a risk acceptance type conversation where we need to be informing and educating the rest of the executives as to those risks. And until the point where we do have that authority and budget, we can’t be responsible for that.

[David Spark] That is really well put. Geoff, I’m sure that you’ve heard complaints from fellow security leaders about not having the authority to fix things but being dumped on with responsibility. I like Jared’s comment of saying once that’s gone, somebody has accepted the risk.

[Geoff Belknap] Yeah, I think this is where I see some of my peers fall into this trap of I don’t have the authority to fix this and/or I am often looked upon with disdain as the person who just tells the executive team about problems. I think this comes from the same place, which is, look, your authority doesn’t come from who you report to. It comes from your ability to execute on that problem. Now, if you’re working in an organization where you know you do know actually what needs to be fixed and you have the ability to fix it, and the org is stopping you from fixing it because they say, “Oh, no, you don’t have the permission to tell me to fix this security problem,” I think that’s pretty unlikely. I think most people feel like they have a lack of authority because they don’t feel empowered to go drive a change, go fix things. And I’ll be honest, I think there are some instances where people legitimately don’t have the authority. But I think there are more instances where CISOs because of this awkward position that we’re in sometimes, whether it be reporting, or just we don’t know the role, or… And I think Bruno is making this point. Maybe you just don’t have executive experience. They feel limited in being able to engage with their partners and build relationships to fix problems. But I think the reality is just as Jared has put very well, if you can’t get that problem solved, it is then your responsibility to as least report and share that this problem exists and that it’s not getting solved with the rest of the executive team. And if you’re not going to get the resources or the support, or the prioritization to resolve that problem, it is no longer your direct accountable problem to solve. Now the company has made a decision that it is not going to solve that problem, and you need to move on. That doesn’t feel very satisfying, but at least it is closure for that problem.

[Jared Mendenhall] Well, and sometimes what’ll happen, too, is you’ll put a risk acceptance statement in front of the executives. And when you formalize the process, all of a sudden it becomes a higher priority. So, like, “Whoa, wait a minute. I have to sign something, or I have to sign off on this.” Suddenly maybe that authority and budget actually comes up for you.

Sponsor – Compyl

12:19.747

[David Spark] All right. Now, before I go any further with the show I do want to mention our sponsor, Compyl. Do you remember? It’s spelled weirdly, Compyl. They are the all in one information security and compliance program. And, heck, the new year is here, right? And what better time to take control of your security and compliance program. Well, you were doing it least year, but now it’s going to be even better because Compyl is the only all in one security and compliance automation platform that quickly integrates with the tools you use and automates, get ready for this, 85% of the day to day tasks all while providing complete transparency and comprehensive reporting along the way so you can actually see your productivity gain. So, why not start your free trial with Compyl today and see all those efficiency gains you can expect from a leading solution. So, learn about Compyl today at, get ready for this, www.compyl.com/getstarted. Remember, it’s spelled Compyl.com/getstarted.

Does it play nicely with others?

13:33.231

[David Spark] Fernando Montenegro of Omdia said, “I think it’s because…” It being the high level of stress. “…the expectations of most organizations have of the role are incompatible with how internal incentives and political capital are aligned. Interesting take here. CISO is not a savior.” Yes, good point. And Bob Kelso, also known as @bob_kelso_md, said, “The fact that CISO is always first up on the chopping block by default and by design should tell us we have not figured this out yet.” So, Geoff, I’m going to ask you, do you think the CISO is always up on the chopping block at the beginning?

[Geoff Belknap] I think we are way past a time where a CISO is the chief scapegoat officer. I tell this joke to… And I get it. But if we look at just the last five or ten years of history, this just isn’t the case. Companies do not regularly fire CISOs because of a breach or because of some compliance issue. They’re often fired, and they do not last long in the roles. But they’re often self-selected out of the role for a variety of reasons. But I just don’t see that happening. I can say I can’t think of a single person that was scapegoated for a breach in my peer group. So, it’s just not a thing. But the reality is…

[David Spark] What do you think of Montenegro’s comment about the fact that there’s no financial incentives attached to the CISO? That that’s why things aren’t aligned.

[Geoff Belknap] I generally think two things. Organizations ship their org chart. And so to some extent I do believe when the CISO isn’t part of the core organization or reporting to not necessarily even the CEO but to the part of the org that really shapes what that organization does, yeah, you miss out on security. I don’t think you have to structure my compensation to make sure that security is a focus area. But the company has got to believe that security is important to their success. I think a lot of what keeps me interested at LinkedIn is the fact that we lead with integrity. Trust is one of our core operating principles. We believe that security, and privacy, and safety, and trust are part of how we win as an organization. We try very hard and there are thousands of people engaged in making sure that ship safe, secure, and private products. That is always going to mean that we have more secure outcomes in the long run than our peers that don’t see it that way. And so I think it can make a difference, but I don’t think it’s strictly that you have to pay people to ship secure products.

[David Spark] Jared, I want to double down on this, Fernando’s comment about that the CISO role is so different than other C-level roles because it’s really hard to tie anything financial to it. What do you think?

[Jared Mendenhall] I actually disagree. I think the value that security brings fundamentally is that we provide a level of best practice and diligence to projects and initiatives in the organization. I can think of countless examples of that – things that we’ve done across some of the companies I’ve worked at. But our value is making sure that things are done the right way. Unfortunately often times when the business is launching an initiative, it’s very tempting to go cheap and fast. Right? Do something quickly, get it down the road. But inevitably it blows up or something goes wrong. And so I think for us to align with the business, to add value to what we’re doing fundamentally, is making sure they’re following best practices and showing the organization the right way to implement and do things so that we stay in compliance and that things do stay secure.

[David Spark] I should mention and I want to just sort of clarify what I said about Fernando. He didn’t really actually call out financial incentives. He just said internal incentives and political capital, which I was extrapolating to be financial, but it could be other things as well.

[Geoff Belknap] I do think there is… Look, there are definitely people in senior leadership that think, “Oh, you’re head of security. You’re just going to take care of all the security problems.” That is something that if you have never had a CISO before, the CISO is going to have to spend some time getting the org to disabuse itself of that notion.

[David Spark] Well, you shouldn’t take a role if that’s what they think. Because you’re going to be…

[Geoff Belknap] I don’t know, maybe.

[David Spark] Don’t you think you’re going to be in a hard place really quickly?

[Geoff Belknap] But maybe it’s an impactful role. Maybe you feel confident you can make that change. At some point somebody has got to take that job and be the person that helps the organization learn what good security is about. It’s not going to make it easy, but there are lots of challenging roles out there. Maybe that’s for you.

Why are they behaving this way?

18:16.481

[David Spark] Anahi Santiago, CISO of ChristianaCare, said, “The risks we have to manage change almost daily. The threat landscape is volatile and so are our days. Most of us may have relatively higher levels of stress, but we are good at stress management. Otherwise we may not survive in these roles. Many of us thrive in it.” Some people do get a charge out of it. B. Carlos, @IR_Bryan77, said, “Anyone with the weight of leadership deals with stress. This isn’t exclusive to CISOs.” Very good point. And Martin Whitworth of S&P Global Ratings said, “A board member once told me that, ‘Watching CISOs report to the board had been like watching adolescents struggling to become adults in a new land.’ Maybe we need to work on that transition.” Do you find that amusing, Geoff?

[Geoff Belknap] I do. I think as a parent of children who are in this phase…

[David Spark] Of being CISOs? Your children are also CISOs?

[Geoff Belknap] No. Oh my God, I hope not. I hope they choose…

[David Spark] Reporting to the board.

[Geoff Belknap] …a better career than what their father has chosen.

[David Spark By the way, my dad would say the same thing. My dad was a doctor, and people would say, “Is your son going to become a doctor?” And he goes, “I won’t let him.”

[Geoff Belknap] [Laughs]

[David Spark] Which he was joking, but…

[Crosstalk 00:19:26]

[Geoff Belknap] Look, if they want to get into the profession, that’s great. But I think we all hope that they choose better than we did. I do think the phrase that I often talk to other parents about is you don’t want to interrupt a child when they’re doing something risky but cautiously. When they’re approaching it with the appropriate respect, you got to let them make mistakes because those are how you learn. I think if they’re going to try skateboarding and they’re wearing a helmet and pads, they’re going to fall down and hurt themselves a little bit. But they’re eventually going to be figure it out. Maybe they’re good at it, maybe they’re not. When you report to a board… And certainly I can say the first couple of times I met with board members and reported to a board, it was a little bumpy. But you eventually figure it out. I think it’s just a matter of CISOs have to figure out how to have a conversation that adds value to the thinking of board members and other executives and how a business works. It is definitely… I think we talked about this at the top of the show. We are not in this role because we are the and we shouldn’t be…the best technologist and engineer that might exist in the organization. It’s an executive leadership role, and you have to be good at executive leadership. Otherwise, you are going to struggle.

[David Spark] Very good point. It is a stressful role, as Anahi Santiago points out. But everyone, if you got leadership, you got stress. Reporting to the board specifically for CISOs is kind of a discovering yourself phase. What’s your take, Jared?

[Jared Mendenhall] Yeah, I’d like to double down on what Anahi said because what she talked about was the shifting and volatile landscape of security. And yes, it’s stressful, but we thrive in this. To me, that’s what makes our jobs interesting and engaging. We’re constantly having to think creatively. We have to solve problems. As I always tell my team, there is never a boring day in security. I think it’s that level of curiosity and drive that security professionals have that makes our jobs interesting, too.

[David Spark] Do you feel that the stress to some level actually feeds you well? Like it doesn’t bring you down, but you’re like, “Oh, this drives me a little bit harder.”

[Jared Mendenhall] I would say you shouldn’t be comfortable as probably any executive and certainly as a CISO just because the threat landscape is so crazy, and there is so many things happening. There’s always things that we can’t predict. There’s always something that’s going to jump out of a back corner on our back, no matter how well you’ve planned out your year or your roadmap. And I think the right level of stress is good.

[David Spark] Hold on, so I want to know – what is the right level of stress? Because I don’t know if I’ve ever heard that phrase before. I think we’re all dying to know what that formula is.

[Laughter]

[Jared Mendenhall] I think the right level of stress is enough to feel uncomfortable but under control. If you feel like you’ve really lost control and the horses are out of the pen, at that point that’s not fun. Because then at that point, you’re doing firefighting essentially.

[David Spark] All right, I’ll take that. that’s a pretty good definition. What do you think, Geoff?

[Geoff Belknap] I think that’s a great level. I think the way I would think about it is the right level of stress for you is the level of stress you feel comfortable managing. I do think this can be a very stressful job, not uniquely stressful. I think there are a lot of general counsels and CEOs that are feeling similar levels of stress. But for a second, let’s take a step back and think about two things. One, it’s entirely likely that the CISO role self selects for people that are not risk averse but are risk takers that are people that seek out maybe subconsciously these kind of roles where you might be dealing with crises, or it might be a little more chaotic. But also this is a very high impact role. And one of the things that attracts me to it and why I keep coming back to this role is I like to have a big impact on the organization. I want my failures to matter just as much as my successes. Because if you’re doing a role where it does not matter if you fail, maybe your role doesn’t really matter. Maybe it isn’t a high impact role for the organization. For me, that just wouldn’t be very interesting. I think the reality is I wish it had a little bit less stress, but clearly I’ve been able to find a way to manage the stress. The role has the impact that I like, and it has access to all kinds of problems that are interesting and engaging for me. I think the only thing I wish is that we could fast forward about ten more years and really understand the consistent scope and responsibilities for the role across everywhere. But I think we’re going to get there. I just don’t think this is ever going to be less stressful than it is today, and I think the job is becoming way more mainstream. I feel like we’re not going to have this podcast two or three years from now with this same topic.

[David Spark] Well, I hope we still have the podcast two or three years from now.

[Geoff Belknap] Well, listen, this podcast is already the number one podcast that anybody could possibly listen to in the information security space, but we’re not going to talk about this topic again in the next couple of years. I think we’re going to figure this out.

[David Spark] You heard it from one of the cohosts – it’s the number one podcast.

[Laughter]

[Geoff Belknap] As far as I’m concerned, it’s the number one podcast that I listen to.

[David Spark] All our shows are doing quite well, I should say.

Closing

24:39.127

[David Spark] Hey, that brings us to the end of our discussion. The first thing we do before we close is I ask both you, Geoff, and our guest, Jared, which quote was their favorite, and why. So, I’m going to start with you, Jared. Did you pick a favorite quote? And why did you like it so much?

[Jared Mendenhall] Yeah, actually my favorite quote is the one we just talked about. I don’t know if you want me to pick a different one.

[David Spark] Anahi’s one?

[Jared Mendenhall] Correct, yeah.

[David Spark] Okay. And why did you like that? You don’t have to repeat it again because we were just discussing it. Why do you like it so much?

[Jared Mendenhall] Yeah, for the same reasons we talked about. It takes a certain kind of person to thrive in this role, but it’s that uncertainty, it’s that ambiguity, it’s that need to be creative and come up with solutions and enable the business. Again, I think that’s what makes the job exciting and fun for us as security professionals.

[David Spark] Good point. All right, Geoff, your favorite quote and why.

[Geoff Belknap]  I’m going to go with I think it’s Bryan Carlos says, “Anyone with the weight of leadership deals with stress. This isn’t exclusive to CISOs.”

[David Spark] Yeah, I think that’s also the theme of this discussion is we haven’t cornered the market on stress.

[Geoff Belknap]  I would like to believe we have, especially when I’m feeling stressed. I would like to believe, look, I’m the only one that’s stressed. Everyone, please give me attention and comfort me. But the reality is, no, this is not the only role that has an immense amount of stress. Talk to a salesperson when the quarter is coming to an end. See how they feel, see if their job is easy. Talk to a recruiter who’s trying to recruit a role. Talk to a CEO that’s trying to launch a new product. Talk to general counsel that’s working with a lawsuit. There are crazy amounts of stress for roles that matter. We’ve picked this role. It’s not going to get any easier, and we just have to find ways to manage it. The reality though is other people have these stresses.

[David Spark] Yes, I would say that is thematic that CISOs haven’t cornered the market. They’re not necessarily the most stressed, even though we spoke to a very slanted audience here. But I think what was also clear that we discussed at the beginning of the show is that there is a lot of confusion around the role and who you report to, and that alone can create confusion and potentially stress attached to it. But if you mange it right, like the two of you said, it’s a welcome level of stress because you’ll still be in control.

[Geoff Belknap]  I don’t know about welcome. Is stress ever welcome? I think it’s a manageable level of stress.

[David Spark] Manageable level of stress, I guess is a better way of putting it. I don’t want to give… I’m not buying stress gift cards for my fellow CISOs.

[Laughter]

[Geoff Belknap]  No. What would that take look like? “Here, take some stress.” Actually that would be fantastic. You could sell stress offsets.

[David Spark] Stress offsets.

[Geoff Belknap]  Like, “I have a lot of stress here.”

[Crosstalk 00:27:19]

[David Spark] Oh my God, that… Forget the giving the iPods to CISOs for a meeting. If you could give them a stress offset card, you’d totally get a meeting, wouldn’t you? That would do it.

[Geoff Belknap]  I think we have a new business venture. Let’s cut this and just go work on that.

[David Spark] Oh, we got to figure this out. Oh my God, we got to figure this out.

[Geoff Belknap]  We need a strategic stress reserve that we can dig into when we’re low on stress.

[David Spark] I want to thank our guest, Jared Mendenhall, who’s the head of information security at Impossible Foods. I’ll let you have the last word. The question I always ask is are you hiring, so make sure you have an answer to that. Also we want to hear more about Impossible Foods. I want to thank our sponsor for today’s episode, is Compyl, for sponsoring us. Remember how they’re spelled. As all these companies are spelled weirdly and differently, they’re spelled Compyl.com. Remember, that’s Compyl.com. Just go to that web address and then /getstarted to learn more about Compyl. Geoff, by the way, pretty much has the same close every time. He’s hiring all the time. If you don’t want to work with him, there’s tons of jobs on LinkedIn. But anything else you want to add, Geoff?

[Geoff Belknap]  I think the same thing I say every time – if you don’t have 2FA enabled on all your social media accounts or any of your personal accounts, please turn it on. It’s almost always cheap, and free, and easy.

[David Spark] I have had a situation with Mail Chimp where they actually give you a discount if you turn it on.

[Geoff Belknap]  Look at that.

[David Spark] I thought that was kind of a handy little incentive.

[Geoff Belknap]  You, too, could get a discount. Go do it. It’ll make your life that much better.

[David Spark] I like that. Jared, are you hiring, and tell us…? Go ahead, make a plug for Impossible Foods.

[Jared Mendenhall] Yeah, obviously we’re always looking for great talent. We have a great team at Impossible. I’m really proud of what we’ve been able to put together. So, if you haven’t tried Impossible yet, obviously we encourage you to do so. We’ve got a variety of great plant based products. They’re super delicious. We have a great time behind them that are developing I think the best…I might be biased but some of the best products out there on the market. Impossible Starbucks sandwiches is personally my go to, but we just came out with…

[David Spark] And you don’t have to be a vegetarian to enjoy them, right? It’s not a requirement.

[Jared Mendenhall] It is not a requirement.

[Geoff Belknap]  I am not a vegetarian, and I love Impossible Meats. And I love that, hey, we’re actually talking about something I can wholeheartedly recommend on this program without feeling like I’m getting in trouble later.

[Jared Mendenhall] There you go.

[David Spark] You won’t get in trouble. [Chuckles] Well, excellent. Thank you, everybody. And I want to thank our audience as well. We greatly appreciate your contributions and for listening to Defense in Depth.

[Voiceover] We’ve reached the end of Defense in Depth. Make sure to subscribe so you don’t miss yet another hot topic in cyber security. This show thrives on your contributions. Please write a review, leave a comment on Linked in or on our site, CISOseries.com, where you’re also see plenty of ways to participate including recording a question or a comment for the show. If you’re interested in sponsoring the podcast, contact David Spark directly at David@CISOseries.com. Thank you for listening to Defense in Depth.

David Spark
David Spark is the founder of CISO Series where he produces and co-hosts many of the shows. Spark is a veteran tech journalist having appeared in dozens of media outlets for almost three decades.