Here are five of our best moments from CISO Series Video Chat: “Hacking Regulations: An hour of critical thinking of moving regulators from operational to risk-based auditing.” 

Our guests for this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Kenna Security

Best Bad Idea (What NOT to say to an auditor)

Congrats to Kevin Hakanson, sr. solutions architect, AWS for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“I could be a better auditor than you.” – Matthew Thomson, principal consultant, cybersecurity, Core BTS

“Our policies are passed down via an oral history tradition.” – Stephen Cicirelli, CISO, American Bureau of Shipping (ABS)

“We were told you were starting the audit on Monday. Can you wait for me to delete some logs?” – Dutch Schwartz, principal security specialist, AWS

“Oops, you weren’t supposed to see that.” – Craig hurter, director security operations, Colorado Governor’s Office of Information Technology

“Do you want to take this outside?” – – Craig hurter, director security operations, Colorado Governor’s Office of Information Technology

“Did you get the gift cards? I clicked the link last week.” – Kevin Hakanson, sr. solutions architect, AWS

“Those who can’t, audit.” – Shawn M. Bowen, VP, information security (CISO), World Fuel Services

“I bet I scored better on my CISSP than you.” – Matthew Thomson, principal consultant, cybersecurity, Core BTS

“Here is the cherry picked information you requested.” – David Christensen, director of global information security engineering and operations, WEX

“My CEO serves on your board so I’m gonna just assume we’ll pass the audit.” – Dutch Schwartz, principal security specialist, AWS

“THANK GOD YOU’RE HERE. I’M COLORBLIND!! PULL THE BLUE WIRE!!!” – Valerie Apperson, digital web copywriter, NowSecure

“I wanted to get to know you so I had my red team do some digging. If you pass me, I’ll just go ahead and delete those files.” – Dutch Schwartz, principal security specialist, AWS

“You remember how Stephen Colbert used the word ‘truthiness?’ I’m gonna need you to get behind that word so we can pass.” – Dutch Schwartz, principal security specialist, AWS

“I’m gonna leave this stack of cash on the desk while I walk to the cafeteria…” – Dutch Schwartz, principal security specialist, AWS

“We leave the server room door propped open in order to keep the room cooler.” – Steve Cobb, CISO, One Source Communications

Making regulations ten percent better

“Hire someone to oversee only inventory management.” – Sandor Slijderink, CISO (interim) & executive leader, GO! Residency™

“Ask the practitioner, ‘And how does what you do impact your top three business initiatives?'” – Dutch Schwartz, principal security specialist, AWS

Quotes from the chatroom

“If you have competent auditors, a good relationship can make your life a lot easier.” – Shawn M. Bowen, VP, information security (CISO), World Fuel Services

“I tell the auditor things we suck at to help them tell the story I want so I have an ‘independent’ person also saying I need something.” – Shawn M. Bowen, VP, information security (CISO), World Fuel Services

“Credentials should be part of your selection process in picking the auditor in the first place.” – Scott Foote, CISO, DPO, managing director, founder, Phenomenati

“Make sure that documentation is part of the ‘Definition of Done’ -project is not ‘done’ until it is documented.” – Rob Gray