While CISOs are not excited to receive your unexpected phone call, they are excited to listen to this week’s episode of CISO/Security Vendor Relationship Podcast.



This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Helen Patton (@OSUCISOHelen) CISO, The Ohio State University.

Thanks to this week’s podcast sponsor GitGuardian

GitGuardian empowers organizations to secure their secrets – such as API keys and other credentials – from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline.

Got feedback? Join the conversation on LinkedIn.

On this week’s episode

Why is everybody talking about this now

Are we making ourselves safer by calling end users “dumb”? On LinkedIn, Shaun Marion, CISO, Republic Services called out those security professionals who chose to put down the end user. As a result, security professionals in aggregate are getting a bad wrap.

What do you do to change this long held belief of security professionals as putting down the end user?

Rich Mason of Critical Infrastructure said, “offer something beyond training to mitigate the damage potential of that click. You can bash those who don’t heed your advice on running with scissors or you can design better processes and safer scissors.”

How do you go about building systems and behavior of the security team with the end user in mind?

Are we having communication issues?

There is ENDLESS debate on cold calling. I know most CISOs despise it, but as evidenced by Ross Gustavson of Reciprocity, he met 120% of his sales quota solely on cold calling. He posted all his stats so you simply can’t argue with that success rate. And Jay Jensen of Sales Evolution said the conversation of cold calling should be about how to do it effectively, and not whether it should be eradicated. And Allan Alford said he wants the conversation to be about partnering with sales staff.

What is the communication you’re open to having with a security vendor to which you don’t currently have a relationship?

What’s Worse?!

Those miserable team building exercises. Is there a worse way to do them?

If you haven’t made this mistake, you’re not in security

Eli Migdal of Boardish ran a poll on LinkedIn asking how many cyber professionals suffer from impostor syndrome. Sixty two percent believed most did, and Allan Alford, who admitted having it himself, said he was on a call with 25 other security professionals and all of them admitted to suffering at one time from impostor syndrome. Why does this come about and is it healthy or detrimental?

RESOURCE: Do You Suffer From Impostor Syndrome? You Are Not Alone

Is this where I should put my marketing dollars?

On LinkedIn, I published an article entitled, “Formula for Creating a Successful Security Podcast.” In it I just talked about my experience publishing successful and not successful shows. I’m a proponent of security vendors using their marketing dollars to produce podcasts because it’s a means to create a one-to-many and many-to-many relationship with the audience.

Focusing on other security and technology podcasts, what makes us excited to listen to a show and actually engage with the show or other listeners. And have we for any reason stopped listening to a show and why?

NOTE: CISO Series and its parent company Spark Media Solutions is now offering consulting and production services for others, including vendors, who want to launch and maintain their own successful podcast. Please contact me, David Spark, for more information.