As long as you reset it and repeat, everything in cybersecurity is “set it and forget it”.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Brett Conlon (@DecideSecurity), CISO, Edelman Financial Engines.
Thanks to this week’s podcast sponsor, Keyavi Data
Got feedback? Join the conversation on LinkedIn.
On this week’s episode
Why is everybody talking about this now
On LinkedIn and on Twitter, I asked “Is there anything in cybersecurity that’s ‘set it and forget it’?” There were plenty of funny answers like “Passwords” and the “Off” switch. But there were some interesting answers like whitelists from Brian Haugli of Sidechannel security and ethics from Stephen Gill of Russel Holdings. So many treat security as “set it and forget it” but we know that’s a path to insecurity. Regardless, is there ANYTHING in security we can set and forget?
Question for the board
Our guest claims he’s got an awesome board. I don’t think we’ve ever heard that on our show. In most cases there’s either fear of the board or the CISO doesn’t even get direct conversation with the board. I asked our guest what is it about his board that’s so awesome and what tips could he give to CISOs to move their board into that territory?
Who is going to handle physical assets the worst?
If you haven’t made this mistake, you’re not in security
Alexander Rabke, Splunk, asked, “How should sales people handle situations when, in fact, you are a security company with a security vulnerability (he also talked about a product not working) – what do you tell customers. How do you like to see this handled by the vendor?” I know a first response is to be honest, but they want to hold onto your business. What’s a way salespeople could go about doing that?
What do you think of this pitch?
We’re not talking vendor pitches in this segment. We’re talking candidate pitches. Gary Hayslip, CISO, Softbank Investment Advisers and former guest on this show has an article on Peerlyst, a platform which is unfortunately going away, about finding your first job in security. Hayslip’s first tip asks, “What information do you have?” Researching yourself is good advice, but I want to extend that to a question that I think puts you ahead of the pack and ask, “What’s your unfair advantage?” It’s a question that I heard investor Chris Sacca ask startups and I think it can also apply to individuals applying for jobs. Agree? If so, what are some good unfair advantages from candidates that have put them over the top?