It doesn’t matter which security awareness training program you purchase. Your staff is going to do whatever they can to either tune out or get out of this annual compulsory exercise.
This week’s episode of CISO/Security Vendor Relationship Podcast was recording in front of a live audience at athenahealth in Watertown, Massachusetts. The recording features me, David Spark (@dspark), producer of CISO Series, my guest co-host, Taylor Lehmann (@BostonCyberGuy), CISO, athenahealth, and guest Marnie Wilking, global head of security & technology risk management, Wayfair.
Thanks to this week’s podcast sponsors, Check Point and Skybox Security
Got feedback? Join the conversation on LinkedIn.
On this week’s episode
Pay attention, it’s security awareness training time
Jinan Budge of Forester finished a report on security awareness training programs. She found a trend that supported both the need for compliance and the need to actually train employees to be more security aware. We discuss what actually works to get people to be more aware of cybersecurity.
What do you think of this vendor marketing tactic?
At RSA, I talked to a vendor who told me about their new solution. It was so unique that Gartner was creating a new category for their product with yet another acronym. UGGH, another category for which you have to educate the market? And now you have to convince buyers to create a new line item for this category? And now what is that going to do to your marketing budget? It didn’t take much convincing for me to point out that their product was just third-party risk management.
Admittedly, cybersecurity professionals love the new and shiny, but where do we draw the line about learning something new in cybersecurity and adding confusion to the marketplace?
It’s time to play, “What’s Worse?!”
Two rounds, lots of debate.
Where does a CISO begin?
When we hear about digital transformation, it is being done for purposes of speed, accuracy, and business competitiveness. Scott McCool, former CIO at Polycom was on our show Defense in Depth, disputed the common notion that security serves the business. Instead, he believes that security IS the business. And if you deem that to be true, then security can no longer can take a consultative role. It must take the role of brand and value building.
This is more than just a discussion of “shifting left.” What are actions that security must take to make it clear that they are part of making the business fast, innovative, and competitive?
Um… maybe you shouldn’t have done that
We tell talks of the worst proof of concept (POC) efforts.
Audience question speed round
We close out the show with a series of quick answers to audience questions.