We’re looking for the one company brave/truthful enough to say they don’t care about privacy on the latest episode of CISO/Security Vendor Relationship Podcast.
This episode was recorded live on June 6th at The B.O.B. in Grand Rapids, Michigan at the 2019 West Michigan IT Summit, hosted by C3 Technology Advisors. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@allanalfordinTX), principal consultant at Side Channel Security. Our guest for this special live recording is the former CISO/CSO/CTO of the state of Michigan, Dan Lohrmann (@govcso).
Thanks to this week’s podcast sponsors C3 Technology Advisors, Fuze, and Assured Data Protection
Got feedback? Join the conversation on LinkedIn.
On this week’s episode
Should you ignore this security advice?
Yaron Levi, CISO of Blue Cross Blue Shield of Kansas City posed an interesting question, “Many people in security follow best practice without questioning them but in fact there are many BAD security best practices.” Levi asks the LinkedIn community and I also ask our guests, “What do you consider a ‘Bad Best Practice?'”
How to become a CISO
Aaron Weinberg, Kirlin Group, asks, “What would a CIO need to do to switch career tracks to being a CISO?” I’ll add why would you want to do that?
We’ve got two rounds of questions and conflict on at least one of them.
I tell ya, CISOs get no respect
Brian Krebs of Krebs Security asked, “Why aren’t CISOs often not listed on the executive page of a company website?” Krebs looked at the top 100 global companies and only found 5 that had a CISO listed. Of the NASDAQ 50, there were only three listed with a security title. But plenty had chief of human resources or chief marketing officers listed. One argument for the lack of front page visibility for CISOs is that companies value revenue centers over cost centers. Another argument is the reporting structure. That CISOs often report to CIOs. Is that why it’s happening, or is it something else?
Close your eyes. Breathe in. It’s time for a little security philosophy.
A question on Quora asks you to participate in this little thought exercise, “If you knew all computers would be erased tomorrow by a worldwide virus, what steps would you take to protect yourself?” It’s a little more involved than just unpluging your computer from the Internet.
Why is this a bad pitch?
I read a cringeworthy bad pitch and our CISOs respond. Listen to the end as I reveal something surprising about this very bad pitch.
And now this…
I burn through a stack of questions from the audience as we go into a cybersecurity speed round.