Episodit
-
In this episode of The New CISO, host Steve Moore sits down with Larry Pfeifer, CEO and President of Metrics That Matter, for a deep dive into the evolving role of the CISO and the increasing importance of cybersecurity insurance. Larry offers valuable insights drawn from his unconventional career in cybersecurity, sharing advice for CISOs and entrepreneurs alike. From the need for CISOs to shift from awareness providers to business decision-makers, to the surprising connection between cybersecurity and insurance, this episode is packed with thought-provoking discussions.
Listen to Steve and Larry explore the intersection of risk, metrics, and cybersecurity decision-making, and how customer service strategies from the Ritz-Carlton are being applied to improve client relations in cybersecurity.
00:00 - Introduction: Board Level Metrics in Cybersecurity
01:02 - Larry Pfeifer's Journey in Cybersecurity
01:56 - Cybersecurityâs Future: Insurance and Risk
03:56 - The Challenges of Cybersecurity Insurance
08:04 - Key Lessons for CISOs and Risk Management
12:00 - Client Management Post-Breach
17:30 - Optimizing Cybersecurity Investments
21:05 - Entrepreneurship: Realities and Advice
Links:
Larry Pfeifer on LinkedIn
-
In this episode of The New CISO, host Steve is joined by Larry Pfeifer, CEO and President of Metrics That Matter. Although Larry is not a CISO, he has worked in many adjacent fields, including the US military, university IT research, sales engineering, and more. As a result of his vast experience, Larry has a unique lens on cybersecurity. Listen to the episode to learn more about Larryâs fascinating career journey, what salespeople and IT professionals have in common, and why he decided to start his own business.
Listen to Steve and Larry discuss what makes working in IT at a university invaluable and when to talk about the vendor selection process:
Meet Larry (1:39)
As a CEO and entrepreneur, Larry does many different things in his daily life. His professional origins started in his high school Apple IIe classes, and later, he worked with new computer technology in the military.
Overall, Larry compares his career journey to Forest Gump, acknowledging the exciting and extensive path heâs taken.
After Service (6:39)
Larry details his next moves after completing his military service. He helped run an educational network at a university, which led to him being interviewed on Leonard Nimoyâs technology show.
Although there was no position like âCISOâ at the time, Larry also led a checkpoint on Salaraboxes, among other cyber-related projects.
Sound Advice (11:30)
Steve presses Larry on whether it is worthwhile for students to work in education networks at a university. Larry believes that if you have the opportunity, you should take advantage of it. After all, itâs high-paying, flexible, and allows you to do real, hands-on work.
Becoming an Entrepreneur (15:04)
Larry shares how he broke into sales engineering and started working for the Philadelphia Stock Exchange, among other places. He went from a career in IT research to sales engineering to becoming a salesman, adding another layer to his professional skills.
He also stresses the importance of discussing vendors and helping his peers determine what they like about their services, what they donât like, and their costs. This interest led him to become the CEO of his own information-sharing business.
Building a Brand (26:27)
Reflecting on the beginning of his entrepreneurial journey, Larry shares how he worked with potential clients and narrowed in on his focus.
Now, Larry is the CEO of a business that serves as a cyber-security platform. To do this job well, he understands the industry thoroughly.
The Right Metrics (33:32)
Through Metrics That Matters, Larry aims to simplify the cyber-security process by providing information that reports on a businessâs weak points and what they could do better.
Larryâs company fills in the technology gaps of CISOs, though he also knows there is no silver bullet to perfect cyber security. You must understand your environment and what your environment needs to secure your business properly.
Links:
LinkedIn
-
Puuttuva jakso?
-
In this episode of The New CISO, Steve is again joined by guest Grant Lockwood, Comedian, DJ, and the Chief Information Security Officer at Virtus Health. Today, Grant returns to explain how his approach to effective communication has evolved since becoming a security leader. Listen to the episode to learn the difference between safety and security, how stand-up comedy gave Grant an efficient framework for his CISO role, and the importance of having balance outside of work through hobbies.
Listen to Steve and Grant discuss how to maintain confidence in work and life and how to optimize your message to make the best first impression:
Comedy and Cyber Security (1:34)
Steve asks Grant why stand-up comedy has made him a better CISO. To Grant, stand-up helped him learn how to operate in a degraded state, which he finds comparable to dealing with cyber programs.
Like when a joke bombs, sometimes the most protected security programs can get hacked. Grant shares why these two mediums are similar and how both have given him the confidence to succeed in challenging situations.
Comfort and Confidence (4:12)
Grant shares how he determines his stand-up set lists and how to use that to get the audience on his side. He finds these lessons to also help in the workplace and understands the confidence that this framework provides.
Studying Delivery (6:45)
Grant reflects on the resources heâs utilized to become a better comedian, including listening to comedy podcasts. Ultimately, Grant expresses the importance of being economical with wordsâwhether at work or on stageâto become an effective communicator.
Good Advice (9:22)
Steve presses Grant on what advice he would give his younger self, especially reflecting on his journey from an admin role to where he is now. Grant advises listeners to stay curious and teachable since there is much to learn.
He also reveals why people should be well-rounded, T-shaped individuals and how hobbies can provide transferable skills.
Getting There (12:31)
Reflecting on his career, Grant explains what he meant when he said, âThe thing that got you there isnât what will keep you there.â He clarifies how his measures of success have changed as heâs learned more about how running a business works.
Learning From Community (27:12)
As both a comedian and a CISO, Grant explores how the security community could learn from the stand-up comedy community. Both communities are very supportive, but comedy is entirely audience-dependent.
Therefore, comedy can teach security professionals to have better communication by âknowing your audience.â
The New CISO (19:09)
To Grant, being a new CISO means being adaptable, learning both the business and security side, and improving those around you.
Links mentioned:
LinkedIn
Comedy Podcasts/Resources:
Dissecting the Frog
The Comedianâs Comedian Podcast
-
In this episode of The New CISO, Steve is joined by guest Grant Lockwood, Chief Information Security Officer at Virtus Health.
After starting his career in an administrative position, Grant found himself getting bored. After being urged by his wife, Grant turned things around and is now a DJ, comedian, and, of course, a successful CISO. Listen to the episode to learn more about Grantâs impressive career journey, how to make your content compelling, and the transferable skills from performing comedy.
Listen to Steve and Grant discuss how hobbies can make you a better security leader and the importance of adapting to your surroundings:
Meet Grant (1:33)
Before becoming a CISO, Grant was a health sector chief information officer for a health department. Although his current role is very different, he can see the similarities between the two positions.
Before these two roles, Grant had spent years in an administrative position. Not sure what he wanted to do, his wife encouraged him to take up some hobbies, leading him to become a more well-rounded security professional.
Being a DJ (7:18)
Grant explains what people donât know about being a DJ. He understands that what makes him a strong DJ is that heâs good at computers, demonstrating the similarities between cyber security and music.
Besides being a stress relief, Grant feels that being a DJ helps him with timing and being present, which he applies to his CISO role.
The Funny CISO (11:40)
Becoming a stand-up comedian has proven to be a transferable skill set for Grant. He reflects on how comedy helped him with his presentation skills and the ability to compel an audience.
Truth to Power (18:55)
Steve presses Grant on whether doing comedy has improved his ability to deliver truth to power. Grant understands how stand-up has expanded this skill set because he learned to hold othersâ attention.
Grant also shares his feelings on the âlizard brainâ and how this influences how we interact with others. Comedy taps into peopleâs lizard brains because it's an involuntary reaction that can bond us.
Being Adaptable (23:18)
Grant explains how stand-up forces you to adapt to your environment and use it to your advantage. This mentality also applies to presentations because you can shift gears based on your audienceâs reaction.
When you can adjust your performance to the mood of others, you can hold their attention long enough to communicate your ideas effectively.
A Better Training (27:12)
If Grant could advise a security training leader, he would suggest they ask themselves, âWould this be entertaining to my mom?â Teaching potential CISOs how to make their work captivating to a wider net will make them better security leaders overall.
Links mentioned:
LinkedIn
-
In this episode of The New CISO, host Steve is joined by returning guest SĂĄndor Incze, CISO at CM.com.
In part two of his interview, SĂĄndor shares his strategies for boosting team productivity. As a long-time security leader, SĂĄndor understands how to get the best out of his team. Listen to the episode to learn more about the difference between nervousness and excitement, the benefits of his CM model, and how running a cyber security staff is like soccer.
Listen to Steve and SĂĄndor discuss how software development is like an F1 race and how to make a candidate confident during an interview:
In the Interview (1:33)
SĂĄndor and Steve discuss high-stakes, stressful job interviews and how they can make candidates nervous. Although some security professionals are proud to make someone fumble during the interview process, SĂĄndor and Steve share how to bring out the best version of someone to see if they are the right fit.
CM Squared (8:56)
SĂĄndor shares the CM (or CM Squared) Model, a document he uses when auditing different companies' security systems to find their faults. With this model, SĂĄndor can simplify technologies for business leaders and enhance their protections.
Like an F1 Race (15:30)
Like F1 racing, SĂĄndor believes software development is a team effort. To help emphasize this metaphor, SĂĄndor explains how different members of security teams mirror the roles of a racing crew.
Team Strategies (19:49)
When SĂĄndor evaluates his role as a leader, he thinks of his staff as a soccer team. His team needs to score âgoals,â and as their âcoach,â it is his job to guide them.
He also shares his motto, âDo something you like, do something youâre good at, and contribute.â
The New CISO (27:12)
To SĂĄndor, being a new CISO means âkeep it simple.â
Making things too complicated does not stop cyber crimes. However, learning to talk to each other does.
Links:
LinkedIn
-
In this episode of The New CISO, host Steve is joined by guest SĂĄndor Incze, CISO at CM.com.
Today, SĂĄndor shares his untraditional path to a dual career in the Infosec and law enforcement industries. Through diligence, initiative, and automation, SĂĄndor has been able to balance both of his lifeâs passions. Listen to the episode to learn more about SĂĄndorâs extensive professional journey, the benefits of automation, and how personal interactions can shape your perspective on a crisis.
Listen to Steve and SĂĄndor discuss what a police officer and a CISO have in common and when itâs appropriate to be âlazyâ:
Meet SĂĄndor (1:33)
SĂĄndor has been passionate about tech since he was eleven years old. After tinkering around with an old computer at school, he became his schoolâs first administrator.
He credits this experience as his professional origin story.
An Opportunity With Law Enforcement (6:21)
SĂĄndor shares that he has been interested in law enforcement professionally since his youth. Although this path didnât initially work out, he was able to eventually combine his two passions into the dual career he has today.
Young and Successful (12:40)
By eighteen years old, SĂĄndor was already establishing a successful career and saw the financial benefits alongside that. Amusingly, he would buy a new motorcycle every six months, an impressive luxury for his youthful age.
A Man In a Suit (14:03)
After finishing his computer science degree, SĂĄndor tried to move into a law enforcement career. This attempt didnât work out as intended, so SĂĄndor had to go to a job wearing a suit rather than a preferred police officerâs uniform.
The Benefits of Laziness (16:18)
SĂĄndor jokingly admits he is lazy because of his love for automating repetitive tasks. However, this method has proven effective, revealing much about SĂĄndorâs perspective on work.
Lessons For the Listener (19:13)
After his third opportunity, SĂĄndor successfully transitioned into a law enforcement role. He initially started as a volunteer, but he was able to use his automation skills to gain respect, leading him to become a police officer finally.
Life In the Academy (24:50)
SĂĄndor reveals the age at which he joined the police academy and what being a security leader and officer have in common. A deep understanding of people and an accurate perspective on life are crucial mindsets to carry into both fields.
-
In this episode of The New CISO, host Steve is joined again by guest Ash Hunt, Global CISO at Apex Group Ltd.
Today, Ash shares how he transitioned from his career as a jazz musician into the vastly different world of cyber security. He also reveals his tips as a leader and a decision-maker. Listen to the episode to learn more about Ashâs unique professional journey, how security leaders inhibit their candidate search, and the secrets behind an empowered staff.
Listen to Steve and Ash discuss the power of delegation and how to determine the best time to find a new role:
Ashâs Return (1:39)
Ash returns to the podcast to share how he achieved his cyber security start. Initially touring as a jazz musician in London, Ash acknowledges how his past has helped him with his current career.
Fresh Challenges (10:13)
Ash explains when to seek new challenges to avoid professional stagnation.
He believes that when a company gets more out of him than he is out of that company, it is time to move on. This mentality has helped him decide when to leave an opportunity for a fresh one.
Being Creative (17:21)
Steve and Ash discuss the impact that they can have on others early in their careers. Ash tries to expose his interns to the industry as much as possible because there are so many exciting things to do in tech.
He believes leaders should be more creative when judging and developing talent. For Ash, creative compromise, persuasion, stakeholder management, and communication are skills that he considers when evaluating potential candidates.
Ownership and Delegation (22:01)
While discussing the importance of enabling your staff, Ash asserts what makes an effective leader. Allowing your team to own their work and delegating tasks creates an empowered and productive company culture.
Evaluating Loss (26:37)
Steve presses Ash on how he handles approaching inefficiencies at work, such as issues with AI, to the executive team. Ashâs answer is to follow the money and expose what people think is true, but it turns out to be the opposite.
Loss is rarely tracked, but pinpointing those causes can benefit your organization.
The Cost of a Breach (33:19)
Staying on the topic of loss, Steve and Ash reflect on the vast cost of a data breach and inefficient client management. Although Ash acknowledges that technology will be able to solve these issues over time, there is no harm in prioritizing clear data reports now.
New CISO (38:01)
To Ash, being a new CISO means converging cyber with technology. Ultimately, it is about working smarter, not harder, as a team.
Links:
Linkedin
-
In this episode of The New CISO, Steve is joined by guest Ash Hunt, Global CISO at Apex Group Ltd.
Today, Steve and Ash dive into the action of M&A (mergers and acquisitions) and how to conduct it well. As a CISO at one of the worldâs largest administrators, Ash shares his valuable insight on loss, risk, and revenue generation in a constantly changing IT environment. Tune in to learn more about what causes loss during a merger, why decision management and risk management are one and the same, and the cultural changes in the security industry.
Listen to Steve and Ash discuss how to quantify loss and what jaywalking and cyber security have in common.
Meet Ash (1:34)
Ash shares that he is proud to work for a fast-moving organization that has expanded worldwide. This growth has led to an exciting time from a technology and cybersecurity perspective.
Successful M&A (5:16)
Steve presses Ash on how to conduct M&A successfully. What hurts a business during an acquisition is when there are breaks in infrastructure that get overlooked.
Luckily for Ash, he has a strong team that prioritizes infrastructure integration to avoid loss and increase revenue.
Things in Common (12:25)
Ash reveals what jaywalking and risk have in common. For example, everyone in London jaywalks, but like in cyber security, there is a degree of risk.
Risk Management (15:10)
According to Ash, risk management is decision management. Decision science is a critical part of Ashâs approach to security.
Psychological barriers in the workplace halt optimal investment decisions that can generate revenue.
Adding Value (25:36)
Ash acknowledges that his most significant contribution toward his company is successfully integrating their infrastructure into one operating platform. He knows it will rationalize his tool stacks and clean up his budget, amongst other benefits.
He has seen other companies experience operation inefficiency, access control failure, and inadvertent data disclosure, which he actively prevents.
Changing the Operation Process (30:48)
Steve and Ash marvel at the operational changes that need to be done in security. For example, many people still default to email versus a more secure portal for data exchange.
In order to mitigate risk, cultural changes need to be made to operational processes.
Links:
LinkedIn
-
In this episode of The New CISO, host Steve is joined again by guest Ron Banks, CISO at Toyota Financial Services.
In part two of his interview series, Ron shares his career advice for new cyber leaders. Listen to the episode to learn more about Ronâs take on Chinaâs strategies, the importance of being inquisitive, and why we must be calm under chaos.
Listen to Steve and Ron discuss key attributes CISOs look for in a young manager and the importance of communication and leadership:
Where We Left Off (1:43)
Piggy-backing from the last episodeâs conversation, Ron explains the current state of our security concerning China and how theyâve recently gone dark. According to Ron, China has been playing 3D chess for a while and has found tangible ways to disrupt American life.
A Shoutout To Ron (10:19)
Steve gives a shoutout to Ronâs book, highlighting the state of American security and its relationship with China. Academic with numerous footnotes, Ronâs work provides readers with meaningful context related to cyber security.
Valuable Advice (12:20)
Ron reflects on the advice he wishes he could have given his younger self. He asserts that there is a path to cyber if you gain a technical foundation. He also shares how you need to be creative and curious to thrive in this industry.
Evaluating Young Leaders (15:16)
Steve presses Ron on how he evaluates young leaders in the security field. For the young manager, you must have the technical chops in addition to the personality.
Managers need leadership and communication skills to inspire their teams. And, of course, practice makes perfect.
Calm Communication (21:50)
Ron and Steve discuss why leaders should practice calm communication. Leaders must put their teams at ease when there is chaos.
New CISO (28:00)
To Ron, being a new CISO means also being a business leader. Bridging the gap between the worlds is becoming more and more necessary as the world progresses.
Links:
Linkedin
-
In this episode of The New CISO, host Steve is joined by guest Ron Banks, CISO at Toyota Financial Services.
In part one of his two-part interview, Ron shares how he transitioned from a fighter pilot to a cybersecurity leader. He also digs into what is required for a joint government, private industry, cyber offensive response. Listen to the episode to learn more about Ronâs years as a combat veteran, how the government can improve security strategies, and the necessity of political will.
Listen to Steve and Ron discuss the importance of public-private partnerships and the challenges of posing consequences on adversaries:
Meet Ron (1:35)
Steve introduces guest Ron Banks, a CISO, author, veteran, and academic. Ron details his duties as a fighter pilot and how he transitioned to education and then cyber security.
What He Misses Most (5:17)
Ron shares that what he misses most about his fighter pilot days is the rush from flying. However, he found the transition into cyber security simple because he gets to evaluate offensive and defensive security strategies reminiscent of his time serving.
Possible Friction (8:10)
Steve presses Ron on whether there is friction between cyber teams, their capabilities, and the grounds they are trying to defend on the private side.
Ron explains that the virtual defense of the United States contains over 200 government organizations, each controlling a different lane. The cyber camp mainly covers the DOD, which comes with problems.
On the Private Side (12:07)
When discussing the lack of consequences for bad actors, Ron shares the great strides the FBI has made to improve their relationships with law enforcement in other countries. Despite these efforts, the behavior of cyber criminals has not changed enough, demonstrating that there is more our government can do.
Things to Work On (17:54)
Ron shares some advice for new security leaders working within the government. He suggests focusing on public/private partnerships because sharing information is critical.
How Breachâs Occur (21:54)
Ron discusses his tips for dealing with a breach and why they occur. There is a strategy where they can impose consequences on cyber criminals, which his team has accomplished by focusing on counter-terrorism.
Ultimately, no more money needs to be invested, the relationships are built, and the technology is there, but there has to be the political will to defeat threat actors effectively.
Advice to Lobby (29:01)
Steve presses Ron on what it would take to lobby the government and get the necessary resources. Since the capability is there, Ron reaffirms that change is in the presidentâs control.
Links:
Linkedin
-
In this episode of The New CISO, host Steve is joined by guest Mani Masood, Head of Information Security and Applied AI at a prominent healthcare MSP.
Also a professor and family man, Maniâs various life experiences shaped his impressive decades-long career. Today, he shares his insight on balancing education with experience and embracing AI as a security leader. Listen to the episode to learn more about Maniâs career and education journey, the importance of having real-world skills, and what inspired Mani to write a book.
Listen to Steve and Mani discuss how to adapt to new technology advancements and if InfoSec professionals should champion AI:
Meet Mani (1:35)
Steve introduces guest Mani Masood, who has worked in the security industry for two decades. First, Mani started in IT before transitioning into Information Security. Now, AI has quickly become a significant component of his role.
Mani shares a story when a college professor saw his nervousness before an exam and suggested he get a job. His professor assured him that getting real-world experience would be extremely valuable.
Real World Expertise (6:49)
Mani reflects on how getting a degree is not the be-all-end-all of getting a job. Often, employers want to know what youâre capable of, which comes from having tangible skills applicable to your field.
He also explains to Steve why it took him six years to finish his education instead of four: because he was gaining real-world experience.
Times Have Changed (18:18)
Steve asks Mani about his perspective on the famous quote, âFor those who canât do, teach.â As technology has changed, Mani shares that nowadays, what you can do is more important than doing things right or following the status quo.
The Time For AI (24:28)
Like the tech boom, the AI era allows professionals to adjust to new advancements. Mani reveals that they have been trying to use artificial intelligence to solve InfoSec problems for some time, and this will become increasingly more possible as the tech matures.
Defending The Tech (28:49)
Mani discusses why security leaders should support AI and champion the technology within their organizations. Since InfoSec professionals have been working with AI for years, they should inspire others to believe there is a way to interact safely with this tech.
Maniâs Recommendations (32:18)
Steve presses Mani on his recommendations for security leaders when supporting artificial intelligence. Mani suggests that these leaders become comfortable with the tech themselves.
Every InfoSec tool now has some AI faction, so security leaders should learn as much as possible about its benefits before championing it. Ultimately, CISOs must do their homework to ease their organizationâs worries and create the necessary safeguards.
Writing A Book (41:32)
Mani shares why he is writing a book and what drives this project. He was first inspired to do so by a conversation with his wife. He initially sought to write a guide for his children, which led him to write a guide for other professionals.
The New CISO (48:23)
To Mani, being a new CISO means dealing with a new crossroads with technology. Whether youâve been in the business for a long time or are new to the role, you must adjust quickly, pivot, and learn with your team.
-
In this episode of The New CISO, Steve is joined by returning guest Dr. Adrian Mayers, VP and CISO at Premera Blue Cross.
As a veteran CISO, Dr. Adrian reveals his stress management and career tips. He also shares his thoughts on AI and its effect on the current threat landscape. Tune in to this weekâs episode to learn more about determining your next career move, giving yourself grace, and why we shouldnât vilify artificial intelligence.
Listen to Steve and Dr. Adrian discuss evolving technology and approaching the research part of the job:
Welcome Back, Dr. Adrian (1:32)
Dr. Adrian reintroduces himself and his current CISO role to the audience. Steve also reveals why Dr. Adrian is a pleasure to have as a guest and his appreciation for the spark he brings to the conversation.
Cutting CISOs Slack (5:40)
Dr. Adrian unpacks why CISOs deserve grace as the role evolves and the stresses change. Detecting threat actors is a lot of responsibility, which creates tremendous pressure and leads to burnout.
You can do better in your role long-term by understanding your limits and providing accurate expectations for the role.
Working Together (12:33)
Nowadays, taking criminal entities down requires foreign governments and the FBI to work together. Dr. Adrian shares his thoughts on this dynamic and how it takes a village to cover the defensive and offensive bases needed in the digital space.
The Right Research (19:28)
Steve presses Dr. Adrian on how he conducts research related to the job. Dr. Adrian has taken MIT classes and uses many online resources to obtain information.
There are many sources to pull from, but you must use common sense to determine your gaps on various security topics, including AI.
The Benefits of AI (25:02)
Dr. Adrian discusses the benefits of artificial intelligence and how it is a technology that will open up the possibilities of what cybersecurity professionals can do. Although people fear this new tech will replace jobs, it fits the natural order of human progress.
What Comes Next? (28:10)
Steve and Dr. Adrian contemplate the off-ramps of what can come after being a CISO. To move up, you must understand the industry's business side or have enough knowledge to transition into teaching.
Sponsorship is another aspect that CISOs can gain to determine their next career move. Ultimately, Dr. Adrian would like to redefine the work environment to support CISOs on their professional journey.
Keeping Your Eyes Open (36:56)
Steve asks Dr. Adrian how he knows when a CISO should seek new opportunities. How does he manage that internally?
Dr. Adrian believes people should be self-aware enough to understand if they want to move on based on interest or if they want a new professional environment. It is an individual decision.
Do CISOs Need Sports Agents? (45:46)
Steve presses Dr. Adrian on his quote about how CISOs need sports agents. Dr. Adrian means by that quote that security professionals, like many others, need management to guide them and help them find new opportunities.
Links mentioned:
LinkedIn
-
In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the final part of his interview series with host Steve.
In parts one and two, Chris shared his background and the lessons heâs learned during a breach. Today, Chris joins host Steve to discuss maintaining a productive outlook while looking for a new position. Listen to the episode to learn more about the lessons you can learn at every role, the importance of perception, and job-hunting challenges.
Listen to Steve and Chris discuss the best time to leave a position post-breach and how to stay positive in the face of rejection:
A New Job (1:40)
After working on the SOC with Steve, Chris felt ready for a new challenge. He then saw a role that scared him, making him believe that that was the right position. This decision set him down his CISO path.
However, this new position was temporary because when he threw his hat in the ring for the permanent role, it didnât work out. Ultimately, this rejection caused Chris to reflect on his career journey.
Doing Things Differently (6:03)
Steve asks Chris if he would have done things differently in his interview, knowing what he knows now. Chris would make the same decisions, especially since his time there had many challenges.
Even though that role didnât pan out, Chris learned a lot during this time. He built confidence in his presentation skills and had the opportunity to meet more established CISOs. By networking with other CISOs, Chris realized he truly belonged in the security world.
The Value of Stoicism (10:05)
Chris advises on how to handle job rejection. He refers to Stoicism, which states we cannot control the outcome but can control our perception.
When bad things happen, we can perceive it as a positive that will set us on the right path.
Looking For Work (15:35)
Despite Chrisâ impressive career history, it took him months to find his next role. After evaluating his many interviews, Chris recommends that security recruiters learn more about the field to better choose candidates.
Chris and Steve then discuss the other lessons Chris learned during the job-hunting process, including what questions interviewers should or shouldnât ask. Referring to Stoicism again, Chris also recommends structuring a routine around job hunting, including doing a positive hobby you enjoy.
The New CISO (28:32)
To Chris, being a new CISO means understanding that we are tasked with the impossible. Therefore, itâs essential to build an environment where people never feel like they are being asked to do the impossible for the ungrateful.
Links:
Linkedin
-
In this episode of The New CISO, guest Chris Fredrick, Deputy CISO at Baxter International, returns for the second part of his interview series with host Steve.
In part one, Chris shared his background and the beginning of his professional journey. Today, Chris joins host Steve to discuss a pivotal moment in their careers: a significant breach. Listen to the episode to learn more about how Chris transitioned into a managerial role and stepped up during a crisis.
Listen to Steve and Chris discuss who managers really work for and the mark of a great leader:
Welcome Back, Chris (1:52)
Steve and Chris discuss where they left off in the last episode when they left their security team for a new opportunity.
Focusing on insider threats, Chris shares his daily work for this specific role. During this time, Chris focused less on operations and built a program instead. He also researched what would be in an insider program.
Vulnerability Management (4:10)
Chris reflects on the lessons he learned while doing vulnerability management that made him the leader he is today. Chris believes this time taught him how to tell a good story and have clear metrics to back himself up.
Network Security (9:28)
After working in vulnerability management, Chris moved into network security with Steve and created a Soc. Chris initially came in as an individual contributor until he became a team lead before eventually becoming the manager.
When he was a manager, Chris realized his role now was to worry about his team and less about himself. It was a profound moment for Chris when he discovered this truth.
The Breach Itself (15:14)
Chris shares what lessons he learned from a significant security breach. Chris and his team noticed for a while that there were warning signs of the breach but were initially ignored.
However, when the event happened, they could take what they knew and move forward. Because Chris had working partnerships with other teams, he was able to get the help they needed, showcasing the importance of building your relationships before a crisis.
Client Management (20:48)
Steve presses Chris on what he remembers regarding the client management side of this time. Chris recalls dealing with many calls from clients who were understandably concerned.
Many of these calls became heated, but one client assured Chris he understood what he was going through. As a result, Chris tries to be empathetic with others since they could be having a bad day, which could affect their behavior.
Pride In Their Team (28:25)
Steve reflects on how working with this incredible team was one of the best memories of his career. He has immense pride in this group, which Chris shares.
Chris loved building something from nothing and seeing the great things their colleagues have done since. Forming a great team requires a healthy culture that brings people together.
Stepping Up (31:38)
After Steve left, Chris had to step up into a higher leadership role. This change became a pivotal moment in Chrisâs career, coinciding with the birth of his first child.
Links:
Linkedin
-
In this episode of The New CISO, Steve is kicking off the first part of a three-part series with guest Chris Fredrick, Deputy CISO at Baxter International.
Chris began his career as a technician and met Steve on a small security team managing a large network. Now, Chris joins today to share key lessons from his early career and set the stage for the next upcoming episodes. Listen to the episode to learn more about Steve and Chrisâ time working together, the process of changing companies, and learning to be a better leader.
Listen to Steve and Chris discuss how to deliver the news youâre leaving a company and how managers should accept said news:
Meet Chris (1:46)
Chris has worked in IT security for over twenty years and knew since college that this area of the industry was his passion. Since starting a leadership role, he has found his new calling: becoming the best leader he can be.
Infosec Memory Lane (5:04)
Chris shares the memories of his time working with Steve on their small infosec security team. Chris remembers feeling overwhelmed initially but learned to handle the scope of his many responsibilities.
Steve and Chris reminisce about the positives of this experience and the challenges. The best part was the camaraderie they felt as a team.
Lessons Learned (9:43)
Steve presses Chris on the lessons he learned during their time on the infosec team. This experience taught Chris the importance of curiosity and building credibility.
Another valuable lesson was learning to have respectful conversations when colleagues disagree.
Changing Companies (18:23)
While working together, Steve and Chris had the opportunity to change companies after their CISO left.
Chris walks through what occurred and the communication lessons it taught him. He wishes he had done some things differently since multiple people leaving put his manager in a tough spot, but he also learned valuable leadership skills.
Links:
Linkedin
-
In this episode of The New CISO, Steve is joined by guest Scott Moser, CISO at the Sabre Corporation.
After twenty-five years, Scott retired from the Air Force to try his hand at the private sector. Now, Scott is transforming the CISO role from technical expert to business executive. Listen to the episode to learn more about Scottâs professional journey, being a customer-focused security professional, and what he learned from the Sabre interview process.
Listen to Steve and Scott discuss contributing to the success of your organization and the importance of transparency:
Meet Scott (1:44)
Scott explains that Sabre is a software often used by hotels and airlines since the sixties. As a result, data protection is of the utmost importance to Scott in his CISO role.
Scott then explores his career journey, where he started in the Air Force and eventually retired as a Colonel. During this time, he did cybersecurity-related work, which led him to the career he has today.
Broad Experience (9:33)
Scott shares how he had the opportunity to lead and mentor many people during his time in the Air Force, including police officers, firefighters, and more.
He believes this time gave him the broad experience to communicate with business leaders. Now, he also meets with his customers, where he can easily explain the value that Sabre software can provide them, showing the value of a customer-focused CISO.
The Importance of Trust (16:05)
As CISOs, itâs essential to represent your company to customers and business leaders alike successfully. To do that, Scott recommends building trust, which requires significant transparency.
A culture of trust will help your team through challenging times, so you should prioritize this when times are good.
Effective Prep (24:40)
Scott mentors his team by giving effective feedback and assessing his employeeâs strengths. He works with his team to perfect their skill sets, including public speaking since that is a crucial part of business leadership.
As long as people are doing the right thing, they shouldnât be afraid to make mistakes, learn, and grow because it strengthens the company in the long run. Ultimately, we must transform ourselves to be what our organization needs.
Scottâs Presentation (28:55)
Steve asks Scott about his popular CISO leadership presentation. Scott reveals that this presentation is a passion project of his because he wants to be more than just a technical expert but a business leader.
Scott had to evaluate his strengths and weaknesses to become the CISO he wanted to be, which informed his presentation.
An Aha Moment (33:44)
For Scott, his interview process at Sabre informed his perspective on becoming a business leader. When board members interviewed him, he understood what they wanted from their CISO.
Board members want security professionals who think about improving the business, not just the technical side of the job.
One Last Thing (41:46)
Steve presses Scott on the last piece of advice he wishes to share. Scott tells the audience always to take advantage of a good crisis because it is the smartest time to get your organization to make a necessary change.
The New CISO (44:42)
To Scott, being a new CISO means being a business executive leader focused on the customer and financial success of the company.
Links:
Linkedin
-
In this episode of The New CISO, Steve is joined by guest Mike Melo, CISO and VP of IT Shared Services with LifeLabs.
After switching his studies from human viruses to computer viruses, Mike dedicated his career to technology and the people who use it. Today, he shares his methodologies for post-breach cyber-security transformations and leading remote teams. Listen to the episode to learn more about Mikeâs career journey, the importance of the customer mindset, and the three tenets of his Zelda-inspired CISO Triforce.
Listen to Steve and Mike discuss how to build human connections in a remote environment:
Meet Mike (1:40)
Mike has worked at LifeLabs for over five years and balances two positions.
Although Mike faces many challenges, he has created synergy between the two teams.
Getting His Start (4:02)
When Mike was a teenager, he originally wanted to be a musician. Instead, he went into computer studies and studied human viruses. At the end of the day, he realized he didnât want to be in a lab and instead wanted to explore his love for cybersecurity.
The Customer Mindset (7:02)
Mike recommends new security professionals go and see how businesses work. Learning the customer mindset early in your career will have great benefits later because you will understand what users need.
Ultimately, security professionals must better interact with their customers and understand how humans behave daily. You must find ways to show up to the business and show you are here, especially in remote work environments.
Socializing And Remote Work (16:42)
Mike feels weâve lost social currency with remote work because people are social beings.
However, there are pros and cons to being in remote environments. As a leader, Mike developed a team charter to ensure better communication and created opportunities for positive socialization.
Going Back In Time (27:28)
Steve presses Mike on his time in university when he also worked as a security analyst. A double major as well, Mike had to balance a lot while he learned.
However, Mike wouldnât change anything because it allowed him to push his capabilities in the classroom and set him apart from his peers.
Modern Learning (31:08)
As a mentor, Mike recommends new professionals talk to many people. When you put yourself out there, youâll find that people are receptive to teaching you about their experiences.
Being Successful During a Breach (35:02)
Steve asks Mike about his presentation on âBeing Successful During a Breach.â From that presentation, Mike discusses his CISO Triforce, which he based on Zelda.
You must have a wish list, an effective execution strategy, and assurance with your stakeholders. When you have those three pieces, you will be prepared to get through a breach.
The Coaching Experience (44:46)
Mike has found that mentoring has always come easy to him. He has always been passionate about it since he tutored other students in his youth and has found helping others incredibly fulfilling.
The New CISO (49:43)
To Mike, being a CISO means being agile and having a customer mindset. Itâs essential to improve yourself constantly as a security professional and leader.
Quote: âJust because you get a bucket of money doesn't mean that solves your problems. And one of the biggest challenges of the post-breach world is the actual transformation. You got this, okay, you get this money, you have this wishlist. Cool, now you have to find, hire onboard, ramp up, transition, ramp down, and then sustain, right? Those are such complicated stages in the whole process, and you have to start giving some of that...
-
In this episode of The New CISO, Steve is joined by guest Dan Creed, CISO at Allegiant.
Dan first discovered his love for computers as a teenager. He has since then channeled his skills into a career in security leadership, where he balances his technical expertise with business acumen and storytelling. Today, he shares his thoughts on supply chain risk and the SECâs new changes to cyber security guidelines. Listen to the episode to learn more about the importance of coding, coping with stress, and his critiques of the SEC.
Listen to Steve and Dan discuss how reporting protects shareholders and the new stakes for CISOs :
Meet Dan (1:30)
Todayâs guest, Dan Creed, is the CISO for Allegiant, a travel company.
Dan discovered how to take over his schoolâs television channel in high school, which stemmed from his friend getting dumped. Dan and his friend used the cable TV channel to post some unflattering messages about his friendâs ex.
Although Dan was rightfully punished at the time, he was allowed to take over the schoolâs computer lab, and his career journey began.
Maintaining Excitement (7:02)
Dan maintains his excitement for technology by keeping up with all the changes in the industry, like changes in coding. If you love learning and learn fast, you will have a rewarding and lasting career in cyber security.
An Important Role (13:23)
Steve presses Dan on the importance of Absec. Dan reveals that Absec is related to code and that the most essential security aspect is code.
If you are in a customer-facing role, you need to be able to install software on other peopleâs machines and make sure their vulnerabilities are shielded.
Coping Mechanisms (16:45)
Dan copes with workplace and personal stress by understanding that humans are imperfect and make mistakes. Thereâs risk in everything we do, so keeping a balanced perspective is critical when mitigating potential cybersecurity issues.
Ultimately, the stress in the security industry is building as the stakes grow, so finding ways to cope is necessary.
SOAR Review (19:27)
Steve asks Dan about his opinion on the automation software SOAR. He thinks it has its place, but finding people who can automate themselves is better. People need to use the right tool for the job.
Building a Response Playbook (21:58)
Dan shares the first thing to automate when building a response playbook for the first time. First things first, make sure you can monitor strange behavior. Starting there allows you to work on the more complex procedures.
His Driving Force (26:16)
Dan reflects on his reasons for finishing his degree later in life. He wanted to learn how to âspeak business,â in addition to his computer skills, which drove him to complete his undergraduate degree and MBA.
Choosing One (31:02)
Steve presses Dan on which one to choose if you could only pick one: storytelling or culture. Dan says it depends on the person and what they are good at.
If you look at whatâs more important, it would be building work culture first and seeing how your team reacts to phishing and annual security training.
What is Material? (33:23)
Dan and Steve discuss how reports influence the stakeholders and what they invest in. Dan is critical of how the SEC changed the cyber security guidelines, partly because they are poorly organized and confusing.
There are good things, but more context is needed to determine materiality. These guidelines also do not factor in how to deal with third-party risk and supply-chain issues.
Reporting Issues (41:23)
The SEC has intended to help shareholders with these guidelines so that they can protect the share
-
In this episode of The New CISO, Steve is joined by returning guests Michael Meis, Associate CISO at The University of Kansas Health System, and Mark Weatherford, the Chief Strategy Officer at The National Cybersecurity Center.
For the 100th episode, Mark and Michael are back to share their thoughts on decision-making, mentorship, learning, and leadership, amongst other topics essential to the security industry. Tune into todayâs episode to learn more about the career opportunities Mark and Michael didnât take, how to measure your journey and the importance of an effective team.
Listen to Steve, Michael, and Mark discuss managing stress while diving head-first into challenging situations and how to maximize the growth of junior team members:
Welcome Back (1:32)
Jumping in, Steve presses returning guests Mark and Michael on the most interesting career opportunities they didnât take.
While in the navy, Mark received a call transferring him to Virginia for a promotion. Although he did not want to go, this transfer was great for him.
For Michael, when he was in the army, he turned down a promotion multiple times. He decided early on in his career that the military would not be his long-term career.
Sound Career Advice (13:04)
Determining when you feel fulfilled professionally allows you to make better career choices. Although our goals evolve, itâs important to reevaluate our priorities at different life stages.
From a leadership perspective, itâs valuable to not think of yourself as the most intelligent person in the room but instead surround yourself with people who can fill in the gaps in your skillset. Leaders need their junior-level colleagues to succeed, and giving these employees real responsibilities allows them to transition into more significant roles.
Best Mentorship Books (21:30)
Mark and Michael share the books they would recommend to new and future leaders. These books are worthwhile resources that help prepare CISOs to take on higher-level work when it is presented.
New To The Job (28:02)
Mark and Michael explore what new CISOs should assess when new to running their teams.
Itâs essential to determine if you have good people who have lacked effective mentorship or if your organization lacks talent. Ultimately, you must ensure you have the right employees to succeed.
Ultimately, you need to see if people add value or not in a crisis.
Owning A Crisis (35:40)
Steve presses Mark and Michael on their leadership perspective in a crisis.
Mark reflects on an experience involving the government, where one of his employees took ownership of their security breach. Mark is still in touch with this colleague today and credits his help resolving a high-level issue.
Michael reflects on a junior analyst who quickly worked his way up because he had a can-do attitude. The best career advice is to take work off of otherâs plates because the people you help will never forget.
Staying Grounded (40:46)
To close, Steve asks Mark and Michael a more individualized question. What helps them stay grounded during stressful times in the field?
For Mark, he admits heâs not great at taking a step back from work. He is passionate about the business and understands a 9-5 clock would not work for most security professionals. He can manage his stress, but he knows he lacks life balance. Though to relax, he keeps honey bees.
Michael encourages everyone to eliminate the preconceived notion that this path is like other jobs. Security professionals are all-in on their work and must decide what balance means to them. For Michael, he does meditation to center himself and regulate the physical manifestations of stress.
Links mentioned:
-
In this episode of The New CISO, Steve is joined by guest Maria Sexton, Chief Information Officer at the University Medical Center of Southern Nevada.
Before starting her security career, Maria worked as a self-described secretary, seeking a better financial future for her family. Now, with her dream job, she shares how to become a strong communicator and leader. Tune into todayâs episode to learn more about Mariaâs passion for the healthcare industry, her strong people skills, and why you shouldnât fake it until you make it.
Listen to Steve and Maria discuss being confident in your strengths while understanding your weaknesses and what first-graders and board members have in common:
Meet Maria (1:36)
Maria reflects on why her current role is her dream job. With a diverse background, Mara found that healthcare customers were the people she wanted to serve.
She didnât plan on landing in healthcare, but she resonates with the mission of the field, which is why she feels she has her dream job. She recommends that everyone find an industry that aligns with them.
Getting Her Start (6:00)
Before starting her IT path, Maria worked as a secretary, a term not often used today. During this time, Maria went through personal family issues and needed to evaluate her financial future for herself and her children.
Always interested in computers, Maria talked to the IT department at her company and asked how to get involved. Their advice led Maria to get a certificate, thus beginning the rewarding career she has today. It was scary initially, but Maria allowed herself to try and fail to succeed.
Successful Communication (13:39)
Steve presses Maria on whether she always had the clarity and confidence she showcases today.
Maria understood she would never be an engineer, but her strengths lay in being diligent and taking notes. Therefore, she was excellent at communicating technology to people without a technology background, giving her a robust career skill set. Empathy, communication, and public speaking abilities made her the leader she is today.
Explaining to a First Grader (16:33)
Maria shares her experience talking to her granddaughterâs first-grade class about her job. She found these kids incredibly bright and showed a firm understanding of technology and computers.
Learning how to communicate technology ideas to an audience without experience is critical.
Standing Out (23:45)
When evaluating a resume, Maria likes to see if they have motivation. Nowadays, more people than ever are interested in security. So, itâs essential to evaluate if the people coming in are serious.
Maria is looking to hire a self-starter who takes advantage of the resources available to work in security. She also admires when applicants understand their strengths and weaknesses and where they can be best utilized.
Confidence In Communication (27:22)
Maria could always communicate effectively. As the child of Italian immigrants, Maria was responsible for speaking on behalf of her parents and helping them navigate the US.
Her childhood also gave her empathy and the ability to read non-verbal cues, which has been helpful throughout her career. Learning to communicate with those around you is critical, no matter your role.
Donât Fake It Until You Make It (39:51)
In terms of security, you really canât fake it because the consequences could be dire. But outside of security, Maria has never liked the phrase âfake it until you make it.â
This saying irks Maria because she thinks it is terrible advice. If you donât know something, you should learn it. If you need a mentor, find one. You should want to get whatever you donât have because...
- Näytä enemmän
