In security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459....

Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13....

A key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss some of the flaws present in measuring risk today and considerations to improve our risk management approach. https://www.howtomeasureanything.com/cybersecurity Visit https://securityweekly.com/csp for all the latest...

Join us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it’s important for cybersecurity professionals to acknowledge that they are just as important as information in our protection, and that it requires specific out of the box thinking to secure effectively. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating...

Technical people, CISOs included, may have challenges communicating well with executive management due to a different career path evolution . To maximize our success, we must all improve our communication skills with technical and non-technical people. Join us as we discuss some of the nuanced communications and areas to pay closer attention to. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st...

Cybersecurity touches all our lives, however there is a belief that only experts in all of the technical disciplines need to apply. The term ‘cybersecurity’ does not invoke a personal sense of responsibility to care for the protection of data. Join us as we discuss the concept of reframing cybersecurity to “Data Care”, like the concepts used in the healthcare industry to advance personal responsibility as well as to attract people to the field that may not have considered it previously. ...

Security tools have become overwhelming in number, yet companies continue to get breached. With all the recent focus on artificial intelligence, security leaders must avoid neglect of natural intelligence. When your opponent is thinking and adapting to your every move, can you really afford to neglect your most critical defenses?   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on...

In the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years’ probation. Join the former CISO of Uber as we discuss the events which led to the prosecution case, the results of the trial and aftermath, and the implications for CISOs and what is needed to move the cybersecurity industry forward. This segment is sponsored by Google Chrome...

MidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on...

With cybersecurity emerging as a board-level agenda item, collaboration is becoming increasingly high-stakes and multifaceted. Join us as we examine the opportunities and potential pitfalls of this new era, as well as the skills needed. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all...

Skills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-138  

Top-performing CISOs shared with me their hacks for creating a team atmosphere, getting excellent and consistent results, and creating buy-in from management for their budgets, projects, and big ideas. This discussion goes beyond risk management into the realm of performance excellence. Impact Leaders Pod Training for Cyber Teams is a unique 8-week program to up-level performance in information technology professionals and teams. Participants grow leadership, emotional intelligence, teamwork,...

There are a ton of entry-level candidates for security roles, but we need mid- to late- career cyber candidates to fill our open positions. Hiring managers need to partner with non-security people to build and maintain that pipeline. Let's talk about how to go about getting this done. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn:...

Deploying SASE (Secure Access Service Edge) is a critical step on your Zero Trust journey. It is not without risk, especially to the end user experience. Join us as we discuss our lessons-learned fresh from the deployment trenches. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn:...

Come listen in on hearing a CISO's story of going from carpenter to psychotherapist to security leader. The stories told will help anyone working in cyber - from those looking to break into cyber to those who are battle tested and looking for new support or coping strategies. Morin, A. 2017. 13 Things Mentally Strong People Don’t Do. Harper Collins. 13 Things Mentally Strong People Don't Do: Take Back Your Power, Embrace Change, Face Your Fears, and Train Your Brain for Happiness and...

Cyber Risk Governance or Cyber Risk Management has been an often talked about concept for more nearly two decades yet remains one of the most elusive and sought after outcomes by every C-level executive across every line of business in every industry sector and particularly in the Board room. In this session, we are going to jump into the shoes of the C-level executives and Board members as we describe "what they want" and how we achieve the visual representation of cyber risk in a way that...

Discussion about what it means to be strategic as a CISO and, more importantly, what specific, tactical steps are you can take to bring that into reality. This segment is sponsored by Google.  Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes:...

NIST recently released the initial draft of a major update to its cybersecurity guidelines for protecting sensitive unclassified information. The update is intended to help federal agencies and government contractors implement cybersecurity requirements more consistently. The revised draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171 Revision 3), will be of particular interest to the many thousands of...

As a function of CISOs responsibilities, the best are multi-faceted leaders that shift between cyber, technical, and business domains in response to shifting cyber-risk landscape. This level of adaptability makes them portable to other CISO roles in different industries, and C-level roles that they may not have thought of and frankly, others may not have thought of for them. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on...

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access...

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access...

Navigate the complexities of building high performing teams in security, risk management, and business resilience uncovering the strategy, frameworks and tactics. Join us as we explore the nuances of collaboration, strategy formulation, and innovative thinking that empower these teams to excel in challenging business and risk management environments. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on...

In today’s hyper connected world how do you create a global cyber program that can deliver locally. You start by creating a culture - a culture rooted to delivering high impact with low ego. Culture eats strategy for breakfast ... Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the...

10,500 storefronts. 2.3 million associates worldwide. $572.8 billion in revenue. Today’s cybersecurity landscape is complex, as attacks can deliver disruption in the blink of an eye. The focus of Walmart’s Information Security team is to secure our operating environment in the service of building and maintaining trust with our customers, associates and stakeholders. To perform at the necessary scale, it takes a village of intelligent associates, a reliance on technologies like automation and...

Joe Sullivan has shown all of us that CISOs are on the front lines when it comes to breaches and their legal aftermath. Unfortunately, most CISOs are not attorneys and may not understand the rules of engagement with law enforcement to the point where they may find themselves in legal jeopardy for ‘doing the right thing’. Join Larry Dietz long time cybersecurity professional, attorney and retired US Army Colonel and Todd Fitzgerald for a lively discussion on how to prepare for the legal...