From the 'Basement' to the Board: Giving Cybersecurity Teams Greater Visibility

45:56
 
Share
 

Manage episode 257183296 series 2643387
By Steve Moore, Exabeam and Steve Moore. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Advice To A Younger Self, Before Becoming A CISO

Perfectionism can hinder the natural learning experience. As someone fresh in their career it can be hard to not want to be perfect, there are expectations to be met. Yet making mistakes and learning from them is real job experience. Don’t be afraid to take risks and fail, you’ll learn from your mistakes. Being new in your career can feel isolating, vulnerable, and flat out scary. It is okay to make mistakes, just learn from them

Gender In The Workplace

Sometimes being the only woman in the class or the office can work to your advantage. Being able to provide that thought diversity can really work well for women in the workplace. Having a fresh perspective and ideas brings a well-rounded view to task at hand. Use your unique position to your advantage. As a leader you should be building a diverse, inclusive team.

Technical Expertise, Necessary Or Not

Having a baseline technical knowledge will absolutely never hurt you in a cyber security career. That being said, a mix of technical knowledge and business understanding is the sweet spot for problem solving. As a CISO being able to partner with others, even other teams is pivotal to fast, effective, problem solving. Having a good knowledge of both will be most beneficial because you have a general knowledge of both the business side and the technical side. There are many ways to define the actual role of a CISO, and they will all depend on the specific company. CISOs wear a lot of hats for a lot of different companies, and they may completely differ based on the company. Yet with the new regulations rolling out around cyber security this could change soon and become more streamlined.

Company Organization And Security Burial

One of the most frustrating aspects of looking for a job in the cyber security filed can be the company organization. We are constantly bombarded with news of security and data breaches, yet some companies have their security team basically buried under other, potentially less essential teams. With the rise of data breaches and data hacking, you want to work for a company that values all you bring to the table, because this is an uphill battle when it comes to cyber security. Being valued too low in the organization can lead to internal conflict. Being able to report not only actual issues, but also the risks before it gets to the critical breaking point.

Reporting Risks In A Proactive Manner

There are tons of risks with any company, being able to identify the risks before they are problems and create solutions around the specific issues at hand can save you from major issues in the future. Analyzing user behavior and seeing how negligent or risky a specific set of people are and creating solutions around that is going to really resonate with executives because it nips the problem before it becomes a problem. Talking about how the team is enabled to handle threats is another big one. Looking at the numbers of threats, seeing what could be automated, and what an analyst needed to follow up as well. Automation saves time, money, and keeps history from repeating itself.

Psychology And User Behavior

Having contextual training is so important. There are many certifications that security teams get year after year, but they have almost no impact. If the training isn’t directly relevant to the company and even the specific team there will be no impact, or even a negative impact. Prevention is key, so have the relevant training and technology, look at programs and make sure that security is built into the programs already in place. If that isn’t what is happening, then something needs to change, the programs need to be cleaned up and modernized to the potential risks surrounding it. This training will be used not just in the workplace but the teams will take this home and use it in their everyday life, almost like modern life skills.

What Being A New CISO Means To You

Everything is a learning experience, being able to use the experience form your past to propel your future career. It has been really great working for a company that is 5 years old and learning new, modern ways of cyber security has been a great learning experience.

Resources:

Steve Moore: Linkedin

Rinki Sethi: Linkedin

Exabeam: Website

Rubrik: Website

63 episodes