Mon, 15 October 2018
Check out more at our site CISOseries.com.
We don't play fair and we're not ashamed to admit it. This week's episode of the podcast is super-sized because it was recorded in front of a live audience at the Silicon Valley Code Camp conference held at PayPal in San Jose.
This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guests this week for the live show were Ahsan Mir (@ahsanmir), CISO, Autodesk and Geoff Belknap (@geoffbelknap), CSO, Slack.
(from left) Geoff Belknap, CSO, Slack, Mike Johnson, CISO, Lyft, Ahsan Mir, CISO, Autodesk, David Spark, Founder, Spark Media Solutions
Special thanks to our sponsor, Electronic Frontier Foundation. Please support their efforts to protect your digital privacy.
On this super-sized episode of the CISO/Security Vendor Relationship Podcast:
Ask a CISO
Is cybersecurity an IT problem or not? Do non-security executives pigeon-hole the role of security? Is this an unfair assessment? Is it dangerous to only view InfoSec as an IT problem?
Why is everyone talking about this now?
A hot discussion by Jason Clark of Netskope got everyone discussing why CISOs fail. In general, our panel believes it's a situation of poor alignment with the functions and risk profile of the business.
What game best prepares you for a job in InfoSec?
A few years ago I wrote an article entitled, "What 30 Classic Games Can Teach Us About Security," in which security professionals point to video games, board games, gambling games, and sports as great metaphors and training grounds for a life in security. Our panel debates the value of games as InfoSec teaching tools.
We play two rounds of the game and we get split decisions! The first round touches upon a major pet peeve Mike Johnson has had since our very first episode.
What's a CISO to do?
Security is often seen as a thankless job. It's though the role of the CISO to make sure everyone knows how awesome their security staff is and what they can do for the rest of the business.
What do you think of this pitch?
We critique another pitch and with this one a CISO does a rewrite that hopefully the security vendor will use.
How do CISOs know they're getting a good deal?
Not only do CISOs need to come up with a security program for the company, but they need to understand whether or not they're getting good price for the security tools they purchase. Do CISOs have a method to actually insure they're getting the best price possible? Do they even care?