CISO Series Podcast
Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/set-it-forget-it-reset-it-repeat/)

As long as you reset it and repeat, everything in cybersecurity is "set it and forget it".

This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Brett Conlon (@DecideSecurity), CISO, Edelman Financial Engines.

Check out Tricia Howard's dramatic readings of cold emails.

Keyavi Data

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.

On this week's episode

Why is everybody talking about this now

On LinkedIn and on Twitter, I asked "Is there anything in cybersecurity that's 'set it and forget it'?" There were plenty of funny answers like "Passwords" and the "Off" switch. But there were some interesting answers like whitelists from Brian Haugli of Sidechannel security and ethics from Stephen Gill of Russel Holdings. So many treat security as "set it and forget it" but we know that's a path to insecurity. Regardless, is there ANYTHING in security we can set and forget?

Question for the board

Our guest claims he's got an awesome board. I don't think we've ever heard that on our show. In most cases there's either fear of the board or the CISO doesn't even get direct conversation with the board. I asked our guest what is it about his board that's so awesome and what tips could he give to CISOs to move their board into that territory?

What's Worse?!

Who is going to handle physical assets the worst?

If you haven’t made this mistake, you’re not in security

Alexander Rabke, Splunk, asked, "How should sales people handle situations when, in fact, you are a security company with a security vulnerability (he also talked about a product not working) - what do you tell customers. How do you like to see this handled by the vendor?" I know a first response is to be honest, but they want to hold onto your business. What's a way salespeople could go about doing that?

What do you think of this pitch?

We're not talking vendor pitches in this segment. We're talking candidate pitches. Gary Hayslip, CISO, Softbank Investment Advisers and former guest on this show has an article on Peerlyst, a platform which is unfortunately going away, about finding your first job in security. Hayslip's first tip asks, "What information do you have?" Researching yourself is good advice, but I want to extend that to a question that I think puts you ahead of the pack and ask, "What's your unfair advantage?" It's a question that I heard investor Chris Sacca ask startups and I think it can also apply to individuals applying for jobs. Agree? If so, what are some good unfair advantages from candidates that have put them over the top?

Direct download: CISO_Vendor_08-18-20_FINAL.mp3
Category:podcast -- posted at: 3:00am PDT