All links and images for this episode can be found on CISO Series (https://cisoseries.com/last-chance-to-vote-for-most-stressed-out-ciso/)

Think you or your CISO has what it take to shoulder all the tension, risk, and security issues of your organization? You may be a perfect candidate for "Most Stressed Out CISO".

This episode was recorded in person at Zenefits' offices in San Francisco. It's hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Keith McCartney (@kmflgator), CISO, Zenefits.

Keith McCartney, CISO, Zenefits and Mike Johnson, co-host,
CISO/Security Vendor Relationship Podcast

Thanks to this week's podcast sponsor, CyberArk

At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.

On this week's episode

There’s got to be a better way to handle this

CISO Stress. We've talked about it before on the show, and now Nominet just released a new study that claims stress levels are increasing.

• 8% of CISOs said work stress has had a detrimental impact on their mental health, almost twice as high as last year (27%).
• 31% of CISOs said that stress had affected their ability to do their job.
• Almost all surveyed CISOs (90%) said they’d take a pay cut if it improved their work-life balance.

How could a CISO negotiate better work/life balance upfront and have either of our CISOs done it?

Hey, you're a CISO. What's your take on this?

Gary Hayslip shared this Peerlyst article by Ian Barwise of Morgan Computer Services about the incredible array of OSINT tools. What OSINT tools do our CISOs find most valuable and for what purposes.

What's Worse?!

A little too much agreement on this week's "What's Worse?!"

Here's some surprising research

Why are cloud security positions so much harder to fill? Robert Herjavec of the Herjavec Group posted a number of disturbing hiring statistics. Most notably was one from Cyber Seek that stated jobs requesting public cloud security skills remain open 79 days on average — longer than almost any other IT skills. Why isn't supply meeting demand? Why is it such a difficult security skill to find? And how easy and quickly can you train for it?

EKANS is the backward spelling of SNAKE. It is also the name of new ransomware code that targets the industrial control systems in oil refineries and power grids. Not only does it extort a ransom, it also has the ability to destroy software components that do things like monitor the status of a pipeline, or similar critical functions in a power grid or utility. A recently documented attack on Bahrain’s national oil company reveals the architecture and deployment of EKANS not to be the work of a hostile nation-state, but of cybercriminals.

The chilling message behind that, of course, is that penetrating and sabotaging critical components of a country’s infrastructure is no longer exclusive to sophisticated national intelligence agencies. Lower level criminal agencies may have motives that are far less predictable and trackable, and when combined with the complexities of an industrial control system, these may have cascading effects beyond the wildest dreams of the instigators themselves.

More from our sponsor ExtraHop.

What do you think of this pitch?

We get a pitch with some suggestions on how best to improve the pitch. We want more pitches!