This week's episode of CISO/Security Vendor Relationship Podcast
Best Condescending Techniques to Placate Minority Groups
This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Matt Conner, CISO, National Geospatial Intelligence Agency. All three of us discussed:
Avoid diversity theater performances. After being caught poorly investing in black-owned businesses and having few if no African Americans in leadership roles, venture capital firms have made quick reactionary attempts at diversifying so as not to appear tone deaf. They've opened tiny funds (comparative to their other funds) for black-owned businesses and have been accused of inflating titles of African American employees. Black entrepreneurs want substantial, not reactionary, changes by VC firms.
Even if you have a password manager, you still have to memorize a few strong passwords. At bare minimum, we all need to know at least three passwords: One to unlock our computer. One to access our password manager. And one to unlock our phone. So even if you do use a password manager, there are still a few passwords you need to know. Consider using passphrases that only you would know and replace specific letters with symbols in that passphrase.
What can I turn off if I purchase your solution? CISOs don't want to add more complexity to their environment. They're looking for more ways to integrate and limit the number of tools they have in their arsenal. What does your product supplant that would make a CISO's job easier to manage their environment and reduce costs?
Relationships and patience will get you into the government sector. If you're not in for the long game, don't play, advised this week's guest CISO who works for a federal agency. Government agencies are well aware that the product evaluation and procurement process takes way too long. Definitely helps if you get a trusted introduction. Honestly, it's really the only way in.
Security through obscurity is not an actual security plan. Far too many companies don't know whether it hurts them or not to reveal what type of technologies they use in their IT and security environments. To not tell because you fear it will open you up to more risk then you don't have a clear understanding of your risk posture. But if you do tell, then you're sending a beacon to those future employees or security vendors looking to help support your current environment.
Click to listen: https://cisoseries.com/best-condescending-techniques-to-placate-minority-groups/
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #helpnetsecurity
Best Condescending Techniques to Placate Minority Groups
This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Matt Conner, CISO, National Geospatial Intelligence Agency. All three of us discussed:
Avoid diversity theater performances. After being caught poorly investing in black-owned businesses and having few if no African Americans in leadership roles, venture capital firms have made quick reactionary attempts at diversifying so as not to appear tone deaf. They've opened tiny funds (comparative to their other funds) for black-owned businesses and have been accused of inflating titles of African American employees. Black entrepreneurs want substantial, not reactionary, changes by VC firms.
Even if you have a password manager, you still have to memorize a few strong passwords. At bare minimum, we all need to know at least three passwords: One to unlock our computer. One to access our password manager. And one to unlock our phone. So even if you do use a password manager, there are still a few passwords you need to know. Consider using passphrases that only you would know and replace specific letters with symbols in that passphrase.
What can I turn off if I purchase your solution? CISOs don't want to add more complexity to their environment. They're looking for more ways to integrate and limit the number of tools they have in their arsenal. What does your product supplant that would make a CISO's job easier to manage their environment and reduce costs?
Relationships and patience will get you into the government sector. If you're not in for the long game, don't play, advised this week's guest CISO who works for a federal agency. Government agencies are well aware that the product evaluation and procurement process takes way too long. Definitely helps if you get a trusted introduction. Honestly, it's really the only way in.
Security through obscurity is not an actual security plan. Far too many companies don't know whether it hurts them or not to reveal what type of technologies they use in their IT and security environments. To not tell because you fear it will open you up to more risk then you don't have a clear understanding of your risk posture. But if you do tell, then you're sending a beacon to those future employees or security vendors looking to help support your current environment.
Click to listen: https://cisoseries.com/best-condescending-techniques-to-placate-minority-groups/
Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #helpnetsecurity
Comentários
Postar um comentário