Tell Me We're Secure So I Can Go Back to Ignoring Security

This week's episode of CISO/Security Vendor Relationship Podcast

Tell Me We're Secure So I Can Go Back to Ignoring Security

This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Dan Walsh, CISO, Rally Health. All three of us discussed:

The "are we secure" question is loaded with anxiety. Before addressing the literal nature of the question, "Are we secure?", try to understand why the question was asked. Diffuse the anxiety to see if they're concerned about a certain type of attack and then you can explain the types of protections and safeguards you have in place for that specific attack. Or, turn this into a discussion of risk and how a certain kind of attack would change the company's risk profile.

A security force multiplier for DevOps. Educate key developers to be security champions and focus on automation and quality which are two efforts that ring true with DevOps engineers. It's simply not possible to maintain DevOps if security tries to insert themselves as a cog slowing down the machine.

How harsh is a response to aggressive sales tactics? Some sales efforts by security vendors can be so overwhelming that the corporate response is to completely block the domain. Is that fair to the company? Could it have been one rogue employee? Should a decision to block be the job of the company or each individual?

How prepared should you be for your next job? No one is ever 100 percent prepared for the new job. There's always an expectation that there will be some on the job learning. But, as a hiring manager, you'll need to make that determination as to what level of preparedness is necessary for that person to grow into the position.

Read more: https://cisoseries.com/tell-me-were-secure-so-i-can-go-back-to-ignoring-security/

Tags 🏷
#cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity #ethicalhacking #hacking #cloud #informationsecurity #securitymanagement #infosec #ransomware #datasecurity #cisoseries