#45 - The CISO is Not the Hero of the Story with Jeff Wheatman

As a CISO, could you be hemorrhaging cash without even knowing? Tune in to our discussion with Eric Olden, CEO of Strata, as we cast a spotlight on the potential costs of not tightening your cybersecurity, especially during cloud migration. We expose the financial pitfalls of operating outdated software, managing infrastructure, and rewriting applications. Plus, we offer you a secret weapon - identity orchestration, a smart solution that can save you money and elevate your security.

Seize this chance to explore a realistic method to measure the cost of neglecting your cybersecurity and discover how you can strategize for expenses related to cloud transition. Benefit from Eric's insights about the power of third-party research in generating a Total Economic Impact report for informed strategic decisions. Be ready for a paradigm shift as we tackle the issue of demonstrating ROI and fostering customer adoption of identity orchestration. This episode promises to shake up your understanding of cloud security and identity orchestration, inspiring fresh strategies for a safer, more cost-effective business

Host: Josh Bruyning

Dive deep with us into the fascinating world of storytelling as it intersects with cybersecurity. We're debunking common myths and shedding light on the transformative power of organizational archetypes. Jeff Weatman leads the discussion, challenging the stereotypical portrayal of the CISO as the central hero of cybersecurity.

In a captivating twist, Jeff Weatman proposes that the CISO, instead of being the typical hero, plays the role of the wise old sage, a vital yet supporting character. He intriguingly identifies the actual heroes as the CEO, CFO, Board Members, Customers, and Partners. Get ready to rethink cybersecurity dynamics and recognize the true champions of this digital battlefield.

A strategic thought leader with extensive expertise in security and cyber risk management, Jeffrey Wheatman is regarded as a foremost expert in guiding public sector clients and Fortune 500 companies in connection with their cybersecurity and risk management programs. Jeffrey’s history of working with clients to plan, grow, and transform their cyber risk management programs has been instrumental in ensuring organizations' continued viability and health as they define short- and long-term expansion plans. Under Jeffrey’s guidance, board and C-level leaders are fortified with the best practice solutions to realize exceptional performance outcomes.

In his current capacity as SVP, Cyber Risk Evangelist at Black Kite, Jeffrey has been tasked with raising awareness of the enterprise-wide risk impacts of third-party risk, both in the digital and traditional supply chain and supporting the strategic vision of the executive leadership team and investors.

Most recently, Jeffrey acted as a VP, Advisor with Gartner, the global strategic advisory firm, where he worked with clients to build and improve their security programs, assess risk, focus on reporting on program status, metrics, performance management, stakeholder engagement, executive communication, and bridging the connection between technology and security risk.

Nick Means has been leading software engineering teams for more than a decade in the healthtech and devtools spaces. His focus is on building distributed organizations defined by their cultures of high trust and autonomy. He’s also an international keynote speaker, having shared his unique brand of storytelling with audiences around the world. He works remotely from Austin, TX, and spends his spare time going on adventures with his wife and kids, running very slowly, and trying tobrew the perfect cup of coffee.

In this episode, we have a very special guest joining us to discuss the essentials of building a cybersecurity program from scratch.

Allan Alford, the founder of Allan Alford Consulting, brings a wealth of experience and a unique perspective to the table. Since launching his boutique cybersecurity consulting practice at the end of 2019, Allan has been dedicated to helping organizations efficiently implement and manage security programs and projects. With a focus on long-term relationships and custom solutions, Allan's approach ensures that each client's unique needs are met with the highest level of expertise.

But that's not all! Allan Alford Consulting also offers coaching services for aspiring and new CISOs, helping them navigate the ever-changing landscape of cybersecurity leadership.

In today's episode, Allan will share his insights on the fundamentals of building a robust cybersecurity program, the importance of understanding an organization's unique needs, and how to forge strong partnerships with business leaders.

Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)

The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.

Join us as we discuss the impact that CIS Controls can have on your small to medium business. We dive into the mission of the Center for Infromation Security, membership, CIS Critical Controls, CIS Implementation Groups and much more!

Hosts:
Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)

Marcus Bartram is a General Partner at Telstra Ventures, a San Francisco-based VC firm that invests in mid-stage tech companies. He's on the founding team and has led investments in cybersecurity companies like CrowdStrike, Auth0, Anomali, Cequence, CloudKnox, Cofense, CyberGRX, Elastica, vArmour, and Zimperium.

Hosts:
Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)

In this episode of The Business of Security, we discuss Dr. Robinson's upcoming book, Mind the Tech Gap, and how to manage the problem of low to non-existent collaboration between IT and Security teams. This conversation covers tools and techniques for creating a rich, collaborative environment for organizations in order to achieve security goals.  

Guest:
Dr. Nikki Robinson, Security Architect at IBM, Adjunct Professor at Capital Technology University

Hosts:
Josh Bruyning, Solution Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)

Mind the Tech Gap: Robinson, Nikki: 9781032206165: Amazon.com: Books

Top Tips for getting into the security industry and future proofing your strategy. This podcast will focus on Quentyn’s long career in cyber security and how working for the same company for a long period of time years has enabled him to build resilience and always think years ahead when executing a strategy.

Quentyn has a wealth of knowledge experience in both the IT and information security arenas and has driven Canon’s strategy to highlight the importance of document security and help business customers to minimize their security risk.


Host
Josh Bruyning, Solution Engineer @TrustMAPP

Guest:
Quentyn Taylor, Senior Director, Information Security and Global Response @Canon Europe

Sponsored by:
TrustMAPP

In this episode, guest John Checco, Resident CISO at Proofpoint, makes a compelling case for CISO succession planning. As John takes us through his journey as a CISO, we learn how companies factor skills, background, and strengths into their short to long-term succession plans.

The average estimated tenure of a CISO is only 26 months.  85% of surveyed CISOs  say they are now looking for another role or would consider an opportunity if presented. Unless you take aggressive retention action, it is only a matter of time before you are recruiting again. We discuss the tenets of succession planning, how to find a successor, and what transferring ownership entails.

John gives us deep insight into relationship handoffs, which often involve organizations and personnel, both internal and external. We identify a successor's essential qualities, including leadership skills, organization ability, knowledge and experience, and cultural fit. In addition to primary skills, we discuss secondary skills such as project management, administrative competence, and background diversity.

Guest:
John Checco, Resident CISO @Proofpoint

Hosts:
Josh Bruyning, Solution Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)

In this episode, guest Bill Nelson, CEO of the Global Resiliency Federation (GRF), talks about the GRF’s mission to help organizations in myriad industries share critical security threat information so they can all better defend themselves. 

Bill lays out the history of GRF – how it emerged from the work he did at FS-ISAC, where he grew membership from 170 banks to 7,000. Bill led a team that was tasked with helping other industries set up their own security information sharing programs, based on what FS-ISAC was doing, leading to the creation of ISACs and ISAOs for legal, oil & gas, retail, energy, and healthcare.  

You’ll also learn how the Uniform Commercial Code, article 4, in its description of “commercially reasonable” security, and who’s financially liable after a breach, drove banks to take security controls like anomaly detection, MFA, and DDoS prevention a lot more seriously. 

GRF’s newest security information exchange, K12SIX, aims to protect K-12 schools, which have become the newest targets for ransomware, with attacks ballooning from 10 per year just a few years ago to more than 400 in 2020, and ransoms increasing from $20k to an astonishing $40M.

Guest:
Bill Nelson, CEO of Global Resilience Federation (GRF)

Host:
Chad Boeckmann, Founder/CEO, TrustMAPP

Sponsor:
TrustMAPP (https://trustmapp.com)