All links and images for this episode can be found on CISO Series (https://cisoseries.com/look-freshmen-cisos-get-ready-to-pounce/)
What could possibly be a better way to welcome newly hired CISOs to the security community than with a shiny new sales pitch?
This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Wayne Reynolds, CISO, Toyota Financial Savings Bank.
Thanks to this week's podcast sponsor, AppOmni.
AppOmni is the leading provider of SaaS security and management platform for the enterprise. AppOmni provides unprecedented data access visibility, management and security of SaaS, enabling organizations to secure mission-critical and sensitive data. With AppOmni, organizations can automatically and continuously enforce rules for data access, data sharing and third-party applications.
On this week's episode
Why is everyone talking about this now?
Our guest, Wayne Reynolds posted the good news about his new CISO role. While he got the expected kudos, he also got lots of sales emails. In the short conversation we had in preparation for this episode, six pitches came in. He counted 731 vendor pitches in just five days. Given the situation, we have all seen an uptick in pitches, across all industries, not just cybersecurity. Vendors want to make some type of connection. If they weren't pitching, what would be a more acceptable outreach?
It’s time for “Ask a CISO”
What can security startups do to prepare for and prove to prospects that their solution won't slow down operations? Thanks to John Prokap, CISO, HarperCollins for pointing me to this great article on CIO.com by Yoav Leitersdorf of YL Ventures on mistakes security startups make. One concern was on the issue of startups losing this specific focus.
From the article, Peter Bodine, AllegisCyber Capital said, "I cannot stress how much of a difference productivity makes to the CISOs we consult with. So, as an investor, our attention is immediately piqued when we learn that a POC took fewer resources than a regular POC, because it often means that they developed their process early enough with a customer satisfaction person. We really don't see that very often, but when we have, we've written a check almost right on the spot, just because they take so much sand out of the gears and make it so much easier for a yes decision to occur.”
"What's Worse?!"
Do you want to be the one to reveal the cybersecurity incident or do you want somebody else to reveal it?
What's a CISO to do?
In the world of DevOps I'm constantly seeing the desire for developers to be security aware. But the point of DevOps is to be aggressively competitive. That's something I often don't see security people understanding or literally being aware of. Nicolas Valcarcel of NextRoll gave me heads up on a post by Mike Sherma of Square about having dev champions on the security team to advocate for the software engineering experience and design principles. Is this a good idea, and if so how would it be rolled out and what would be the benefits?
How to become a CISO
Prior to the unfortunate COVID-19 crisis we at the CISO Series were planning on hosting our very own one-day event to train security leaders. That event will happen eventually, but right now it's on hold. The whole idea is we were going to have a group of CISOs training a group of wannabe CISOs to be CISOs. Wayne is a strident mentor for wannabe CISO. At any time he's got 4 or 5 security professionals you're mentoring. We discuss the core skills security professionals are lacking to become CISOs, and what mentorship does to help you get those skills.