#117 - Good Governance (with Sameer Sait)

Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues?  Today we are going to overcome that by talking about what good governance looks like.  We bring on the former CISO of Amazon Whole Foods (Sameer Sait) to discuss his lessons learned as a CISO.  We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute.

Cyber Risk Institute - Cyber Security Profile https://cyberriskinstitute.org/the-profile/
Full Transcripts: https://docs.google.com/document/d/1vBM6A0utvhRFMA04wzrZvR8ktNwYo-li

Chapters

• 00:00 Introduction
• 03:10 Good Governances is a Good Thing, Right?
• 05:08 Cyber Strategy & Framework
• 06:43 Is NIST the Same as ISO?
• 08:40 How to Convince the Executive Leadership Team to Buy In
• 11:19 The CEO's Challenge is Taking Measured Risk
• 20:05 Is there a Cybersecurity Policy
• 22:32 Culture eats Policy for Lunch
• 24:14 The Role of the CISO
• 27:52 How do you Convince the Leadership Team that you need extra resources
• 29:51 How do you Measure Cybersecurity?
• 32:22 How do we communicate Risk Findings to Senior Management
• 36:07 Are you Aligning with the Audit Committee