Is Our Understanding of who Owns Risk Driving CISOs to the Edge?
The New CISO - A podcast by Steve Moore - Joi
Categories:
In this episode of The New CISO Podcast, the host Steve Moore, and guest Gary Hayslip discuss the difficulties veterans face when transitioning to the business world. They also converse on how to remedy security failings, and how risk ownership mentally and physically impacts CISOs. A Challenging Transition for Military Personnel After serving in the military for however many years, enlisted personnel receive one class on how to transition to civilian life. While the class teaches how to format resumes, it doesn’t provide the amount of support military need to adjust to a new lifestyle. When you are in the military, everything is organized and planned out for you, from your day, to your week, to your month, to your year. You always understand what you need to do, and what path to follow. When that type of strict structure falls away after duty, many veterans feel lost. They enter a new world filled with so much uncertainty. Suddenly, they have nothing planned out—they don’t even know what they’re doing the next hour. Overcoming Fears In order to overcome this anxiety, Hayslip stresses that you must begin planning your civilian life while during your tour—and more than just in the last six months of your time. He suggests planning out civilian life as early as two years ahead of time. If you start early, you leave room for any road bumps you may encounter. Moore and Hayslip recognize that this transition is a period of intense personal and professional growth. Oftentimes, vets can feel helpless, wondering how they will provide for their families. Hayslip suggests that military can rely on what they already know: community and mission. We discuss on today’s episode what Hayslip means by discovering a new community, one that connects them to a broader purpose and to others. We also talk about finding a new mission, and how this can help transitioning vets find themselves again. How Non-vet Employers Can Help As a non-veteran, Moore asks how employers can help their recently hired vet-employees. Hayslip suggests that veterans need to be provided guidance, but also a level of flexibility. Military personnel need to understand how much room they have to move. We deliberate on the nuances of steering vet-employees, and how to communicate the level of risk they are allowed to have. The AAR Process In broadening the topic from veterans to cybersecurity companies in general, we discuss the proper and most effective way to process an AAR. Hayslip emphasizes constant documentation and how AAR needs to be information and solution focused. This includes as much data and documentation as possible. In addition to data and documentation, Hayslip advocates for providing opinion and experience. If you offer why you made a specific decision based on previous experiences, then the team leader can have a better context to what happened. The leader can focus on why your decision worked one time and not another. What doesn’t work for AARs However, we believe that sometimes the process of an AAR becomes muddled. Hayslip points to when blame enters the equation, the AAR becomes ineffective. If one group is blamed in particular, then no one learns what actually happened. It also leads to people shying away from honesty. Moore highlights how bad leadership uses an AAR as a weapon against the employees, which only breeds mistrust and inefficiency. Hayslip offers his solutions to combat a toxic environment surrounding an AAR, such as breaking the teams down into small groups and facilitating self-reflection. In this...