Lessons Learned from the “First CISO” Part 2
The New CISO - A podcast by Steve Moore - Joi
Categories:
On today’s episode, we continue our conversation with Steve Katz, the first CISO, and discuss the importance of understanding yourself, your role, and the company for which you work. Marketing Yourself Within the Company One of the things that Steve stresses is that you need to be able to market yourself and the role of CISO to the rest of the company. It’s only in your best interest to know how to articulate why cybersecurity matters and how it impacts the business. In order to do so, you must first understand the company and its products, because only then can you effectively explain how your position can help the business. Listen to the episode to hear more about Steve’s thoughts on business relevant security. Your Mission and Foundational Principles One question Steve always asks CISOs is if they have read the company’s mission statement. Steve believes it’s a big problem to ignore the fundamentals of a company. Additionally, he advocates for every CISO coming up with a mission statement for their own team, and to align that mission with the company’s mission. He recounts how coming up with 5-10 foundational principals changed the group mindset, provided clarity to the work they were doing, and overall, change the culture of the team. The Citi Breach and the First Time “CISO” was Used Steve recounts another incredible tale about how an enormous breach at Citi led to the solidification of his role as CISO, and of the coining of the term. He joined the company when they were experiencing a security issue and were losing valuable bank customers. In this episode, he relays how he had to meet with top 20 customers to ask them questions about security, and to answer their questions. He was expected to keep only 50% of those customers after his meetings. He came back with all 20 customers. Listen on to discover what questions he asked them, and how he managed to maintain their trust and business relationship. Know Yourself We discuss the importance of knowing yourself as a person and how this affects your abilities as a CISO. Steve encourages you to understand your strengths and weaknesses—and to hire someone who can compensate for the areas in which you struggle. He admits that he excels at identifying talent and getting work done efficiently but can’t handle details. He is honest with us today to encourage you to be honest with yourself and to act accordingly. The Customer’s Perspective Though briefly touched upon, Steve reiterates that you must make an effort to keep in mind the customer’s perspective. In this regard, he hired only multi-lingual regional officers who could therefore explain the security problem in the local tongue. This made them a friendlier face that welcomed a more trusting relationship. The C’s of Finding a New Job Steve also runs through his criteria for the job search, which he calls The C’s. The C’s include challenge, commitment, chemistry, culture, clarity and compensation. What he means by this is how challenging the job is, how committed is the company to resolving issues, what the chemistry is between you and the person you’re reporting to, the workplace culture, clarity as to what success looks like, and lastly compensation. He stresses that compensation is the last C to prioritize. Listen to the episode to hear Steve expand on The C’s and why compensation is actually the least important criteria. Meetings with Vendors When it comes to meetings, Steve believes that vendors need to do their homework, be clear, and need to get to the point. He shares a humorous tactic on how he got vendors to sell quickly and effectively. He also tells us what the one question is that he asks at every vendor meeting, and why you need to be extremely cautious when planning a live demo....