Sugarcoating Security Data Doesn't Help Anyone
The New CISO - A podcast by Steve Moore - Joi
Categories:
The latest episode of The New CISO features not one, but two guests! Chuck Markarian and Sean Murphy sit down to discuss the inner struggles of networking, establishing a risk council within your company and dealing with high-risk situations. Background Chuck Markarian is the CISO at Paccar. He has been with the company for 16 years and has served in a CISO role for almost five years, focusing on security risk assessment and project management. Sean Murphy is the CISO at BECU, the third largest credit union in the country. Sean has been in his role for about two years. He previously served in the Air Force for 21 years before jumping into the financial services sector. Networking as an Introvert Networking in itself can be intimidating, but when you’re an introvert, it’s more nerve-wracking. Chuck and Sean discuss how to calm the nerves and take that first step at a networking event, which ironically is how the duo ended up becoming friends. The episode discusses translating this advice into navigating in a virtual space as networking events continue to be held online. Starting a Risk Council The guys talk about how to socialize a risk council and get one established. The main focus is catching an employee’s interest in that initial email. This episode goes through different questions to ask your team members that will lead them to recognize what areas interest them the most and what areas pose the greatest concern. The bottom line: ask the right kind of questions that let employees find out what is important to them and discuss responses to situations when dealing with risk management. Then, develop a plan of attack. Dealing with High-Risk Situations High-risk situations and security issues are bound to happen. The largest differentiator is how you react to it. The focus quickly goes to “How could this happen?” when the shift needs to be on “How quickly can we get things back to normal?” Sean and Chuck discuss navigating high-risk situations with executives based on your current relationship with them, and how the CISO is often not the sole person to blame when something goes wrong in the cyber security realm. Rose-Colored Glasses Some things unintentionally get sugarcoated by organizations, where reports get tweaked as they go further up the chain. The verdict? CISOs are not doing the organization any justice if they are trying to spin the news. In turn, a CISO could find themselves without a job if something goes wrong and the company was not provided with accurate data and objectives.You’re not doing the org any justice if you’re trying to spin the news, you're not protecting your job. Always communicate the message as you see it. Links Chuck Markarian - LinkedIn Sean Murphy - LinkedIn Exabeam Podcasts