The 70-20-10 Rule: Steps You Can Take for Professional Growth
The New CISO - A podcast by Steve Moore - Joi
Categories:
In this episode of The New CISO, Steve is joined by guest Andrew Wilder, Adjunct Professor at Washington University in St. Louis and a multi-time CISO.After eighteen years, Andrew left a job he loved to transition into global security. Now, he gives back to the cybersecurity community by sharing his insight as a professor and mentor. Tune into today’s episode to learn more about his IT journey, expanding your network, and company red flags.Listen to Steve and Andrew discuss his five-step mentorship plan and essential interview guidelines for CISOs:Meet Andrew (1:38)Host Steve Moore introduces our guest today, Andrew Wilder, who has worked in cyber security for twenty years.Andrew got his start in cybersecurity by working at a paper company, where he worked in marketing, sales, inventory, customer service, and more. One day the owner came to him, wanting to change their computer systems. Being the youngest in the office, Andrew was given the project, beginning his IT journey.Eighteen Years (6:23)Andrew reveals why he stayed at Nestle for eighteen years. Andrew loved the people and culture and even met his wife on the job.Steve presses Andrew on why he didn’t stay longer, and Andrew reveals that he progressed as far as he could go. Wanting to move forward in his career, Andrew felt inclined to make the jump.A Difficult Move (8:12)Andrew shares how challenging it was to leave Nestle. Although his co-workers were shocked, Andrew knew going was right for him.If you’re in a similar situation, you may always find something to regret, but no situation is perfect. Ultimately, you have to do what’s best for you.Care About Your Career (11:50)When contemplating a career transition, Andrew recommends finding a mentor. Of course, no one will care for your career for you. You will make time for something and seek the necessary resources if you care about it.The Five-Step Plan (13:59)Andrew shares his five-step plan for changing careers, which includes creating a development plan with your mentor and filling in the gaps in your desired skill set.In addition, Andrew shares a helpful tip he received from Nestle, which is that 70% of your learning should be learning by doing. 20% of learning is through relationships, while 10% should be through a course or learning program.Getting In The Room (20:00)Steve presses Andrew on what steps CISOs should take to get in the room. Andrew recommends ensuring people know who you are and your expertise.If people don’t know you, you’ll never be able to prove yourself. That is the value of expanding your network.What To Ask (24:47)If you’re offered a board-type position, it’s essential to learn about the company culture and the CEO and review any incident reports that allow you to bring your expertise to the position.Interview Questions (28:24)Enterprise risk management is an excellent framework to focus on during an interview. Asking questions based on prior risks will reveal much about an organization, including red flags.Andrew also reveals other red flags to look for in an interview. If companies don’t show change or progress with security, the work culture will be less desirable for a CISO. The worst cyberculture you could join is one where they won’t admit when they’ve experienced a breach.Business Continuity Planning (37:20)Business continuity planning is ignored a lot in cybersecurity because it is business driven. In Andrew’s opinion, cybersecurity should be separate.Andrew and Steve discuss other business dynamics and what should or shouldn’t be the responsibility of the CISO.Why Teaching (41:43)Steve presses...