Preview Mode Links will not work in preview mode

The New CISO

  1. All Episodes
  2. Four Key Questions Every CISO Should Ask Their Board

Four Key Questions Every CISO Should Ask Their Board

Feb 18, 2021

Dr. Eric Cole of Secure Anchor joins us in this episode to talk about the misconceptions of what a CISO should really be. This episode focuses on the corporate side of cyber security and the line between a CISO and a security engineer.

BACKGROUND
Dr. Cole has over 30 years of cyber security experience.  Before that, he was a hacker for eight years for the CIA. After spending almost an entire decade hacking into systems, he decided to switch from offense to defense, which he describes as being more challenging.



MISCONCEPTIONS ON THE CISO

Being a CISO is not a technical role. The CISO is a strategic position that focuses on the strategy of execution. They focus on the growth of the business while understanding finance, revenue and how they can incorporate cyber security into that equation. Anyone in a technical mindset should not be a CISO – CISOs need to communicate and task their teams instead of running head-first into the data center. Anyone that enjoys doing the latter should consider switching to a security engineer.



FINDING THE RIGHT FIT

Unsure if you selected the right CISO? They need to be comfortable in conservations revolving business decisions. The answers to “What business are we in? How does our organization make money?” should be as seamless as answering their name or where they’re from.



ADVICE FOR A NEW CISO

Dr. Cole reveals the secret to briefing a board: keep it short and simple. The only thing board executives care about is the potential for risk and what it will cost to fix that risk if it occurs. Going into this with a data, tech-focused perspective will not allow for a thorough understanding of the situation between the CISO and other executives. In another light, putting out little fires as a CISO is not going to scale well. A CISO entering the company should look at the processes in place within the organization and see how they can get security injected into it. Instead of managing the symptoms, get to the root of the diagnosis.



THE NEW CISO

When asked that the new CISO means to Dr. Cole, he emphasizes a business executive that is entrusted with helping the organization grow and be successful through cyber security. This CISO would use their focus on cybersecurity as a business enabler instead of viewing themselves as a technical resource.

LINKS

Exabeam
Dr. Eric Cole - Twitter
Dr. Eric Cole - YouTube
Dr. Eric Cole – Books on Amazon