Jul 26, 2021
On this Episode of The New CISO, Steve Moore is joined by special guest Michael St. Vincent, the CISO of The Cosmopolitan of Las Vegas. They discuss the importance of networking as well as advice for succeeding as a CISO and in the workplace.
Introduction to the Cosmopolitan of Las Vegas.
St. Vincent has been the CISO for 6 years at The Cosmopolitan of Las Vegas, a resort hotel in Vegas. He shares that his favorite thing about the hotel is the artsy and off beat culture of the hotel and the joy of just walking through the building. “Secret Pizza” is a delicious stop, as well. Moore shares his experience grabbing a slice at Secret Pizza, too.
Advice to a Younger Self
St. Vincent shares that he wishes he would have networked more. Diving into the community is important. Being slightly more closed off can pose challenges and lead to missed opportunities. Just start talking to people and see how this can help your career. Many people feel as if they don’t have enough experience to share perspective but having confidence in yourself can help greatly. St. Vincent shares two main pieces of advice.
1). Confidence. Accepting that you don’t have to know everything can make networking easier. Look at it as a learning process.
2). Don’t Dominate The Room. Offer an idea and see where it goes. This opens up a conversation and allows room for others to share their ideas.
Learn from listening. Being present and listening to who is speaking is how you show respect to the speaker and learn. Being kind is also important. Present an opposing opinion in a kind way, but let people respond. Being a coach to the next generation is an incredible opportunity. This will create a strong and successful community going forward.
In Las Vegas, they have a networking cocktail hour with industry professionals, as well as a few students who get invited to participate in these events. Getting a feel for the room is an extremely beneficial experience for up and coming individuals.
St. Vincent holds one-on-one meetings with his staff to offer feedback. He speaks on the importance of having conversations and growing communities. These outreaches end up being very worth it in the long run.
The Hiring Process
Not everyone can get hired for positions they interview for. St. Vincent and Moore advise to always reach out to the hiring manager and ask for an off the record debriefing. Giving and getting feedback is important and can help you grow and this honest feedback can be very helpful in the future.
Admitting “I Don’t Know”
Why is it so hard to admit you don’t know something? Lacking confidence can be partly to blame. There is also an expectation that we need to know everything. This is a common way to feel. It is worse to make up a solution than admitting you don’t know something. Asking for help is okay, and there will be many people willing to help you out. Admitting we have limits can be challenging, but it is human. Being overconfident and “showboating” is not the way to go. This indicates that things will not go well, most likely.
360 Review: Confidence vs
St. Vincent shares about his 360 review and the realization that some people perceived him as arrogant. There is a fine line between confidence and arrogance. Behind this is attitude and self awareness. A 360 review takes a certain type of openness. You must be willing to listen to the feedback you will receive. Making informed changes based on this feedback provides a lot of room for growth.
Opening up and sharing on a personal level is important. St. Vincent welcomes others to argue with him, as long as they come with a reason. This opens grounds to more productive conversations and problem solving in the workplace.
Where is Credit Due?
Security programs are often only evaluated on failures. What gears are St. Vincent trying to fix? He answers how the fixes can sometimes be hard to spot and are often operational. Overtime, credit will be given and problems will be solved. Being part of the solution helps people realize the controls. Moore also shares his experience in finding expired servers.
Trying to Own too Much
Oftentimes, people agree to owning too much, but it can be too much to be doing all of this alone. Many companies have a security program in place but no asset control. The CISO will be responsible for protecting what they own, but if it is undefined this can be challenging. This leads the CISO to overcompensating. St. Vincent shares his advice for situations like this. Trying to own everything is not a path to success. Registering everything you own to an owner is helpful. This model will be more successful and having a motivation owner is important as well.
What Does Being a New CISO Mean?
In St. Vincent’s experience, being a new CISO is about looking at the technology and processes already there, determining which ones people think are broken and trying to work these problems out.
8:44-10:47 Coaching the next generation
25:30-26:50 360 Reviews
27:49-29:46 Relational Confidence