Broadcasts.com - "Do's And Don'ts of Trashing Your Competition" (CISO Series Podcast)

Technology
SEE MORE
- classical
- general
- talk
- News
- Family
- Bürgerfunk
- pop
- Islam
- soul
- jazz
- Comedy
- humor
- wissenschaft
- opera
- baroque
- gesellschaft
- theater
- Local
- alternative
- electro
- rock
- rap
- lifestyle
- Music
- como
- RNE
- ballads
- greek
- Buddhism
- deportes
- christian
- piano
- djs
- Dance
- dutch
- flamenco
- social
- hope
- christian rock
- academia
- afrique
- Business
- musique
- ελληνική-μουσική
- religion
- World radio
- Zarzuela
- travel
- World
- NFL
- media
- Art
- public
- Sports
- Gospel
- st.
- baptist
- Leisure
- Kids & Family
- musical
- club
- Culture
- Health & Fitness
- True Crime
- Fiction
- children
- Society & Culture
- TV & Film
- gold
- kunst
- música
- gay
- Natural
- a
- francais
- bach
- economics
- kultur
- evangelical
- tech
- Opinion
- Government
- gaming
- College
- technik
- History
- Jesus
- Health
- movies
- radio
- services
- Church
- podcast
- Education
- international
- Transportation
- Other
- kids
- podcasts
- philadelphia
- Noticias
- love
- sport
- Salud
- film
- and
- 4chan
- Disco
- Stories
- fashion
- Arts
- interviews
- hardstyle
- entertainment
- humour
- medieval
- literature
- alma
- Cultura
- video
- TV
- Science
- en

Do's And Don'ts of Trashing Your Competition

Published: Nov. 12, 2019, 1:30 p.m.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/dos-and-donts-of-trashing-your-competition/)

We want to malign our competitors, but just don't know how mean we should be. Miss Manners steps in on the latest episode of CISO/Security Vendor Relationship Podcast.

This episode is hosted by me,\xa0David Spark\xa0(@dspark), producer of CISO Series and founder of\xa0Spark Media Solutions\xa0and\xa0special guest co-host, Mark Eggleston (@meggleston), CISO, Health Partners Plans, and our guest is Anahi Santiago (@AnahiSantiago), CISO, ChristianaCare Health System.

We recorded in front of a live audience at Evanta's CISO Executive Summit in Philadelphia on November 5th, 2019.

Recording CISO/Security Vendor Relationship Podcast in front of a live audience at Evanta's CISO Executive Summit in Philadelphia (11-05-19)

Thanks to this week's podcast sponsors Trend Micro, Thinkst, and Secure Controls Framework.

Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit\xa0www.trendmicro.com.

The Secure Controls Framework (SCF) is a meta-framework \u2013 a framework of frameworks. This free solution is available for companies to use to design, implement and manage their cybersecurity and privacy controls in an efficient and sustainable manner. Our approach provides a comprehensive solution to manage complex compliance needs.

Most companies find out way too late that they\u2019ve been breached. Thinkst Canary changes this. Find out why the Thinkst Canary is one of the most loved products in the business and why the smartest security teams in the world run Canary. Visit https://canary.tools.

On this week\u2019s episode

Why is everyone talking about this now?

Greg van der Gaast, former guest who runs security at The University of Salford, initiated\xa0a popular LinkedIn discussion\xa0on the topic of human error. According to his colleague Matthew Trump of the University of Sussex, in critical industries, such as aerospace, oil & gas, and medical, \u201chuman error\u201d is not an acceptable answer. You simply have to prevent the incident. If not, a mistake can be both a regulatory violation and lethal.

But people are a part of the security equation. It\u2019s unavoidable.

We know zero erros is impossible, but can you accept \u201chuman error\u201d as a fail point?

Hey, you\u2019re a CISO, what\u2019s your take on this?

Listener David said, \u201cOne thing I have experienced at my last two jobs is integrating with a \u2018global\u2019 security team whose security program is effectively and functionally inferior to our own. In these occasions, the global security team wanted us to remove current safeguards, processes/procedures and tooling that reduced the preparedness and effectiveness of our security program and introduced risk(s) that we have not been exposed to in years. All of these changes were always touted as a \u2018one team\u2019 initiative but never once was due diligence on security posture taken into account.

\u201cWhat is the best way to go about a consolidation like this? Do you not mess with a good thing and ask the \u2018better\u2019 security program to report up incidents, conform to compliance check boxes etc. or as a CISO do you sign off on a risk acceptance knowing that the operating company is now in a worse state of security.\u201d

\u201cWhat\u2019s Worse?!\u201d

We\u2019ve got two rounds of really bad scenarios.

What annoys a security professional

Geoff Belknap, former guest and CISO of LinkedIn,\xa0appreciates a vendor\u2019s desire to \u201cbring like minds\u201d together around food or drink, but the invite is not welcome on a weekend. Belknap feels that the weekend intrudes into a CISO\u2019s personal/family space. There was a lot of debate and disagreements on this, but there were some solutions. One mentioned a vendor invite that included round trip Lyft rides and childcare.

Oh, they did something stupid on social media again

Jason Hoenich, CEO of Habitu8 posted on LinkedIn that he didn\u2019t appreciate Fortinet writing about security training for CSO Online, something for which Jason\u2019s business does and for which he believes Fortinet does not have any expertise. It appears this was a sponsored article, but Jason didn\u2019t point to the article nor did he isolate specifically what he felt was wrong with Fortinet\u2019s advice.

Here at the CISO Series, we like Jason and Habitu8. They\u2019ve been strong contributors to the community. But complaining and not pointing to any concrete evidence is not the best way to convince an audience. Earlier this year we saw something similar with the CEO of Crowdstrike going after the CEO of Cybereason claiming an underhanded sales tactic that was not specified nor anyone at Cybereason knew what he was talking about.

Is it OK to go after your competition in a public forum? If so, what\u2019s the most professional and respectful way to handle it?

It\u2019s time for the audience question speed round

Our Philadelphia audience has questions and our CISOs had some answers. We rattle off a quick series of questions and answers to close the show.