Mar 21, 2019
Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Webroot.
Thanks to this week’s podcast sponsor, Praetorian
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
On this episode of Defense in Depth, you'll learn:
- You have to come to an acceptance that a security program that's at 90 percent is good enough.
- Accept that you will never reach the end of the tunnel. You'll never have a perfect defense.
- The CISO's role is that of a change agent and depending on the depth of your relationship, you may get push back.
- Don't underestimate the impact you're trying to make on the business culture. Organizations can only change in increments. Stressing that will generate stress in you, the security professional.
- Since security touches every department and you need to engage with every department, you will deal with a lot of personalities.
- In addition to dealing with all the departments, you won't have authority over them, but you will be perceived as accountable for their security issues. The business needs to own security and its relevant risk.
- Don't fall into impostor syndrome where you chronically feel you're doing a bad job.
- Accept small wins. Break up huge projects into smaller chunks and celebrate those wins.