Mar 5, 2020
All links and images for this episode can be found on CISO
The CISO has the shortest tenure of any C-level role. Why so
brief? Is it the pressure, the responsibility, the opportunities,
or all of the above?
Check out this LinkedIn discussion to read the basis of our
conversation on this week’s episode co-hosted by me, David
producer of CISO Series and guest co-host Gary Hayslip (@ghayslip), CISO, Softbank
Investment Advisers. Our guest is John Meakin,
Thanks to this week's podcast sponsor, IBM
offers one of the most advanced and integrated portfolios of
enterprise security products and services. The portfolio, supported
by world-renowned IBM X-Force research, provides security solutions
to help organizations stop threats, prove compliance, and grow
securely. IBM operates one of the broadest and deepest security
research, development and delivery organizations. It monitors more
than two trillion events per month in more than 130 countries and
holds more than 3,000 security patents.
On this episode of Defense in Depth, you’ll learn:
- There's a lot of confusion as to what a CISO needs to do. All
job descriptions for CISOs are different.
- There are humans behind the data and as a result CISOs are
tasked with protecting the humans.
- CISOs can improve their tenure if they seek out a business
mentor to allow them to better support the business.
- CISOs who aren't able to communicate clearly will not last
- It's a CISO's job to communicate in the language of the
business, not the other way around.
- Before the CISO ever arrives, there's a business culture.
There's always going to be a natural push back from the business.
"Why are you making us change?"
- A simple walkabout the office can solve a lot of
- If employees start asking questions about their personal
security, that's a good sign the CISO has successfully inserted
security into the business culture.
- Another huge factor that impacts CISO tenure are the increased
opportunities. Regulations and privacy laws are pushing companies
to get CISOs to provide much needed oversight.
- What does the reporting structure in your organization mean in
regards to the CISO being heard at the executive and board