Episode 3: Aligning InfoSec Objectives with Business Goals
Apr 12, 2024 ·
54m 26s
In this conversation, the hosts discuss the importance of understanding the organization and industry as a CISO. They emphasize that successful CISOs are not just about technology, but also about...
show more
In this conversation, the hosts discuss the importance of understanding the organization and industry as a CISO. They emphasize that successful CISOs are not just about technology, but also about aligning information security objectives with business goals. They highlight the need for CISOs to have people skills and the ability to communicate effectively with non-technical stakeholders. The hosts also discuss the role of mentorship and the importance of continuous learning in the field of information security. They explore how CISOs can contribute to the organization's bottom line by increasing revenue through market differentiation and improving efficiency through asset management. Overall, the conversation emphasizes the importance of viewing information security as a business enabler rather than just a technical function. In this conversation, Nave (Evan), Meg, Gina, and Jordan discuss the importance of understanding the business and people when presenting security gaps to the CFO and board. They emphasize the need to align security initiatives with the business's mission and the motivations of the people running the business. They also highlight the value of listening, observing, and building bridges with technical experts. The conversation concludes with a mailbag question about gaining a budget for security gaps, to which they provide insights on presenting the value and benefits to the organization.
Learn more about the CvCISO Program: https://www.cvciso.com/
show less
Learn more about the CvCISO Program: https://www.cvciso.com/
Comments
John Martin
2 weeks ago
On a side note, is this podcast just through Spreaker or do you have a video version as well? I'd love to watch the banter between you all if that exists!
John Martin
2 weeks ago
A very important topic, and an organization-first mindset that I brought to one of my prior roles as CIO/CTO/CISO for a NH school district. One of the most frustrating things I encountered in my career was those who came from industry and tried to use the same strategies and tactics that worked for them there in a very different vertical. Seemed like they were of the "Say no to everything" mindset without considering the impact of their decisions on the internal and external clients they served. That created a very divisive environment and a negative perception of the department that I had to overcome in my first 90 days. When I took on the role I literally tore down a wall in my office to ensure I was accessible so that we could have open and honest conversations about what the teachers, administrators, families needed which allowed me the opportunity to educate them about the concerns I held regarding the CIA triad and for us to co-create potential solutions to the problems they faced. When they realized I, and by extension my team, was as concerned for their business processes (teaching & learning) as we were for security, it created a very different and usually positive working environment for us all. So much so that there was much less frustration when I enforced MFA than there would have been if I had done that on day one without building those relationships. Sorry for the lengthy missive but this 'cast really resonated with me!
Information
| Author | SecurityStudio |
| Website | - |
| Tags |
Copyright 2024 - Spreaker Inc. an iHeartMedia Company
