Top Notch – BSW #250
Full Audio
View Show IndexSegments
1. Time To Move Away From “G – little R – Big C” (GRC) – John Wheeler, Padraic O’Reilly – BSW #250
How to move from legacy GRC processes and systems to a more automated approach that promotes visibility, agility, and alignment from assessment to Boardroom.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
Sponsored By
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guests
Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.
John A. Wheeler is Strategic Advisor to CyberSaint and the founder and CEO of Wheelhouse Advisors, a global risk management strategy and technology advisory firm. John has over 30+ years of industry experience is a recognized expert, frequent speaker and author on the effective use of risk management practices and technology in large and midsize businesses. Prior to joining CyberSaint, John was Senior Director, Analyst for risk management technology solutions and services at Gartner, a leading research and advisory organization. Wheeler spent over ten years at Gartner advising thousands of CISO and CIO buyers, CEOs, Boards of Directors, as well as technology product and services companies within the $9 billion Integrated Risk Management market. Prior to his time at Gartner, Wheeler led teams at Truist (formerly known as SunTrust), transforming and modernizing the organization’s risk management, Sarbanes-Oxley (SOX), and audit programs. He had leadership positions at Turner Broadcasting and Emory Healthcare, and also held positions in IT and risk consulting at Big Four firm EY in addition to Accenture.
Hosts
2. 5 Leadership Lessons, 6 Steps to Success, & 6 Tips to Say No – BSW #250
In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (that actually work!), and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
CRA's Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!
Hosts
- 1. 5 Leadership Lessons General Marshall can Teach UsGeneral Marshall is an unlimited source of leadership inspiration. Here are some takeaways from his leadership accomplishments. 1. George C. Marshall was a great leader because he was able to think ahead and plan for the future. He understood his role as a senior leader. He wasn’t supposed to be inundated with the details of a plan. He knew that diving into that much detail would take his eyes off of the organization’s vision. Good leaders let subordinate leaders do their jobs. 2. He was also able to adapt to changing circumstances and make quick decisions when necessary. World War II was a dynamic event. The country was divided into two theaters, the European and Pacific regions. General Marshall needed the military to be flexible. Fortunately, he had leadership under him that was adaptable and innovative. 3. General Marshall showed leadership by empowering the leaders below him to do their jobs successfully. He made sure they understood what needed to be done and why it was important to accomplish the mission, but trusted them enough to make most of the decisions at their level. 4. George Marshall was a master of communication and knew how to get people to work together towards a common goal. He was able to communicate even in the midst of crisis. “What is important now is leadership- leadership by example, leadership on the part of everybody who has any influence whatever with human beings… It isn’t what they think about us; it’s what they think we think about them that counts.” — George C. Marshall 5. Finally, Marshall believed in leading by example and setting the right tone for his team. “I think leadership is the ability to influence people. The most effective way that I can influence people is by setting a tone and example.” — George C. Marshall
- 2. Top cybersecurity leadership challenges and how to solve them"If I'm being honest about our situation, we're on our own when it comes to building out the infosec program," wrote Todd Barnum, CISO at GoPro in his book, The Cybersecurity Manager's Guide: The Art of Building Your Security Program. "Neither the culture nor any executive sponsor will provide much support."
- 3. Delta CISO Debbie Wheeler: Security can’t be seen as a competitive advantageWith the complexity and criticality of security in the aviation industry, Wheeler warns against viewing security as a competitive advantage. Instead, she says, a more collaborative approach is required.
- 4. Cybersecurity incident response: The 6 steps to successCybersecurity incident response is not only about handling an incident – it’s also about preparing for any possible incident and learning from it. Here are six steps for a successful and efficient cybersecurity incident response: 1. Preparation 2. Identification 3. Containment 4. Eradication 5. Recovery 6. Lessons Learned
- 5. 6 Effective Tips to Politely Say No (that actually work!)6 Tips to Help You Say No: 1. Switch Out “No” for “Later” 2. Rehearse Your No 3. Don’t Offer an Explanation 4. Do Offer An Alternative 5. Use “No” Body Language 6. Slay the Procrastination Dragon
- 6. What’s the Optimal Workplace for Your Organization?More than two years in the Covid-19 pandemic, companies are struggling with how to reimagine their workspaces for their strategic needs. Too often, leaders push the decision down the road when, in fact, taking decisive action now can pay off later. But how do you determine whether in-person, hybrid, or remote options are best for your organization? Start by asking two questions: What is your strategy for future growth? And what is the size of the organization you need right now? Then, map your answers to better understand how your needs around innovation and execution translate to physical (or virtual) spaces.
