Brian Johnson – CFH #27
Full Audio
View Show IndexSegments
1. Non-compliant Clients: Righting the Ship Before Regulators Pounce – Brian Johnson – CFH #27
Try as they might to keep their clients in compliance with privacy and security regulations, managed services providers are still at the mercy of the organizations they serve. Unfortunately, companies don't always follow the MSSP's or vCISO's advice on items like responsible data stewardship, privacy policies and breach notification. If an attack does transpire and the company draws the ire of regulators, the security services provider could even end up a scapegoat, or even embroiled in a liability case. This Q&A discussion will look at what resource an MSSP or vCISO service has when their customer fails to make basic compliance a priority.
Guest
Brian brings more than 20 years of experience in leadership, founding, and building to his role as Co-founder and CEO at Crucyble. Previously, Brian was CSO of Armorblox (Acq by Cisco), CISO at Lending Club (LC) and Upwork (UPWK). Brian has held leadership positions at Uber, Netflix (NFLX), and ForeScout (FSCT). Brian has helped design, build and secure systems for the US Department of Defense, Global Finance, and Technology companies at scale. He has enjoyed speaking on innovation and maturing security organizations at the RSA Conference and National Press Club. Brian is regularly asked to speak at security conferences, as well as, brief Board of Directors and Executive Management teams. Brian has worked with Federal Agencies and Policy Advisors to influence actionable change in national security policy. Brian is an active advisor and mentor to several startups and founders in Silicon Valley where he resides with his wife and two children.
Hosts
2. Beware FUD: Avoiding Fear Tactics when Selling Your Managed Services – CFH #27
The consequences of a cyberattack can be devastating, and it does make sense for managed security services providers to impress on their current and prospective clients the risks of not investing in prevention and response. However, many cyber thought leaders believe that certain lines should not be crossed. Advice is one thing; fearmongering is another -- and if you pursue the FUD angle too hard, you may simply come off as a predatory opportunist looking to push your services on the customer. This discussion will reveal how to convey your message and market your services in a way that doesn't exaggerate existing threats and turn off your clients.