The Changing Risk Landscape: CISO Liability – Darren Shou – BSW #362
Full Audio
View Show IndexSegments
1. The Changing Risk Landscape: CISO Liability – Darren Shou – BSW #362
How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.
Guest
Darren Shou is the Chief Strategy Officer at RSA Conference. Prior to RSAC, Darren was CTO at Gen Digital (formerly NortonLifeLock), where he helped the company grow to over 500M users by developing innovative new products and strategic integrations with companies such as Avast and Avira. Prior to that, Darren spent two decades in product development and leadership roles at Symantec and Microsoft. He is a global keynote speaker, a contributor at WIRED, and has been featured in major media outlets such as the Wall Street Journal, Financial Times, and CNN.
Hosts
2. CEOs need to be bold, but can CISOs keep up? – BSW #362
This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.
On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118
Announcements
Don’t lose access to the Security Weekly content you know and love - make sure that you subscribe to your favorite podcasts feeds on an alternative platform like Spotify, YouTube Music, Amazon Music, Apple Podcasts, or anywhere else you listen to podcasts! Visit securityweekly.com/subscribe to find the buttons to subscribe to each show now! We love to see your ratings and feedback so make sure to tell us what you think of the latest episodes.
Hosts
- 1. CEOs, Is Your Business Strategy Bold Enough?
4 actions CEOs should take to ensure a bold strategy:
1. Objectively assess your company’s position 2. Lean into reinvention 3. Assess your leadership team alignment 4. Take action - 2. Global CISO Forum 2024: Uniting Cybersecurity Leaders to Shape the Future of Security
The event’s agenda features notable speakers and talks such as:
- Elizabeth Stephens, DBS Cyber LLC “Digital Safeguards: Your Essential Blueprint for Navigating Cyber Threats”
- Panel with Cassandra Dacus, Nicole Dove, Susan Lam, and Tamika Bass: “Breaking the Double Glass Ceiling: Race & Gender”
- Todd Bell, GlobalDataLock.com: “Weaponizing Your Cybersecurity Program”
- Jigyasa Grover, Bordo AI and Rishabh Misra, Attentive: “Sculpting Data for Machine Learning: Generative AI edition”
- Keyaan Williams, Cyber Leadership and Strategy Solutions, LLC: “Back to the Future: The old and relevant paradigm for CISOs that people overlooked or forgot”
- Ed Adams, Cyversity: “The Many Colors of Cybersecurity: Maximizing your org’s Cyber Power”
- George Dobrea, XEDUCO Institute: “Integrating Cyber Risk and Business Risk: A Unified Approach in NIST CSF 2.0, NIS2, and DORA”
- Regina Grogan, LeadStack Inc.: “Hacking the Human Firewall: Leveraging Behavioral Science for Cybersecurity Resilience”
- 3. The Top Three Budget Priorities For CISOs In 2025
- Making strategic investments to enhance security: “increase budgets in areas that impact revenue generation”
- Exploring emerging technologies
- Divesting from outdated solutions
- 4. Cybersecurity leadership for small businesses
Options for smaller organizations hoping to show leadership when it comes to cybersecurity:
- Inhouse or outsourced
- When to take the cyber plunge (Cyber Essentials? Cyber Essentials plus? Are these certifications?)
- Fostering a culture of security
- 5. Cybersecurity Burnout: Costing Enterprises More Than Money
The burnout associated with cybersecurity and stress on tech pros costs U.S. businesses about $626 million in lost productivity annually.
“This poor mental well-being at work is costing the industry millions at a time when there is a rising skills shortage,” according to a report summary. “74 percent of cybersecurity professionals globally say that they have taken time off due to work-related mental well-being problems, with staff reporting taking an average of 3.4 sick days per year due to work-related mental well-being problems.”
(stats from Hack the Box surveys)
The Hack the Box survey matches similar findings published by Gartner in January when the research firm interviewed 178 cybersecurity leaders, which found:
- 62 percent reported pressure to work late at night and on weekends
- 36 percent reported feelings of isolation
- 32 percent reported low morale among their security teams
- 6. Servant Leadership: Leading by Serving
"Leadership isn't about commanding; it's about serving"
- Listening: The Foundation of Respect
- Mentorship: Empowering Growth and Potential
- Integrity: The Cornerstone of Trust
- Humility: Recognizing the Contributions of Others
- Gratitude: Appreciating Contributions and Accomplishments
- Attitude: Inspiring Through Positivity
- Servant Leadership: A Model for Sustainable Success
