Why CISO’s Fail: Some Practical Lessons for the Future – Barak Engel – CSP #173
Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault.
This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them!
Sponsored By
Guest
As the pioneer of the vCISO concept and original vCISO, Barak has served as CISO in dozens of organizations including Stubhub, Mulesoft, Amplitude Analytics, BetterUp, and many others, usually a few at a time. His consulting firm, EAmmune, has managed security programs for hundreds of brands globally. Barak has made numerous contributions to the field with his thought-provoking insights about security as a human discipline and business enabler. His first book, “Why CISOs Fail”, was inducted in 2021 into the Cybercannon, with a second edition set for release in March 2024. His second book, “The Security Hippie”, was released in 2022.
Barak serves on multiple security company advisory boards, is a member of the Theia Institute, a security think tank, and a board member in several non-profit organizations.
Host
Todd Fitzgerald promotes CISO/CPO leadership via the SCMedia CISO STORIES weekly podcast, advisory board participation, and international speaking engagements. Todd serves as VP, Cybersecurity Strategy, CyberRisk Collaborative. Todd authored 5 books, including #1 New Release (2024) Privacy Leader Compass: A Comprehensive Roadmap for Building and Leading Practical Privacy Programs, and #1 Best-selling (2019-2023) and 2020 CANON Cybersecurity Hall of Fame book, CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. Named 2016–17 Chicago CISO of the Year, Todd’s senior leadership positions include Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, Wellpoint/National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.
