Brian Contos, CISO & VP of Technology Innovation at Verodin, sat down with our host, Ashwin Krishnan, at RSAC 2020. In their conversation, Brian points out that it’s not enough that CISOs talk business as well as tech to the board. These days they also need to show cybersecurity ROI in terms of dollars not just risk. He asks, “Can you prove that the security tools you have in place are actually providing value and working?”
In Brian’s experience, one effective way of bridging the skills gap is to cast the recruitment net wider and then conduct onsite tests as part of the recruitment process. Companies have found this ensures a good fit pre-hire, while the continued practice of testing keeps everyone’s skills sharp.
He also discusses the importance of honesty and transparency in that tricky vendor-CISO relationship. Communication here is key: vendors must be honest about the value they bring and CISOs must be transparent about what they actually need.
- 02:02 — CISOs are increasingly being asked to show ROI in dollars and cents.
- 05:52 — CISOs have to talk business not just tech.
- 10:16 — Cast the recruitment net wider to manage the skills gap.
- 12:34 — Vendor-CISO relationship is all about honest communication.
- 17:01 — The triumverate of product, threat intelligence and service is the way forward for vendors.