The storytelling CISO who leads by example
Gary points out that a CISO’s hardest job is to help executives understand the value of cybersecurity and shares that storytelling is invaluable in gaining trust and promoting understanding.
- 02:34 In a breach the CISO does not own 100 percent of the blame.
- 03:46 CISO’s help manage risk, but they do not own it. Risk belongs to the company.
- 04:43 Companies are getting mature about dealing with risk, security is just another part of that.
- 06:13 Managing cyber risk is not a one-off, it’s a life cycle.
- 08:03 One of a CISO’s toughest jobs is getting executives to understand the value of what you are doing and spending all the money and resources on.
- 09:14 Take the security speak and put it in to stories that people can relate to. Use storytelling and laughter to win champions and support within the company.
- 10:14 Use storytelling to help the board see how security benefits the business. Share your strategies and forget the fear factor.
- 12:50 Vendors can use storytelling to build trust too, but they need to do their homework and get context to understand their customers.
- 16:36 The three-step process that smart cities can teach enterprise about security: assessment, remediation and enforcement.
- 17:34 Cyber is continuous, it’s a life cycle, but continuous is hard for organizations because it requires resources.
- 19:52 Unfortunately, in many companies, continuous security is not considered the norm, instead they ride the ups and downs of incidents.
- 20:30 Cybersecurity is never done.
- 21:56 Management is servant-leadership. Don’t just manage people, actually serve them, lead them, and mentor them.
- 24:11 Build training maps for your staff, so they can see where they are at and where they are going.
- Interview with Gary Hayslip | 2
- 25:19 How to retain your staff: make it fun.