#32 Gary Hayslip – CISSP

#32 Gary Hayslip – CISSP

00:00 / 26:57

The storytelling CISO who leads by example
Gary points out that a CISO’s hardest job is to help executives understand the value of cybersecurity and shares that storytelling is invaluable in gaining trust and promoting understanding.

  • 02:34 In a breach the CISO does not own 100 percent of the blame.
  • 03:46 CISO’s help manage risk, but they do not own it. Risk belongs to the company.
  • 04:43 Companies are getting mature about dealing with risk, security is just another part of that.
  • 06:13 Managing cyber risk is not a one-off, it’s a life cycle.
  • 08:03 One of a CISO’s toughest jobs is getting executives to understand the value of what you are doing and spending all the money and resources on.
  • 09:14 Take the security speak and put it in to stories that people can relate to. Use storytelling and laughter to win champions and support within the company.
  • 10:14 Use storytelling to help the board see how security benefits the business. Share your strategies and forget the fear factor.
  • 12:50 Vendors can use storytelling to build trust too, but they need to do their homework and get context to understand their customers.
  • 16:36 The three-step process that smart cities can teach enterprise about security: assessment, remediation and enforcement.
  • 17:34 Cyber is continuous, it’s a life cycle, but continuous is hard for organizations because it requires resources.
  • 19:52 Unfortunately, in many companies, continuous security is not considered the norm, instead they ride the ups and downs of incidents.
  • 20:30 Cybersecurity is never done.
  • 21:56 Management is servant-leadership. Don’t just manage people, actually serve them, lead them, and mentor them.
  • 24:11 Build training maps for your staff, so they can see where they are at and where they are going.
  • Interview with Gary Hayslip | 2
  • 25:19 How to retain your staff: make it fun.

Gary Hayslip Interview Transript