Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
All content for Security Program Transformation Podcast is the property of Sidekick Security and is served directly from their servers
with no modification, redirects, or rehosting. The podcast is not affiliated with or endorsed by Podjoint in any way.
Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
Tech Debt, Compliance, and Strategy: A Deep Dive with the CDC’s CISO
Security Program Transformation Podcast
1 hour 2 minutes 59 seconds
1 year ago
Tech Debt, Compliance, and Strategy: A Deep Dive with the CDC’s CISO
Summary
In this conversation, Robert Wood and Joe Lewis discuss the complexities of leading cybersecurity efforts within a large organization like the CDC. They explore the balance between security and mission enablement, the nuances of risk management, and the importance of compliance. Joe emphasizes the need for humility in leadership, the value of building a strong team, and the significance of understanding organizational dynamics. The discussion also touches on the challenges of innovation in crisis situations, the importance of effective communication, and the need for continuous personal and professional development in the cybersecurity field.
Takeaways
Humility is essential for effective leadership in cybersecurity.
Balancing security with mission enablement is crucial.
Understanding risk transfer dynamics is important for CISOs.
Compliance should be viewed as a foundation for security, not a hindrance.
Using compliance strategically can enhance decision-making processes.
Innovation often requires accepting certain risks during crises.
Post-crisis assessments are vital for understanding risks taken.
The language of risk must be tailored for different audiences.
Non-technical skills are critical for success in cybersecurity roles.
Intentional organizational design can break down silos and improve collaboration.
Sound Bites
"I think the one piece of advice I would have given myself is humility."
"We are evolving into a managed cybersecurity service provider."
"Not everybody should grow up to be a CISO."
Chapters
00:00 Introduction to Cybersecurity Leadership
02:36 Balancing Security and Mission Enablement
07:38 Understanding Risk Transfer in Cybersecurity
12:57 Navigating Compliance and Security
16:29 Using Compliance as a Strategic Tool
21:36 Innovation and Risk Management in Crisis
25:59 Post-Crisis Reflection and Risk Assessment
28:29 The Language of Risk in Cybersecurity
34:42 Developing Non-Technical Skills in Cybersecurity
39:43 Intentional Organizational Design
45:14 Managing Change and Reducing Process Waste
51:12 Identifying and Nurturing Future Leaders
56:29 The Importance of Humility in Leadership
Security Program Transformation Podcast
Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.
