Questions That CISOs Frequently Ask
Or Should Ask (CHECKLIST)
In this episode of Life of a CISO, Dr. Eric Cole pinpoints the questions that CISOs frequently ask or should ask.
Good CISOs know the right answers, and brilliant CISOs know the right questions.
Listen to today’s episode to know what questions CISOs are asking and should be asking.
In this episode:
- 0:00 Intro
- 0:30 What if I’m not being invited to the meetings
- 1:30 Start building trust
- 2:10 Bring coffee and donuts
- 3:11 Make sure you are careful who you send to meetings
- 4:08 Today’s security person is a role-reversal of 20 years ago
- 4:35 Just say “no” (In the past)
- 5:23 Just say “no” again (in the past)
- 5:57 Finally you can say yes
- 6:40 Just say yes (today)
- 7:25 The right way to say “no” (is to say yes)
- 9:03 If none of those options work, do a risk transfer
- 10:50 The mistake that most CISOs make
- 11:46 Questions: Smart people know the answers, brilliant people know the right questions
- 12:41 Do you know your company’s business?
- 13:11 What could have the biggest impact on our business
- 14:49 Ecommerce sales mean uptime comes first
- 17:10 What is the risk tolerance?
- 18:20 Organizations that have already been breached once usually have the best risk posture
- 19:10 You can wait till it’s too late, or go threat-hunting
- 20:01 How do executives view cybersecurity?
- 21:03 If you have a major breach, you’ll love 40% of your profitability
- 23:00 What cyber security KPs can we start using?
- 26:03 Phishing campaigns as KPI
- 28:47 If I could only do one thing…
- 31:20 A CISO always has too much to do and not enough time
- 31:52 What is one thing you’re doing that is a big waste of time and energy?
- 32:25 Wrap up