SolarWinds Hack Explained and How
You Can Be a Better CISO

In this episode of Life of a CISO, Dr. Eric Cole shares a collection of his greatest hits.

He discusses ways you can be a great CISO using some of the tips discuss in this episode.

The first is to want to be a CISO.

The second is to think like an executive.

Treat every decision based on: risk, priority, cost effective risk management.

Watch this episode and learn these tips on becoming a great CISO and much more.

In this episode:

• 0:25​ The truth will come out
• 1:10​ The technical reason why the Solar Winds breach happened
• 1:34​ Two rules: Any system accessible from the internet must be fully patched and never contain critical data.
• 2:15​ The new answer
• 3:05​ The 90% rule
• 5:50​ Security and executives don’t speak the same language
• 6:10​ The CISO needs to be a chief, not a technical position
• 6:50​ CISOs have to be created, they can’t be on a security career track
• 8:22​ A world class security engineer can be a CISO, but it’s a separate career path
• 9:22​ You can have a great career as a security engineer
• 10:14​ Executives don’t always like the CISO. Why?
• 12:04​ My meeting with the CISO. How did it go?
• 13:30​ The CISO didn’t act like a CISO, he acted like a security engineer
• 14:42​ If you enjoy the technical aspects, just stick to what you love
• 16:40​ I created CISO training because technical courses don’t teach strategy
• 17:59​ Bill Gates would do a “think week” once a year
• 19:23​ What does a CISO need to know?
• 20:35​ A CISO needs coaching
• 21:02​ Why I like group coaching
• 22:40​ What is your current challenge?
• 25:00​ What do I think about organizations separating cyber risk and cybersecurity?
• 26:15​ The Dr Cole magic three questions
• 27:05​ Why do some companies win and some lose?
• 29:00​ How to make a spreadsheet that turns you into a winner
• 29:23​ If you can’t do that, buy my new book