SolarWinds Hack Explained and How
You Can Be a Better CISO

In this episode of Life of a CISO, Dr. Eric Cole shares a collection of his greatest hits.

He discusses ways you can be a great CISO using some of the tips discuss in this episode.

The first is to want to be a CISO.

The second is to think like an executive.

Treat every decision based on: risk, priority, cost effective risk management.

Watch this episode and learn these tips on becoming a great CISO and much more.

In this episode:

  • 0:25 The truth will come out
  • 1:10 The technical reason why the Solar Winds breach happened
  • 1:34 Two rules: Any system accessible from the internet must be fully patched and never contain critical data.
  • 2:15 The new answer
  • 3:05 The 90% rule
  • 5:50 Security and executives don’t speak the same language
  • 6:10 The CISO needs to be a chief, not a technical position
  • 6:50 CISOs have to be created, they can’t be on a security career track
  • 8:22 A world class security engineer can be a CISO, but it’s a separate career path
  • 9:22 You can have a great career as a security engineer
  • 10:14 Executives don’t always like the CISO. Why?
  • 12:04 My meeting with the CISO. How did it go?
  • 13:30 The CISO didn’t act like a CISO, he acted like a security engineer
  • 14:42 If you enjoy the technical aspects, just stick to what you love
  • 16:40 I created CISO training because technical courses don’t teach strategy
  • 17:59 Bill Gates would do a “think week” once a year
  • 19:23 What does a CISO need to know?
  • 20:35 A CISO needs coaching
  • 21:02 Why I like group coaching
  • 22:40 What is your current challenge?
  • 25:00 What do I think about organizations separating cyber risk and cybersecurity?
  • 26:15 The Dr Cole magic three questions
  • 27:05 Why do some companies win and some lose?
  • 29:00 How to make a spreadsheet that turns you into a winner
  • 29:23 If you can’t do that, buy my new book