Practical guidance for CISOs from former federal security adviser
In this edition of the Irari Report, Ira Winkler and Araceli Treu Gomes interview Howard Schmidt, who served as the cybersecurity adviser to both President George W. Bush and President Barrack Obama, Chief Information Security Officer of Microsoft and eBay, among other senior and operational roles in industry and government. Schmidt provides extremely practical guidance for security practitioners and executives, as well as business executives as to how they can create more effective security programs and advance in their careers.
Topics covered (with timestamps) include:
- Where does industry need the most help? (1:27)
- What are the top concerns for executives? (2:34)
- What are the primary differences between government and industry security concerns? (4:45)
- Is government or industry ahead with regards to cybersecurity? (6:35)
- Why is the message that it is the simple vulnerabilities that are exploited most frequently, and need to be mitigated, not being embraced? (7:53)
- Is the focus on the threat distorting actions that should be taken by security programs? (11:22)
- Is voluntary cooperation by industry sufficient? The real benefit of cyberinsuranace (15:18)
- Does cyberinsurance just create risk transference? (17:15)
- What is the first question you ask companies when you provide executive level advice? (18:27)
- As Howard believes that security professionals know how to mitigate their problems, why aren’t security personnel getting their message across to management? (20:25)
- What is the best way to talk to business executives to get budget and support? (23:20)
- The best free advice Howard can give security executives. (24:50)
This interview provides a lot of practical advice that intends to provide high-level guidance as to how security practitioners can perform their jobs more effectively.