Michael Figueroa, President and Executive Director of the Advanced Cyber Security Center (ACSC), discusses the importance of leveraging board governance in cybersecurity initiatives.

In the podcast, Figueroa and host Chris Sienko discuss:

– Why are so many organizations still unaware of the need for strong unified security planning? (1:44)

– Is this a situation where C-suite members shoulder the burden of security on themselves, or even assume that it’s just IT’s problem and leave it at that? (3:38)

– Tell us about the survey mentioned in the briefing between ACSC member CISOs and CIOs representing organizations from a range of sectors. What were some of the perspectives discussed in this meeting? (5:00)

– Were there any compelling scenarios or real-world examples at the meeting that made for compelling stories? (7:32)

– What should be the first step for an organization that has critically neglected it digital cybersecurity strategy? (9:48)

– What are some steps one can make to make your board more cyber-seasoned, both with planning and day-to-day operations? (13:35)

– What is the role of non-human identities? Do things like service accounts that connect to modular coding components, microservices, software containers and APIs feed into this issue? (14:46)

– In your report, you noted that there is a need “for a risk standard… that would help guide decision making.” What are the first steps that nee to be taken to craft such a standard? Has there been any work on this since the release of the report? (17:37)

– Does there need to be outreach to organizations to let them know that over-privileging users is a problem? (18:07)

– Do you see these collaborative meetings as something that can travel around the country and meet with other boards in different parts? (19:40)

– What do the findings of this report have to tell someone looking to get into the cybersecurity field? Is this gap in security leadership a sign that career climbers should be planning around filling this leadership gap in the decade to come? (21:49)

– Is a critical lack of cybersecurity leadership something that a lower-level employee could try to address? How do you make the case to your president or company board that the findings of this report apply to your organization as well? (25:41)

– What should be the first steps to implementation? What should be the initial actions between a new security executive and the board? What steps should be implemented in advance to prevent poor follow-through? (28:14)

– What does a push toward more across-the-board risk strategy and more push toward security literacy mean for people trying to break into cybersecurity? Can you speculate how it might change the needs of the overall cybersecurity workforce? (29:55)

– If listeners want to learn more about the findings of the report or download a copy for themselves, where can they go? (32:28)

Additional Resources

– Join us in the fight against cybercrime: https://www.infosecinstitute.com
– Special offer for Cyber Work listeners: https://www.infosecinstitute.com/podcast

About the Cyber Work Podcast

Knowledge is your best defense against cybercrime. Each week on Cyber Work, host Chris Sienko sits down with a new industry thought leader to discuss the latest cybersecurity trends — and how those trends are affecting the work of infosec professionals. Together we’ll empower everyone with the knowledge to stay one step ahead of the bad guys.