In this episode of The New CISO, Steve is again joined by guest Grant Lockwood, Comedian, DJ, and the Chief Information Security Officer at Virtus Health. Today, Grant returns to explain how his approach to effective communication has evolved since becoming a security leader. Listen to the episode to learn the difference between safety and security, how stand-up comedy gave Grant an efficient framework for his CISO role, and the importance of having balance outside of work through hobbies.

Listen to Steve and Grant discuss how to maintain confidence in work and life and how to optimize your message to make the best first impression:

Comedy and Cyber Security (1:34)

Steve asks Grant why stand-up comedy has made him a better CISO. To Grant, stand-up helped him learn how to operate in a degraded state, which he finds comparable to dealing with cyber programs.

Like when a joke bombs, sometimes the most protected security programs can get hacked. Grant shares why these two mediums are similar and how both have given him the confidence to succeed in challenging situations.

Comfort and Confidence (4:12)

Grant shares how he determines his stand-up set lists and how to use that to get the audience on his side. He finds these lessons to also help in the workplace and understands the confidence that this framework provides.

Studying Delivery (6:45)

Grant reflects on the resources he’s utilized to become a better comedian, including listening to comedy podcasts. Ultimately, Grant expresses the importance of being economical with words—whether at work or on stage—to become an effective communicator.

Good Advice (9:22)

Steve presses Grant on what advice he would give his younger self, especially reflecting on his journey from an admin role to where he is now. Grant advises listeners to stay curious and teachable since there is much to learn.

He also reveals why people should be well-rounded, T-shaped individuals and how hobbies can provide transferable skills.

Getting There (12:31)

Reflecting on his career, Grant explains what he meant when he said, “The thing that got you there isn’t what will keep you there.” He clarifies how his measures of success have changed as he’s learned more about how running a business works.

Learning From Community (27:12)

As both a comedian and a CISO, Grant explores how the security community could learn from the stand-up comedy community. Both communities are very supportive, but comedy is entirely audience-dependent.

Therefore, comedy can teach security professionals to have better communication by “knowing your audience.”

The New CISO (19:09)

To Grant, being a new CISO means being adaptable, learning both the business and security side, and improving those around you.

Links mentioned:

LinkedIn

Comedy Podcasts/Resources:

Dissecting the Frog

The Comedian’s Comedian Podcast

In this episode of The New CISO, Steve is joined by guest Grant Lockwood, Chief Information Security Officer at Virtus Health.

After starting his career in an administrative position, Grant found himself getting bored. After being urged by his wife, Grant turned things around and is now a DJ, comedian, and, of course, a successful CISO. Listen to the episode to learn more about Grant’s impressive career journey, how to make your content compelling, and the transferable skills from performing comedy.

Listen to Steve and Grant discuss how hobbies can make you a better security leader and the importance of adapting to your surroundings:

Meet Grant (1:33)

Before becoming a CISO, Grant was a health sector chief information officer for a health department. Although his current role is very different, he can see the similarities between the two positions.

Before these two roles, Grant had spent years in an administrative position. Not sure what he wanted to do, his wife encouraged him to take up some hobbies, leading him to become a more well-rounded security professional.

Being a DJ (7:18)

Grant explains what people don’t know about being a DJ. He understands that what makes him a strong DJ is that he’s good at computers, demonstrating the similarities between cyber security and music.

Besides being a stress relief, Grant feels that being a DJ helps him with timing and being present, which he applies to his CISO role.

The Funny CISO (11:40)

Becoming a stand-up comedian has proven to be a transferable skill set for Grant. He reflects on how comedy helped him with his presentation skills and the ability to compel an audience.

Truth to Power (18:55)

Steve presses Grant on whether doing comedy has improved his ability to deliver truth to power. Grant understands how stand-up has expanded this skill set because he learned to hold others’ attention.

Grant also shares his feelings on the “lizard brain” and how this influences how we interact with others. Comedy taps into people’s lizard brains because it's an involuntary reaction that can bond us.

Being Adaptable (23:18)

Grant explains how stand-up forces you to adapt to your environment and use it to your advantage. This mentality also applies to presentations because you can shift gears based on your audience’s reaction.

When you can adjust your performance to the mood of others, you can hold their attention long enough to communicate your ideas effectively.

A Better Training (27:12)

If Grant could advise a security training leader, he would suggest they ask themselves, “Would this be entertaining to my mom?” Teaching potential CISOs how to make their work captivating to a wider net will make them better security leaders overall.

Links mentioned:

LinkedIn

In this episode of The New CISO, host Steve is joined by returning guest Sándor Incze, CISO at CM.com.

In part two of his interview, Sándor shares his strategies for boosting team productivity. As a long-time security leader, Sándor understands how to get the best out of his team. Listen to the episode to learn more about the difference between nervousness and excitement, the benefits of his CM model, and how running a cyber security staff is like soccer.

Listen to Steve and Sándor discuss how software development is like an F1 race and how to make a candidate confident during an interview:

In the Interview (1:33)

Sándor and Steve discuss high-stakes, stressful job interviews and how they can make candidates nervous. Although some security professionals are proud to make someone fumble during the interview process, Sándor and Steve share how to bring out the best version of someone to see if they are the right fit.

CM Squared (8:56)

Sándor shares the CM (or CM Squared) Model, a document he uses when auditing different companies' security systems to find their faults. With this model, Sándor can simplify technologies for business leaders and enhance their protections.

Like an F1 Race (15:30)

Like F1 racing, Sándor believes software development is a team effort. To help emphasize this metaphor, Sándor explains how different members of security teams mirror the roles of a racing crew.

Team Strategies (19:49)

When Sándor evaluates his role as a leader, he thinks of his staff as a soccer team. His team needs to score “goals,” and as their “coach,” it is his job to guide them.

He also shares his motto, “Do something you like, do something you’re good at, and contribute.”

The New CISO (27:12)

To Sándor, being a new CISO means “keep it simple.”

Making things too complicated does not stop cyber crimes. However, learning to talk to each other does.

Links:

LinkedIn

In this episode of The New CISO, host Steve is joined by guest Sándor Incze, CISO at CM.com.

Today, Sándor shares his untraditional path to a dual career in the Infosec and law enforcement industries. Through diligence, initiative, and automation, Sándor has been able to balance both of his life’s passions. Listen to the episode to learn more about Sándor’s extensive professional journey, the benefits of automation, and how personal interactions can shape your perspective on a crisis.

Listen to Steve and Sándor discuss what a police officer and a CISO have in common and when it’s appropriate to be “lazy”:

Meet Sándor (1:33)

Sándor has been passionate about tech since he was eleven years old. After tinkering around with an old computer at school, he became his school’s first administrator.

He credits this experience as his professional origin story.

An Opportunity With Law Enforcement (6:21)

Sándor shares that he has been interested in law enforcement professionally since his youth. Although this path didn’t initially work out, he was able to eventually combine his two passions into the dual career he has today.

Young and Successful (12:40)

By eighteen years old, Sándor was already establishing a successful career and saw the financial benefits alongside that. Amusingly, he would buy a new motorcycle every six months, an impressive luxury for his youthful age.

A Man In a Suit (14:03)

After finishing his computer science degree, Sándor tried to move into a law enforcement career. This attempt didn’t work out as intended, so Sándor had to go to a job wearing a suit rather than a preferred police officer’s uniform.

The Benefits of Laziness (16:18)

Sándor jokingly admits he is lazy because of his love for automating repetitive tasks. However, this method has proven effective, revealing much about Sándor’s perspective on work.

Lessons For the Listener (19:13)

After his third opportunity, Sándor successfully transitioned into a law enforcement role. He initially started as a volunteer, but he was able to use his automation skills to gain respect, leading him to become a police officer finally.

Life In the Academy (24:50)

Sándor reveals the age at which he joined the police academy and what being a security leader and officer have in common. A deep understanding of people and an accurate perspective on life are crucial mindsets to carry into both fields.

In this episode of The New CISO, host Steve is joined again by guest Ash Hunt, Global CISO at Apex Group Ltd.

Today, Ash shares how he transitioned from his career as a jazz musician into the vastly different world of cyber security. He also reveals his tips as a leader and a decision-maker. Listen to the episode to learn more about Ash’s unique professional journey, how security leaders inhibit their candidate search, and the secrets behind an empowered staff.

Listen to Steve and Ash discuss the power of delegation and how to determine the best time to find a new role:

Ash’s Return (1:39)

Ash returns to the podcast to share how he achieved his cyber security start. Initially touring as a jazz musician in London, Ash acknowledges how his past has helped him with his current career.

Fresh Challenges (10:13)

Ash explains when to seek new challenges to avoid professional stagnation.

He believes that when a company gets more out of him than he is out of that company, it is time to move on. This mentality has helped him decide when to leave an opportunity for a fresh one.

Being Creative (17:21)

Steve and Ash discuss the impact that they can have on others early in their careers. Ash tries to expose his interns to the industry as much as possible because there are so many exciting things to do in tech.

He believes leaders should be more creative when judging and developing talent. For Ash, creative compromise, persuasion, stakeholder management, and communication are skills that he considers when evaluating potential candidates.

Ownership and Delegation (22:01)

While discussing the importance of enabling your staff, Ash asserts what makes an effective leader. Allowing your team to own their work and delegating tasks creates an empowered and productive company culture.

Evaluating Loss (26:37)

Steve presses Ash on how he handles approaching inefficiencies at work, such as issues with AI, to the executive team. Ash’s answer is to follow the money and expose what people think is true, but it turns out to be the opposite.

Loss is rarely tracked, but pinpointing those causes can benefit your organization.

The Cost of a Breach (33:19)

Staying on the topic of loss, Steve and Ash reflect on the vast cost of a data breach and inefficient client management. Although Ash acknowledges that technology will be able to solve these issues over time, there is no harm in prioritizing clear data reports now.

New CISO (38:01)

To Ash, being a new CISO means converging cyber with technology. Ultimately, it is about working smarter, not harder, as a team.

Links:

Linkedin

In this episode of The New CISO, Steve is joined by guest Ash Hunt, Global CISO at Apex Group Ltd.

Today, Steve and Ash dive into the action of M&A (mergers and acquisitions) and how to conduct it well. As a CISO at one of the world’s largest administrators, Ash shares his valuable insight on loss, risk, and revenue generation in a constantly changing IT environment. Tune in to learn more about what causes loss during a merger, why decision management and risk management are one and the same, and the cultural changes in the security industry.

Listen to Steve and Ash discuss how to quantify loss and what jaywalking and cyber security have in common.

Meet Ash (1:34)

Ash shares that he is proud to work for a fast-moving organization that has expanded worldwide. This growth has led to an exciting time from a technology and cybersecurity perspective.

Successful M&A (5:16)

Steve presses Ash on how to conduct M&A successfully. What hurts a business during an acquisition is when there are breaks in infrastructure that get overlooked.

Luckily for Ash, he has a strong team that prioritizes infrastructure integration to avoid loss and increase revenue.

Things in Common (12:25)

Ash reveals what jaywalking and risk have in common. For example, everyone in London jaywalks, but like in cyber security, there is a degree of risk.

Risk Management (15:10)

According to Ash, risk management is decision management. Decision science is a critical part of Ash’s approach to security.

Psychological barriers in the workplace halt optimal investment decisions that can generate revenue.

Adding Value (25:36)

Ash acknowledges that his most significant contribution toward his company is successfully integrating their infrastructure into one operating platform. He knows it will rationalize his tool stacks and clean up his budget, amongst other benefits.

He has seen other companies experience operation inefficiency, access control failure, and inadvertent data disclosure, which he actively prevents.

Changing the Operation Process (30:48)

Steve and Ash marvel at the operational changes that need to be done in security. For example, many people still default to email versus a more secure portal for data exchange.

In order to mitigate risk, cultural changes need to be made to operational processes.

Links:

LinkedIn

In this episode of The New CISO, host Steve is joined again by guest Ron Banks, CISO at Toyota Financial Services.

In part two of his interview series, Ron shares his career advice for new cyber leaders. Listen to the episode to learn more about Ron’s take on China’s strategies, the importance of being inquisitive, and why we must be calm under chaos.

Listen to Steve and Ron discuss key attributes CISOs look for in a young manager and the importance of communication and leadership:

Where We Left Off (1:43)

Piggy-backing from the last episode’s conversation, Ron explains the current state of our security concerning China and how they’ve recently gone dark. According to Ron, China has been playing 3D chess for a while and has found tangible ways to disrupt American life.

A Shoutout To Ron (10:19)

Steve gives a shoutout to Ron’s book, highlighting the state of American security and its relationship with China. Academic with numerous footnotes, Ron’s work provides readers with meaningful context related to cyber security.

Valuable Advice (12:20)

Ron reflects on the advice he wishes he could have given his younger self. He asserts that there is a path to cyber if you gain a technical foundation. He also shares how you need to be creative and curious to thrive in this industry.

Evaluating Young Leaders (15:16)

Steve presses Ron on how he evaluates young leaders in the security field. For the young manager, you must have the technical chops in addition to the personality.

Managers need leadership and communication skills to inspire their teams. And, of course, practice makes perfect.

Calm Communication (21:50)

Ron and Steve discuss why leaders should practice calm communication. Leaders must put their teams at ease when there is chaos.

New CISO (28:00)

To Ron, being a new CISO means also being a business leader. Bridging the gap between the worlds is becoming more and more necessary as the world progresses.

Links:

Linkedin

In this episode of The New CISO, host Steve is joined by guest Ron Banks, CISO at Toyota Financial Services.

In part one of his two-part interview, Ron shares how he transitioned from a fighter pilot to a cybersecurity leader. He also digs into what is required for a joint government, private industry, cyber offensive response. Listen to the episode to learn more about Ron’s years as a combat veteran, how the government can improve security strategies, and the necessity of political will.

Listen to Steve and Ron discuss the importance of public-private partnerships and the challenges of posing consequences on adversaries:

Meet Ron (1:35)

Steve introduces guest Ron Banks, a CISO, author, veteran, and academic. Ron details his duties as a fighter pilot and how he transitioned to education and then cyber security.

What He Misses Most (5:17)

Ron shares that what he misses most about his fighter pilot days is the rush from flying. However, he found the transition into cyber security simple because he gets to evaluate offensive and defensive security strategies reminiscent of his time serving.

Possible Friction (8:10)

Steve presses Ron on whether there is friction between cyber teams, their capabilities, and the grounds they are trying to defend on the private side.

Ron explains that the virtual defense of the United States contains over 200 government organizations, each controlling a different lane. The cyber camp mainly covers the DOD, which comes with problems.

On the Private Side (12:07)

When discussing the lack of consequences for bad actors, Ron shares the great strides the FBI has made to improve their relationships with law enforcement in other countries. Despite these efforts, the behavior of cyber criminals has not changed enough, demonstrating that there is more our government can do.

Things to Work On (17:54)

Ron shares some advice for new security leaders working within the government. He suggests focusing on public/private partnerships because sharing information is critical.

How Breach’s Occur (21:54)

Ron discusses his tips for dealing with a breach and why they occur. There is a strategy where they can impose consequences on cyber criminals, which his team has accomplished by focusing on counter-terrorism.

Ultimately, no more money needs to be invested, the relationships are built, and the technology is there, but there has to be the political will to defeat threat actors effectively.

Advice to Lobby (29:01)

Steve presses Ron on what it would take to lobby the government and get the necessary resources. Since the capability is there, Ron reaffirms that change is in the president’s control.

Links:

Linkedin