In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details.

In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-368

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?

Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?

In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-367

The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.

Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:

• Blocking Untrusted Software,
• Ringfencing™ Applications, and
• Dynamically Controlling Network Traffic

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-366

In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!

AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.

Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.

Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-365

Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:

• the use of Watsonx to generate their new KnightVision report
• how to use graphical node networks to model cybersecurity data
• the future of AI models to prioritize recommendations from all the data

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-364

Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start?

Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to:

• fundamentally shift you mindset and approach to acheiving operational excellence in cybersecurity
• prioritize IT and building security into everything you do
• prioritize proactive investment over funding emergencies
• leverage external expertise for success

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-363

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022.

Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!

View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast

Show Notes: https://securityweekly.com/vault-bsw-13

How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.

This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.

On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-362