May 12, 2021

Becoming a CISO w/ Accidental CISO

by Cyber Ranch

Listen Now

Becoming a CISO w/ Accidental CISO

May 12, 2021 Cyber Ranch

00:00:00

Show Notes

With us today, is a very special guest, Accidental CISO, of Twitter fame. His anonymity on Twitter, allows him to be a little more “truthy” about the CISO game than a lot of us can afford to be on social media. We have distorted his voice a bit to protect that anonymity. “Accidental” shares how he got into cyber, and that is a culmination of being in a career where he had to fill “all” the hats. He stepped away from his CISO role a few years ago and is now in consulting where he has the opportunity to help other people realize they need to build security programs when they have never done it or know how. How did he become the “Accidental CISO”? Simply by trying to help during the course of going through an audit. They had to identify who was the CISO, and he made the mistake of asking who the security officer was for the company. The answer was, “That’s you.” Accidental CISO doesn’t think becoming a CISO accidentally is all that uncommon. When going through audits, etc., someone has to be named, someone ends up drawing the short straw. The role is different than what people think. You can draw on your technical background, but you have to be able to focus on the “why” for the business and all the nuts and bolts that come with it. One must understand this is not a technical role. Allan shares his pivotal moment in becoming a CISO and realized all he had to do was recognize the business as the system he was hacking. When Allan asked Accidental CISO about guidance for building a team and getting started, Accidental had one word, “Pray.” In reality, you need to know the skills you need. Allan and Accidental CISO discuss “selling the functions”. It is tied to the business objectives in so many ways, and companies need a human to seal the endpoints. As they close this discussion loop, Accidental shares how to get the practice off the ground and the importance of relationships. Sometimes, believe it or not, not having all the knowledge and knowing all the details is a benefit. In addition, being the first CISO for a company is all about educating, communicating and painting a picture. And of course, Accidental CISO answers Allan’s final question, “Why are you motivated to get out of bed and do more of it?” Key Takeaways 0:30 Introduction of Accidental CISO of Twitter fame 1:37 How Accidental CISO got into cyber 2:14 Accidental CISO talks about his day job 3:33 The background of Accidental CISO 4:49 The security tool Accidental CISO embraces 5:20 Accidental CISO is not an uncommon “thing” 6:37 Advice to becoming a CISO 9:28 Allan shares a pivotal moment 10:15 Guidance on building and getting a team started 13:58 Selling the functions 16:55 Getting the practice off the ground 20:13 Importance of relationships and letting go 22:24 Being “their” first CISO 26:47 Building a security council 27:49 Why Accidental CISO is motivated to get out of bed each day and do more of it Links: Learn more about Accidental CISO on Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius
Read more

Recent Episodes

November 29, 2023
by Cyber Ranch

Allan takes the show on the road again, this time at his all-time favorite conference: CISO XC! He asks a unique question of each guest, who represent a great deal of breadth in our industry: Dave Belanger, CISO at Bestow Insurance - What is the most...

November 22, 2023
by Cyber Ranch

Howdy, y'all!  Allan is taking this week off to spend time with family and to give thanks for all the wonderful things in his life - including y'all! For those who don't track it, there is no Cyber Ranch Podcast four times  a year: American Thanksgiv...

November 15, 2023
by Cyber Ranch

Warning, there might be some naughty language in this one! The challenge was issued!!!! Allan teamed up with TWO other podcasts to take on the insufferable marketing that floods the cybersecurity industry in the month of October! Who won??? "Won"? Th...

November 8, 2023
by Cyber Ranch

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest today is Evan Wolff, partner at Crowell & Moring, and Allan's favorite cyber attorney.  Evan has led and managed 100s of investigations including cybersecurity, data breach, insider...

November 1, 2023
by Cyber Ranch

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Tim Rohrbaugh, Founder/Principal at DefaultDenySec, former CISO for JetBlue Airways, advisor, investor: yup!  Another Cyber Ranch guest with an awesome history!  Tim and Allan were chattin...

October 25, 2023
by Cyber Ranch

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  We're joined today by Jacqueline (AKA “Jack”) Powell, CISO at Allianz Life and former Deputy CISO at Hanes.  She has also consulted, and has worked at Chevron, General Dynamics, and SACI.  Jack h...

October 18, 2023
by Cyber Ranch

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Kymberlee Price, strategic security consultant, Black Hat content review board member, former Sr. Director of Product Security at New Relic, former Principal Security Manager at Microsoft ...

October 11, 2023
by Cyber Ranch

Chris Tillett is a well-known figure in our industry.  He is in product management and R&D at Palo Alto Networks.  He is also a great guy, funny, and can wield the snark quite well.  He is the perfect foil for Allan Alford as the two of them take...

September 27, 2023
by Cyber Ranch

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Joining Allan this week is Ron Nissim, CEO @ Entitle.  Yes, this is one of our rare shows with a vendor as a guest.  Why?  Because in this case, the vendor was more highly informed than any of Al...

September 20, 2023
by Cyber Ranch

Allan is joined by AJ Grotto: William J. Perry International Security Fellow and Founding Director of the Program on Geopolitics, Technology and Governance at Stanford University.  He also serves as the faculty lead for the cyber policy specializatio...