In this episode Allan interviews his friend Sameer Sait, former CISO at Amazon, Forcepoint and Arrow Electronics, who joins Allan for a discussion about WHY we measure risk.
It is about more than just asking for money. (And who are you actually asking money from? Hint: It is not the Board).
How does risk measurement change in the beginning of the CISO’s journey vs. later when the program is more mature?
What is the goal of good risk metrics? What is the role of cyber insurance in all this? What about business traction and cooperation with other department’s goals and objectives?
And finally, how does measuring risk affect disposition or risk?
Key Takeaways:
01:20 Sammer's bio
02:30 Asking for money - it's not from the Board
05:58 Measuring risk: inside-out vs. outside-in
11:20 Approaching management with an objective, not a story
12:38 Working with your team, as a team
14:12 The effects of measuring risk
18:36Analyzing the priorities and their consequences
24:36 Good governance vs. good management
26:22 Transference, remediation, and acceptance
30:57 What surprise Sameer in cybersecurity?
Links:
Learn more about Sameer on LinkedIn
Follow Allan Alford on LinkedIn and Twitter
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Sponsored by our good friends at Uptycs