Show Notes
Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of leadership mistakes and has learned about the purposeful approach that security needs along the way. In this episode, Brian revises the mantra of “people, process, and technology,” to include the first and most important element in your security success: purposeful strategy. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Timecoded Guide:
[02:01] People, process, and technology in your leadership strategy
[05:12] Tenants of a strong security strategy
[13:11] Setting up new fractional CISOs for success
[18:29] Creating SideChannel & walking the line between CISO vs consultant
[27:44] Thriving professionally by thriving personally
Sponsor Links:
Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
What has been your philosophy throughout the years when it comes to leadership versus technology?
The security adage of “people, process, technology” isn’t one combined concept. That is, in Brian’s opinion, why so many leaders make the mistake of prioritizing technology as a central part of their strategy. Strategy is not what technology you use, and you can’t buy your way out of every security conflict with a shiny new product. Ask yourself what problem you’re supposed to solve, not which tech is going to solve your problems.
“Strategy is not technology, it's figuring out what you want to look like when you grow up, in a sense. Everyone jumps to the shiny object. What can I buy to go solve this problem? You never stop and question: Was that the first problem I was supposed to solve?”
What are the tenants of making sure that you've done the work of creating a strong security strategy?
The North Star of your security strategy should be the identity and purpose of your business, according to Brian. If you don’t have a current assessment of your current capabilities, assets, resources, and objectives, you aren’t positioning yourself for success. Strategy comes from a knowledge and understanding of where you are now, and where you need to be. When your company “grows up,” what do you want security to look like for you? Understanding that guides you towards your target state without wasting your time on the wrong problems or objectives.
“I think a lot of people throw strategy around as a grander concept and don't actually think about the elements that need to go into building one. You need to align to a definition that supports your business and outcomes, and that's what is strategic. The idea is not strategic.”
Let's say I'm a brand new fractional CISO and I have my first client. What are the top three questions I'm going to ask of this organization to set me on the right path?
When dealing with a new client, fractional CISOs have to understand why they’re involved with this client in the first place. Why are you here? Who brought you here? And, most importantly, what is the reason security is being addressed now? A fractional CISO can’t defend what they don’t know exists, and they can’t meet a deadline without first understanding what this company’s unique security environment needs are.
“You don't jump into, ‘Okay, well, what's the budget?’ No, I like to understand what I have to actually defend and build to, how fast I have to actually make that happen, that then informs and sets up the much better discussion around, realistically, what you should be considering.”
What advice do you have for our audience that is interested in becoming a CISO?
Although Brian jokes that he would advise anyone against taking on a CISO role due to the workload, he understands and loves the grind of cybersecurity leadership. To not only survive but thrive as a CISO, Brian believes a practitioner has to keep their love for problem-solving and protecting organizations at the forefront. Still, as passionate as someone might be, Brian also advises knowing when to unplug and unwind to avoid burning out fast in such a strenuous role.
“Look, just take care of yourself. I think exercising is huge. Eat right, sleep right. You've got to take care of your mental health, take care of physical health, you've got to take care of your spiritual health. You've got to do all that, or you're never going to be good professionally.”
---------------
Links:
Keep up with our guest Brian Haugli on LinkedIn and Twitter
Learn more about SideChannel on LinkedIn and the SideChannel website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase an HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
Recent Episodes
From Shadow IT to Full Asset Visibility with Wes Wright
Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take ...
Building Opportunities for Women and Minorities in Cybersecurity ...
How do you create waves of change in an industry? Connie Matthews, Founder and CEO of ReynCon, speaks with Ron about the power of resilience, mentorship, and taking that first bold step in ...
Rethinking Cybersecurity Hiring with Naomi Buckwalter
Is cybersecurity gatekeeping holding back the industry? Naomi Buckwalter, Senior Director of Product Security at Contrast Security and Founder of the Cybersecurity Gatebreakers Foundation, ...
AI, Deepfakes, and Human Risk in Cybersecurity with Perry Carpenter
In a world filled with AI-generated deceptions, how do we discern what’s real? Ron sits down with Perry Carpenter, author of FAIK: A Practical Guide to Living in a World of Deepfakes, ...
How to Become a True Security Leader with Nathan Case
How does one become a true security leader? According to Nathan Case, it’s not about titles—it’s about impact. In this episode, Nathan Case, VP of Cloud Security at Clarity, shares his journey ...
AI and the Future of Cyber Defense with John Hubbard
How can AI shape the future of cybersecurity defense? In this episode, we dive into SOC operations, AI integration, and the latest in threat detection with John Hubbard, Cyber Defense Curriculum ...
How Adversaries Are Living Off The Dark Web with Jason Haddix
Have you ever lost something important, only to find out someone moved it without telling you? The same thing happens with our personal and business data. But what if you could see what the ...
AT&T Dynamic Defense: Security Before It Reaches Your Company's ...
In this episode, Ron Eddings and Jen Langdon speak with Senthil Ramakrishnan, Assistant Vice President of Cybersecurity Product at AT&T Business. Senthil shares information about how a new ...
Soft Skills in Technical Sales to Connect and Sell More with ...
Technical skills open doors, but are soft skills sealing the deal? In this episode, Evgeniy Kharam reveals how communication and connection lead to success in technical sales. From ...
Recon Like An Adversary: Uncovering Modern Techniques in Attack ...
Ever wondered how the best defenders become unstoppable? They think like the attackers. In this episode with Jason Haddix, we reveal the strategies hackers don’t want you to know about and show ...
WORK WITH US
PODCASTS + SPEAKING + EVENTS
Are you the best kept secret in cybersecurity? Let's change that by partnering together for podcast ads, social campaigns, and your next event or keynote. Send us your details to get started.
Thank you!
We will be in touch soon.