January 3, 2023

Building Leadership Strategy Beyond Tech with Brian Haugli

by Hacker Valley Studio

January 3, 2023

Building Leadership Strategy Beyond Tech with Brian Haugli

by Hacker Valley Studio

Show Notes

Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of leadership mistakes and has learned about the purposeful approach that security needs along the way. In this episode, Brian revises the mantra of “people, process, and technology,” to include the first and most important element in your security success: purposeful strategy. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.

Timecoded Guide:

[02:01] People, process, and technology in your leadership strategy

[05:12] Tenants of a strong security strategy

[13:11] Setting up new fractional CISOs for success

[18:29] Creating SideChannel & walking the line between CISO vs consultant

[27:44] Thriving professionally by thriving personally

 

Sponsor Links:

Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

 

What has been your philosophy throughout the years when it comes to leadership versus technology? 

The security adage of “people, process, technology” isn’t one combined concept. That is, in Brian’s opinion, why so many leaders make the mistake of prioritizing technology as a central part of their strategy. Strategy is not what technology you use, and you can’t buy your way out of every security conflict with a shiny new product. Ask yourself what problem you’re supposed to solve, not which tech is going to solve your problems. 

“Strategy is not technology, it's figuring out what you want to look like when you grow up, in a sense. Everyone jumps to the shiny object. What can I buy to go solve this problem? You never stop and question: Was that the first problem I was supposed to solve?”

 

What are the tenants of making sure that you've done the work of creating a strong security strategy?

The North Star of your security strategy should be the identity and purpose of your business, according to Brian. If you don’t have a current assessment of your current capabilities, assets, resources, and objectives, you aren’t positioning yourself for success. Strategy comes from a knowledge and understanding of where you are now, and where you need to be. When your company “grows up,” what do you want security to look like for you? Understanding that guides you towards your target state without wasting your time on the wrong problems or objectives. 

“I think a lot of people throw strategy around as a grander concept and don't actually think about the elements that need to go into building one. You need to align to a definition that supports your business and outcomes, and that's what is strategic. The idea is not strategic.”

 

Let's say I'm a brand new fractional CISO and I have my first client. What are the top three questions I'm going to ask of this organization to set me on the right path?

When dealing with a new client, fractional CISOs have to understand why they’re involved with this client in the first place. Why are you here? Who brought you here? And, most importantly, what is the reason security is being addressed now? A fractional CISO can’t defend what they don’t know exists, and they can’t meet a deadline without first understanding what this company’s unique security environment needs are. 

“You don't jump into, ‘Okay, well, what's the budget?’ No, I like to understand what I have to actually defend and build to, how fast I have to actually make that happen, that then informs and sets up the much better discussion around, realistically, what you should be considering.”

 

What advice do you have for our audience that is interested in becoming a CISO?

Although Brian jokes that he would advise anyone against taking on a CISO role due to the workload, he understands and loves the grind of cybersecurity leadership. To not only survive but thrive as a CISO, Brian believes a practitioner has to keep their love for problem-solving and protecting organizations at the forefront. Still, as passionate as someone might be, Brian also advises knowing when to unplug and unwind to avoid burning out fast in such a strenuous role. 

“Look, just take care of yourself. I think exercising is huge. Eat right, sleep right. You've got to take care of your mental health, take care of physical health, you've got to take care of your spiritual health. You've got to do all that, or you're never going to be good professionally.”

---------------

Links:

Keep up with our guest Brian Haugli on LinkedIn and Twitter

Learn more about SideChannel on LinkedIn and the SideChannel website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase an HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Read more

Listen Now

test
Building Leadership Strategy Beyond Tech with Brian Haugli

January 3, 2023 Hacker Valley Studio

00:00:00

Recent Episodes

May 23, 2023
by Hacker Valley Studio

Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and ex...

May 16, 2023
by Hacker Valley Studio

In this episode, hosts Ron and Chris are joined by Paul Valente, CEO and co-founder of VISO Trust, and Bryan Wong, Sr. Security Analyst at Headspace, as they dive into the world of third-party risk in cybersecurity. With conversations ranging from th...

May 9, 2023
by Hacker Valley Studio

In this episode, Ron Eddings and Chris Cochran discuss the concept of "paying the piper" and its impact on their careers and personal lives. Paying the piper means facing the consequences of one's actions, whether they are good or bad. Chris shares h...

May 2, 2023
by Hacker Valley Studio

In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexic...

April 25, 2023
by Hacker Valley Studio

In this episode, we explore the often-overlooked importance of empathy in the cybersecurity field. Our guest, Tracy Maleeff, shares her personal journey from community involvement to the industry and discusses how embracing empathy can lead to more e...

April 18, 2023
by Hacker Valley Studio

Head into RSA 2023 with a purpose. This episode is all about how to reach a win-win when sealing deals, getting hired, and networking.If you want to catch up with the Hacker Valley Team during RSA be sure to jump into our discord. You can join by goi...

April 11, 2023
by Hacker Valley Studio

RSA is right around the corner and we’re so excited because it’s one of our big opportunities to meet with you, our dedicated listener. If you want to catch up with the Hacker Valley Team be sure to jump into our discord. You can join by going to hac...

April 4, 2023
by Hacker Valley Studio

Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some...

March 28, 2023
by Hacker Valley Studio

Special Thanks to our sponsor NetSPI NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at http://netspi.com/HVM ...

March 21, 2023
by Hacker Valley Studio

In this episode of the podcast, Ron Eddings and Chris Cochran share insights and tips on how to navigate a career in cybersecurity. They discuss the importance of having the right mindset, finding the right career path, building a network, and ...