December 6, 2022
by Hacker Valley Studio
December 6, 2022
by Hacker Valley Studio
Richard Rushing, CISO at Motorola Mobility, brings his decades of experience to the show this week to talk about leadership, communication, and perhaps most importantly of all: prioritization. After joining Motorola through a startup acquisition, Richard has been a leader in the company and a defining example of what a CISO should be doing: simplifying the complicated. Richard talks about how his role has changed over the last 10 years and what’s next for him and for cybersecurity. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.
Time Code Guide:
[00:00] Ascending into a leadership role in cybersecurity & joining the Motorola team
[06:28] Defining CSO & CISO at a time when no one understood cybersecurity
[13:01] Communicating with the C-suite about cyber: best practices & tenants
[24:37] Harnessing a proactive cybersecurity mindset with prioritization
[32:13] Extending your cybersecurity career for decades
Thank you to our sponsors Axonius and NetSPI for bringing this security podcast to life!
The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley
For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.
What was your experience of being a Chief Security Officer in the early 2000s?
Richard jokes that he became a part of the cyber industry before the industry was even called cybersecurity, but behind the joke lies the truth that cyber looked extremely different back then. However, no matter how much time passes, Richard is still used to the odd confused looks that come from saying he’s a CISO. People misunderstand the role, Richard explains, but at least more people than ever before understand the importance of cybersecurity.
“There were a lot of other things that you had to talk about, you had to evangelize a lot coming into this [industry] because a lot of the cybersecurity industry was brand new. People were moving around and trying to figure these things out and everybody struggled.”
How many times would you say you feel like you've had a new job or a new role being in the same role for over 10 years?
Being a CISO has had its ups and downs during the 10 years Richard has spent in that role at Motorola, but the changes have been welcome and interesting. Every few years, the technology landscape changes, and with those changes in tech come massive changes in company ownership, leadership, and security. However, Richard is thankful that through these changes, his core team has stayed the same, giving him a trustworthy group to learn from.
“It's always changing, but at the same time, there are some static components. When I came on to Motorola 15 years ago and established teams, most of my team, except for a very small portion of people that retired or left, are still with me today.”
What are your thoughts and best practices for proactive cybersecurity?
Although “proactive cybersecurity” has become a buzzword we’re all paying attention to, Richard warns that most companies aren’t really being proactive with cybersecurity just yet. Instead, what the industry has shifted towards is prioritization. Understanding what’s important, prioritizing those aspects of a business, and knowing what you don’t have the resources to handle can make the security work you’re doing feel more proactive.
“Why do I need to prioritize? Because you're getting more alerts than you have people to be able to handle it or technologies to be able to handle it in an automated way. So, you have to prioritize what's important.”
What would you recommend people consider to extend their cybersecurity career life as long as you have?
After nearly four decades in the industry and over ten years at Motorola, Richard has been in cybersecurity longer than most modern-day practitioners. When asked about his secrets for an extended cybersecurity career, Richard reflects back on his advice around prioritization over “proactive cybersecurity”, and emphasizes the importance of community. Cybersecurity is a collaborative field, and practitioners have to stay open to learning together to succeed.
“In the cybersecurity world, we will talk to our competitors and share what we're seeing. I think that community effort is one of the key things. You have to enjoy what you're doing, reach out and be collaborative with people. Don't be the security guy that people are scared of.”
Keep up with our guest Richard Rushing on LinkedIn and Twitter
Learn more about Motorola Mobility on LinkedIn and the Motorola website
Connect with Ron Eddings on LinkedIn and Twitter
Connect with Chris Cochran on LinkedIn and Twitter
Purchase an HVS t-shirt at our shop
Continue the conversation by joining our Discord
Check out Hacker Valley Media and Hacker Valley Studio
In this cybersecurity podcast episode, Chris Cochran and Ron Eddings discuss the concept of 'dojos' as environments for growth and learning, drawing on experiences from their own career paths in cybersecurity. The 'dojo' metaphor is applied to variou...
Join hosts Ron and Chris as they dive into the world of Attack Surface Management (ASM) in this episode recorded live at RSAC 2023. Special guest Nabil Hannan, a seasoned industry expert and Field CISO at NetSPI, shares his wealth of knowledge and ex...
In this episode, hosts Ron and Chris are joined by Paul Valente, CEO and co-founder of VISO Trust, and Bryan Wong, Sr. Security Analyst at Headspace, as they dive into the world of third-party risk in cybersecurity. With conversations ranging from th...
In this episode, Ron Eddings and Chris Cochran discuss the concept of "paying the piper" and its impact on their careers and personal lives. Paying the piper means facing the consequences of one's actions, whether they are good or bad. Chris shares h...
In this podcast episode, Jack Roehrig, Technology Evangelist at Uptycs, discusses his experience with burnout and health issues due to his job as a Chief Information Security Officer (CISO). Jack has always known health is wealth and retired to Mexic...
In this episode, we explore the often-overlooked importance of empathy in the cybersecurity field. Our guest, Tracy Maleeff, shares her personal journey from community involvement to the industry and discusses how embracing empathy can lead to more e...
Head into RSA 2023 with a purpose. This episode is all about how to reach a win-win when sealing deals, getting hired, and networking.If you want to catch up with the Hacker Valley Team during RSA be sure to jump into our discord. You can join by goi...
RSA is right around the corner and we’re so excited because it’s one of our big opportunities to meet with you, our dedicated listener. If you want to catch up with the Hacker Valley Team be sure to jump into our discord. You can join by going to hac...
Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some...
Special Thanks to our sponsor NetSPI NetSPI has a team of skilled pen-testers that can help you find those critical vulnerabilities and become your partner in creating the right remediation game plan for you. Check them out at http://netspi.com/HVM ...