Видео

Great discussion!

Interesting, thank you!

👩‍💻👩‍💻👍👍

What a blast! Thanks for having us on.

That's my pops. He was good people. Thank you for this.

Another awesome conversation, filled with valuable nuggets.

Not the Nick Mullen i was looking for

Promo*SM 💥

Only lies from these media and their investigative clowns had already taken those who carry out massacres throughout the world with arms trafficking, that is their reality.

Bolony

Cyber is in such a weird place. Companies know they need it to cover areas they lack, yet most want to cut corners and use IT folks to fill in that gap. The push/pull relationship means plenty of opportunity to those pursuing it.

Promo-SM

Precise information

Thanks Greg! Crazy everything that’s going on with MOVEit. More and more victims every day it seems. Have a great weekend.

Good info 👍

I appreciate your mission and thanks for the video.

Thank you for this valuable information. I subscribed and loking forward to more video uploads.

You too, please have a Good Friday.

Have a good weekend. Be Safe.

Thanks for sharing this video

I kinda knew that I didn't want to build the next Fortune 500 company, but being 1099 with a couple different firms sounds good to me - It's nice to have some clarity. Thank You.

Another great show Greg! It's always good to see you again, even if it is virtually. We'll have to get together some time and catch up.

Derek Morris is a rock star!

Highly appreciated this episode, especially as we close out 2022 and I'm trying to decide if I want to make the leap to full-time independent vCISO. God always has perfect timing. I appreciated the comments regarding SMBs thinking Cybersecurity is an on/off thing and will we have to get everything right 100% from the start. It's more of an attenuation process it seems to me. I also liked the comment to do things methodically and to be 'directionally correct' ($5 check in the mail) 😁. Happy New Year!

Great advice, especially having an LLC even if you're a solo-entrepreneur. For an all-cloud based business integrated platform look at FreshBooks (accounting), Trello (track your time into FreshBooks), Zoom (track your online meetings right into FreshBooks) and Calendly to let people schedule time from your website.

Thank you Greg. I have been running our vCISO practice for a bit over a year now and you are one of the thought leaders that I look up too. I hope we get a chance to chat soon. Another episode could be on building your processes and tools set to streamline those processes. I know I put a lot of effort on that. I've also put a lot of efforts on building our service catalog and also strategic partnerships. And last but not least, now I am focused on delegation. What can I delegate and who do I bring in for that?

Very valuable information 👌 Greg. So often I see where companies give their config files to MSPs to reproduce in their environments not and not taking all the possible liabilities into consideration 🤔

Appreciated this video very much Greg! You mentioned that the vCISO business would preferably be seperate from an MSP/MSSP. Would you say the same regarding compliance Auditing, that the vCISO could help prepare the organization for audit but not actually do any Audit?

An exceedingly excellent and useful information packed episode! Well done! I will share with those I know have to work with the CMMC so that the 'light' will turn on for them too.

【p】【r】【o】【m】【o】【s】【m】

Great discussion guys! Enjoyed listening!

The Lord has indeed blessed your path!

Thanks for sharing this, I am on a similar path.

What? You didn't mention me? 🙂

My talented husband!

Great job! Enjoyed it.

I agree with your commentary. Metrics is one facet of justifying an existence for sales people and security people alike. I believe this is a cultural creation by the organization and their past experiences, but to what end? You struck a nerve with me and while I was nodding my head in agreement I also noted a few things which may be relevant. "Risk Metrics" have always reminded me of a magic show. Working with scientists early in my career made me look hard a the mechanisms of statistical analysis. The result of having my numbers torn apart made me ask a different type of question. How many board of directors make security risk decisions? Or will a larger organization push those decisions to business units or committees for a majority of Information Security related decisions? How does a company accurately quantify risk decisions based on a formula which uses "likelihood" in the equation. Watch any "Mission Impossible" movie to understand that "likelihood", for Tom Cruise, translates into "Yes" when equipped with enough knowledge, time, and proper motivation. An example of art imitating nation states..... Stats can be as variable as the choice of metrics used to dump these guesstimations into. The value of metrics that a board has been told they must pursue currently resembles a sales person's justification for getting a paycheck, so I do agree with the commentary about the CISO's struggle to demonstrate value in monetary or even numeric terms. My question is the same as yours, Are we selling risk to the board or do they really want to understand the value of what is represented by a green, yellow or red status bar when they spend $xxx on security every year. The word "value" to a board of directors carries different implications and security metrics can make it even more confusing. This value can be demonstrated in the ways you mentioned, but the other facet to this is demonstrating how the security model created by the CISO is driving the business mission. How the metrics align with the Security policies, the tool investments, more importantly is how those align with the risk decisions being made by the business units. Businesses have detailed security objectives, so how do they align with the corporate business objectives? End to end traceability from the board of directors to the metrics, but also justification from the metrics to the organizations mission statement (These are not my words, this is SABSA kool-aid for Security Architects). Consider the alternative you mentioned, Statistics are, by nature, easily manipulated, likelihood is often a best guess which can be designed to illicit comfort, fear, or a conversation about the need for more resources; however, being able to demonstrate how security translates from a corporate mission into security driven policies, then how those same policies are aligned to security investments tells a broader story about the CISO's state of security. It can demonstrate to a board of directors how security gaps between business objectives and security tools can be identified, how duplicate tools across different business units will be identified, even within a single Security department. It may even help the CISO determine what form and function of metrics would be required by the board given the specific mission of the organization. Then having the knowledge of what a dollar amount truly represents from end to end would give both the board and the CISO the ability to re-frame what metrics are important to those conversations. This is an important conversation and one which will evolve the role of the CISO in the future. I appreciate your time in providing a voice in this space. PEACE!