CISO Stressed Episode 5: Nick Andersen CISO for Public Sector at Lumen Technologies and Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council.

On this episode of CISO STRESSED, Elizabeth Wharton SCYTHE Chief of Staff is joined by Nick Andersen, CISO for Public Sector at Lumen Technologies and Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council. Wharton and Andersen discuss the unpacking of Biden’s latest Executive Order with the Atlantic Council, and the importance of collaboration and sharing within the CISO role.    

Show Notes:  

 Andersen shares his experience unpacking the most recent thirty-page executive order from the Biden Administration. 

Andersen unpacked the executive order with the Atlantic Council people encapsulating the S Bomb initiatives that NTIA has been working on for a couple of years, to EDR Requirements, instant response playbooks, and cloud requirements there is a lot to unpack.   

(4:28 – 7:17) Andersen shares that any time he has reached out to anyone as a CISO with questions or interest in something he read, he has never been turned away for help and he enjoys the collaborative nature of the community.   

(5:31 – 6:58) Talking about the community of collaboration on the private sector side continuing as well as it did on the government side)  

(12:52 – 14:17) Lumen sees a tremendous amount of traffic: ingesting about 190 billion net flow sessions and 771 million DNS queries per day. This creates a great opportunity for Lumen to pair up with other organizations and discuss what we are seeing, what is normal/abnormal, what we see in an adjacent sector, and within our customer segments. There are many opportunities for collaboration and taking advantage of the insights from a company like Lumen that sees so much traffic. Collaboration helps each party deepen their understanding of what is happening within a threat environment.   

From the CISO perspective A huge difficulty is it to remind people of all the competing and compliance issues. There is a tremendous amount of intertwined nature between federal and state entities and opportunity there as well. States stand up and say they are going to model some of our compliance and procedures and policies based off the way the federal government has taken their approach. It is difficult to ask these tiny little county and city governments to meet these requirements when, in some cases, they are made up of just two people responsible for all that. It’s important for them to be able to leverage the knowledge base at the federal level, and then piggyback.   

Subscribe to SCYTHE’s YouTube Channel and watch the latest CISO Stressed episode as well as Threat Thursday and other video releases. Questions or conversation ideas? Drop us an e-mail at [email protected] with “CISO Stressed” in the subject line.