Pragmatic CSO Podcast
24 episodes - English - Latest episode: almost 16 years ago - ★★★★★ - 1 ratingThe Pragmatic CSO podcast is a wide ranging discussion of information security topics, anchored by the 12-step Pragmatic CSO methodology to help security practitioners become more relevant in business operations.
Homepage Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed
Episodes
Pragmatic CSO Podcast #23 - Picking the Right Product
September 25, 2008 14:04 - 2 minutes - 3.3 MBThis week we'll focus on the 2nd half of Step 6: Buying Security Products, which get down and dirty in picking the product. We've already engaged with a long list of potential vendors (we discussed that last week) and now it's time to figure out what will work for you. Next we do a bake-off and actually test the products under real world conditions. Then we develop our short list (based on products that can meet the need), then we get to negotiate. Get out your bat because that's what you'l...
Pragmatic CSO Podcast #22 - Homework for Buying Security Products
September 17, 2008 13:18 - 2 minutes - 3.35 MBAs we jump into Step 6: Buying Security Products, it makes sense to understand what kind of homework we are going to have to do prepare for the process. Remember, it's easy to buy something, it's hard to buy the right thing at the right time for the right price. So this week we discuss the first 4 steps of the Buying Security Products process I published back in 2006. The first step is to understand the business drivers for your project, then you assemble the team, then you educate YOURSELF ...
Pragmatic CSO Podcast #21 - Grass Roots Funding
August 13, 2008 12:05 - 3 minutes - 4.4 MBIt's time to wrap up Step 5: Selling the Story. We finish the discussion by talking about how to get funding, when the budget monkeys have told you no. Basically we have to take a "grass roots funding" approach to go to the business leaders directly, make the case, and get the funding we need. It's kind of like selling cookies door to door. We have to be persistent and make the case as to why it would be a good purchase. This requires us to broaden our skills and likely move out of our comfo...
Pragmatic CSO Podcast #20 - The Sales Pitch
July 30, 2008 17:46 - 2 minutes - 2.89 MBJuly 30, 2008 - This week we talk about the sales pitch. This is the part that most security practitioners hate. Actually having to get in front of folks and ask for money. Although if you've followed the process up to now, then you should be in great shape to put together a compelling story and to deliver that message to the senior team. In this week's episode (can you believe it's #20 already?), I go into detail about how to structure the sales pitch and what you should discuss and why. We...
Pragmatic CSO Podcast #19 - Resetting Expectations
July 02, 2008 13:50 - 2 minutes - 2.78 MBThis week we continue with Step 5: Selling the Story by reiterating the need to manage expectations appropriately. As you know, this is a common theme throughout the Pragmatic CSO, but when we are selling senior management on the security program, strategy, outputs, milestones, and funding requirements - now is really the last time we'll have to truly set expectations. If you screw this up now, you will not be successful. Now is the time to stand firm with your milestones and what you can (...
Pragmatic CSO Podcast #18 - Finding the Bags of Money
June 25, 2008 15:24 - 2 minutes - 2.91 MBJune 25, 2008 - This week we start into Step 5: Selling the Story by discussing funding scenarios. This is a technique that Pragmatic CSOs use to provide some alternatives and make the scenario we want (the likely one) a bit more tangible by providing alternatives. In the show, I discuss how to develop these scenarios using your Security Architecture Matrix and then why it's important to discuss what won't get done, as part of these funding scenarios. Running time: 6:20 Intro music is Jung...
Pragmatic CSO Podcast #17 - Back to the Future
June 18, 2008 21:05 - 2 minutes - 3.21 MBFinally we come to the end of the line on building the security business plan. It was a long time coming, but again this is the most important step in effecting long lasting change in your security organization. First I talk about defining the future state, and setting priorities relative to what you must have, should have, and is nice to have. Then it's all about setting up the migration plan, which needs to be in alignment with the timelines and milestones that we discussed last week. A l...
Pragmatic CSO Podcast #16 - Time and Milestones
June 11, 2008 13:53 - 2 minutes - 3.38 MBThis week we delve into the art of setting timelines and milestones within your business plan. After we discussed the importance of setting the bar (in terms of service levels), it's the timelines that really will determine your ultimate credibility with the senior team. Once you define the key timelines, it's also important to have a process to revisit the project plans and to communicate variances. You need to expect that some of the initiatives will run off the track a bit and ensure you ...
Pragmatic CSO Podcast #15 - Setting the bar
May 28, 2008 15:27 - 2 minutes - 3.18 MBThis week we talk about service levels within the context of your security business plan. That's right, this is about setting the bar. Too high and you can't get there and you will be viewed upon as a failure in the executive wing. Too low and you may open yourself up to a breach on your watch. So we are looking for something "just right." We also need to start thinking about how to quantify some of the stuff we are doing, and now is not the time to look for innovative means of pulling secu...
Pragmatic CSO Podcast #14 - Architecture vs. Design
May 22, 2008 16:03 - 2 minutes - 3.19 MBAh the mysteries of architecture. I can remember back to my days in college at Cornell. We had a great architecture school, but those folks seemed like magicians. They weren't around too much and it seemed like they were doing cool things, we engineers just didn't understand what it was. Understanding how to build your security architecture isn't all that different. So this week, I delve into the nuances of architecture vs. design and also provide a brief description of the "Pragmatic Secur...
Pragmatic CSO Podcast #13 - Digging Deeper into the Business Plan
May 14, 2008 14:10 - 2 minutes - 3.44 MBThis week we are going to dig a bit deeper into the business plan and deal with the first two sections of the plan. Initially we need to POSITION our securirty organization. What are we doing and why is it important? Then we need to make our PRIORITIES very clear. What do we focus on first and why? The business plan is as much for them (meaning your senior executives and the like) as it is for you. So you need to start the plan off with a bunch of information about them, before you get back...
Pragmatic CSO Podcast #12 - Why do we need a business plan?
May 07, 2008 15:19 - 2 minutes - 2.78 MBThis week we get back into the Pragmatic CSO methodology, and jump into Section 2: Building Your Pragmatic Security Environment. The first step in S2 is Step 4 or Building Your Security Business Plan. Why do we need a business plan anyway? What's the point? All is revealed in podcast #12. Well OK, not all - but I lay the groundwork on why the business plan is probably the most important of the 12 steps and what goes into building it. Over the next 2 months or so, we'll be delving deeply into...
Pragmatic CSO Podcast #11 - The Fixer
April 23, 2008 13:44 - 2 minutes - 3.1 MBThis week I take another tangential journey to discuss a concept I call "The Fixer." You know, when a senior staffer is airlifted in to "fix" security. The Fixer knows how to get things done in your organization, and can certainly be viewed as a threat and as indicative of the fact that security is broken. How should you deal with the Fixer? Why is he (or she) there? Can you turn this into an advantage? Check out podcast #11 and find out... Running time: 6:40 Intro music is Jungle and I ...
Pragmatic CSO Podcast #10 - It's So Easy
April 16, 2008 14:24 - 2 minutes - 2.83 MBApril 16 2008 - Today I go on a bit of a tirade. Basically, just coming back from RSA - I'm a bit sensitive to vendor claims vs. reality. Thus, after I've been pounded by a webcast announcement from AlertLogic for the past week about "PCI Compliance made Easy." After I cleaned the puke off my desk, I needed to rant a bit. So this week's podcast is a little different. All rant, no filler. Here is the invite, so you have some context... The event is today, so you can figure out just how "eas...
Pragmatic CSO Podcast #9 - Making Deposits in the Credibility Bank
March 20, 2008 13:12 - 1 minute - 2.39 MBThis week we wrap up our stop in Step 3: Managing Expectations by talking about the long term plan. The first step of the managing expectations presentation is all about providing the context of the program and educating the senior team about why it's important. Then next step is about triage. Based on the baseline, what are the most important things that need to be tackled RIGHT NOW. Finally, we are in a position to start accepting responsibility for the long term success of the security pro...
Pragmatic CSO Podcast #8: Triage (or saving the patient)
March 12, 2008 14:20 - 2 minutes - 3.06 MBThis week we continue our journey through Step 3: Managing Expectations and talk about how to present the "bad news," as part of your efforts to ensure the senior team knows what you are up to and why. The triage part of the discussion is also pretty important because it will indicate whether you have a snowball's chance in hell of actually making progress on the program. If you can't get agreement on the 2 or 3 things you think are most important to do TODAY - then it doesn't bode well for t...
Pragmatic CSO Podcast #7 - Educating the Team
March 06, 2008 13:19 - 1 minute - 2.69 MBThis week we dive into Step 3: Managing Expectations and investigate why one of the most important things a security professional can do is to give the senior team the PERCEPTION that you're in CONTROL of the situation. Reality means little, perception means everything. A couple of the topics covered include: - Why managing expectations around security is hard - How to provide context about what a security program is about - The 3 most important ideas to convincing someone you have your act...
Pragmatic CSO Podcast #6 - Assessing the Skill Gap
February 27, 2008 14:13 - 2 minutes - 3.14 MBThis week we wrap up on Step 2: Taking the Baseline by being candid with ourselves and really understanding if we have a skills gap. This is one of the most brutal parts of being a manager, but it needs to be done. I refer to a few books from the Gallup Organization, so you can understand what may be a different way of thinking about management. First, Break All the Rules and Now, Discover Your Strengths. I don't have to manage much of anything nowadays, but these resources and philosophy w...
Pragmatic CSO Podcast #5 - Dig (into) the Baseline
February 13, 2008 15:03 - 1 minute - 2.68 MBThis week, we continue our journey through Step 2: Baseline Your Environment. Here are a couple of the topics covered: Finding the holes in your perimeter Looking at your applications (the most IMPORTANT one's anyway) The softer side of security: User perception and user awareness Also make sure to listen for Dr. No. He makes a special guest appearance in today's show. Time: 5:43 Intro music is Jungle and I sign off with Ozzy's No More Tears. Yes, one of the classic bass lines in rock...
Pragmatic CSO Podcast #4 - Wherefore art thou policies?
February 08, 2008 13:21 - 2 minutes - 3.04 MBFebruary 8, 2008: This week's show starts to delve into Step 2: Establishing the Baseline. Why you need to do this, what you are trying to achieve, and a little bit on policies (such as a monitoring policy and a communications plan). Intro music is once again "Welcome to the Jungle" and I send you on your way with Aerosmith's "Get a Grip," since that is what taking the baseline is all about.
P-CSO Podcast now on iTunes
January 29, 2008 12:22Now you can take the P-CSO on your iPod with you. This is great news, so now I can haunt you in your car, on an airplane, or even when you are running. Although since all of the podcasts are 6-7 minutes, it wouldn't be much of a run I guess. To get the podcast, click this link and then it should direct you to iTunes to subscribe to the podcast. Screenshot of what you should see is below.
Pragmatic CSO Podcast 3 - Getting Facetime
January 23, 2008 16:24 - 2 minutes - 3.13 MBIn this week's show I talk about getting facetime without feeling like you are banging your head against the wall. Basically a key part of Step #1 and in a broader perspective, your success as a CSO is about building relationships with the senior team and understand what is important to them. How do you do this, when they are pretty busy and don't really want to spend any time with you? I map out a 3 step process (and hopefully you only need two steps) to get on their calendar and also talk...
Pragmatic CSO Podcast #2 - Whack a Mole
January 16, 2008 15:20 - 2 minutes - 2.86 MBJanuary 16, 2008 - Today's show talks about Whack a Mole and why it's an appropriate metaphor for information security nowadays. Image source: http://www.creativepro.com/ printerfriendly/story/20990.html
Pragmatic CSO Podcast #1
January 11, 2008 16:02 - 3 minutes - 4.28 MBJanuary 11, 2008 - Welcome to the Inaugural Pragmatic CSO Podcast. In today's show, I talk a bit about: Why I am doing a podcast (and what to expect) The 12-step Pragmatic CSO methodology Why it's tough to be a security professional nowadays A message of hope Check it out and since this is the first edition, let me know what you think. I'm definitely open to comments relative to how to make the show better.