SHOW UP LIKE A CISO

Video Statistics and Information

Video
Captions Word Cloud
Reddit Comments
Captions
how do I get ready to become a siso if I don't yet have the experience so I know I want to be a chief information security officer I know I need to get some experience in cyber some experience in business but I'm only year out of school or is just out of college and I'm still in college what are the things that I can start doing to get ready to become a sisa and it's real easy show up like one welcome to life of aiso I'm Dr Eric Cole your host and we'll be taking you on a journey each week on what it takes to be a siso and what are solutions that you can Implement today if you are currently a chief information security officer or if you want to be one in the future this is life of [Music] aiso welcome welcome welcome welcome you know what time it is it's time woohoo you know you know you know it's time for life of aiso with yours truly Dr E is in the house woo let's let's put those hands in the air here we go here we go for another amazing episode of Life of aiso what I want to talk about on this episode is probably one of the number one questions I get from individuals number one question I get on social media number one question when I run into Folks at events and it's Eric how do I get ready to become a siso if I don't yet have the experience so I know I want to be a chief information security officer I know I need to get some experience in cyber some experience in business but I'm only year out of school or is just out of college and I'm still in college what are the things that I can start doing to get ready to become a sisa and it's real easy show up like one start acting like one and if you do people will eventually treat you like one right every one of us who works in cyber security know of social engineering right probably one of the biggest tricks where you're basically trying to trick or pretend to be somebody you're not so you can get access to things you shouldn't have access to and who is probably by far by far one of the best social Engineers of all times if we really sort of go back and look and read and study who would probably be the top five maybe the number one slot of social engineering I would argue Frank abil not familiar with Frank Frank you probably are you just don't know the name Catch Me If You Can it was a great book that he wrote and then there was a movie with Leonardo DiCaprio you haven't seen it great movie and this is sort of family-friendly movie right even if your significant other is not into cyber it's a great movie Leonardo decaprio how could you go wrong right uh Catch Me If You Can essentially it's about the life of Frank nail who essentially for all intensive purposes was the ultimate social engineer and you know how he did it he played the role so he flew on more flights than most other Pilots did because what he realized is if you show up in a pilot's uniform this was back I believe in the in the 70s if you show up in a pilot uniform and you act like a pilot and you are going to another city they'll let you fly in the jump seat because it Airlines does that as a professional courtesy so if a pilot say from United showed up at PanAm being like hey I I have a flight out of Dallas I have to get there they'll courtesy let you go on the jump seat so what did he do he went and got a pilot's uniform and he showed up and acted like like a pilot and he was able to get on more flights and fly on jump seats for free because they thought he was a pilot he acted like a pilot and people believed it and he did the same thing in being a doctor he acted like he was a doctor and people treated him like he was a doctor he didn't go to medical school but he watched TV shows he mimicked what doctors said how doctors acted how doctors behaved bced on TV shows and he showed up and acted like a doctor and guess what happened they treated him like one little scary but true so watch the movie but the point of it is if you want to be somebody if you want to be a certain role if you want to be a chief information security officer start acting like one so how does Chief Information officers work do they get to work a little early yes one of the things I always did key to my promotion is even when I was a junior engineer even when I was very very low ranked I would always try to make it a rule of being the first one and the last one out so when people came in the office Eric was there working and when people left at the end of the day Eric was there working why because that's typically what Executives do that's Ty typically what worldclass people do they do what other people are not willing to do and that was one of the reasons why I was so respected by my students and one of the top instructors because when I taught for many many years cyber security classes that's how I ran my classroom I wanted to be the first person in the classroom so even though class started at 9:00 I was there typically at 7:50 8:00 cuz most students started coming at 8:15 and I would just work from the classroom but I was there to greet them get to know them and get to understand what their challenges and problems were and at the end I didn't leave until all the students left so even if somebody was trying to finish up some task or do emails I would just go over check in see how they were doing and make sure that I did not leave if they were still in the classroom just in case they needed assistance and it was funny because a lot of the other instructors would come up to me and be like but Eric we're only being paid for 9 to5 so why would you show up early and they would show up at 8:57 and at 5:05 they were done didn't matter who was there who was not there right they were only showing up for what they got paid for and the reality is and that's how they showed up and that's how they were treated so if you want to be treated like an executive if you want to be treated like world class then show up like one another interesting experiment they did this at a company and you might have seen this where they sort of played off of it in the TV show Undercover Boss where they basically take the CEO of the company but they dress him up differently and people don't realize he is the CEO so they've done this where they've taken CEO and they've had him wear like shorts older t-shirt uh didn't really sort of Comb their hair a little messy and would show up to the office and what they were realizing is people weren't holding the door open for him or her they weren't really paying attention to him they were just sort of acting like any other person you take that same person and you have him go full Armani and all of a sudden people were opening doors people were showing respect people were treating them and acting differently just because they looked and acted differently and they've done this in many different occasions now I'm not saying need to go full Armani what I am saying is if you are a security engineer and you want to become a chief information security officer why don't you show up a little differently why don't you dress a little differently even though you can get away with wearing shorts and your ACDC T-shirt nothing wrong with that what if you actually got some button-downs what if you put a jacket on what if you started uh showing up to meetings or Zoom calls dressed a little differently people going to start to notice people might make some comments people might nickname you right oh the exec is in the house that's pretty cool if you're a security Ed engineer and all the other Engineers are wearing t-shirts and you're wearing a button down in a jacket and you start being nicknamed the exec isn't that pretty cool so it's these little things that make the difference one of the things I always train my team on and I'm known across my clients is Details Matter Details Matter you want to make sure that you're paying attention to the little Minor Details when we have meetings with our clients and they come to our office myself and my team we pay attention to what type of coffee they drink so if if they've come to our office before and when they come we usually do a Starbucks run and we know they like a caret lat mochachino I don't know if that's true with a Double Espresso shop the next time they come to the office guess what we have that waiting for them if I'm with a client and they mention something like oh next week's my anniversary or next week's my birthday I actually texted immediately to my assistant and we put it on the calendar so guess what next year they're getting a text or a birthday card from us and they're like how in the world did you know it was our birthday I'm like well you mentioned it to me once and I paid attention and I wrote it down Details Matter my friends Details Matter so if you want to be a siso down the road start showing up like one today next why wait until you need the experience when you could start getting the experience today so I always have folks with four or five years of experience they like Eric I want to become a siso but I really have no experience in business I haven't really briefed the board I don't really read the books I don't really understand the language and they're like well what should I do and in my mind I'm thinking well you should have asked this question of me four years ago right you should have started doing it for you now you can start now and in two years you'll be ready but the reality is this why not as soon as you get out of college your first year why don't you start reading those business books that first year and then reread them second and third if you've never listened to my podcast before some of the best business books I like is zeros and ones that's a great book uh this teaches you about some of the fundamentals of business entrepreneur principles by Ray doio is another great one uh inventor dilemma right if you just go in and search on Amazon or drop a link and we'll send you some those classic business books just start reading them read the same book over and over again start learning it start volunteering first year go in and say hey I was wondering if I could start doing a security a monthly security awareness for the company because I'm noticed that fishing attacks are increasing more things are happening more things are occurring and I was wondering if I could just do that and volunteer or hey there's this new fishing attack or when ransomware came out or when the colonial pipeline hit put together a short presentation and say Hey listen I know it's all over the news Colonial pipeline I put together a quick 10-minute presentation on what caused it why it happened and what we need to do as an organization to make sure that doesn't happen to us any chance I could brief the executives on that at the next meeting and just start volunteering just start thinking about what are the things that you want to put on your CV to be a siso and start getting that experience today one of the exercises I love doing with college students is we brainstorm we're like let's build the ultimate siso so I'll sit there sometimes when I guest lecture in these cyber security classes cuz a lot of them especially in top colleges and Business Schools really want to become a chief information security officer but you need experience you can't typically get that as an entry-level job so they're always saying what can we do so do this start researching some of the top cisos that are out there their CVS are public most people's CVS today are public their background their experience their knowledge is all public information so start researching all of these system and if you don't know any he just put top SOS or siso for pick a company siso for City Bank siso for Exon Mobile siso for uh the CIA and you'll start seeing commonalities in experience you'll start seeing commonalities in what they do and how they act and how they behave and start building a CV of the ultimate siso what if you were creating the ultimate siso what would their experience look like what kind of degrees or certifications would they have what kind of experience would they have would they have briefed the board would they have put together uh Financial plans would they have gone in and done strategic planning to help grow the business and start writing all these things down then start creating a list of how can you get those skills oh well this skill it's going to require that I read 10 books great put together a three-year plan where you read three books a year that's quite doable very doable and start planning ahead of what are the skills you're going to need so guess what in 3 to five years the ultimate cisos CV that you created is yours you're basically reverse engineering you're creating a CV that every company would want as their siso and then you're going and saying how can I get all these skills over the next three to five years how can I start showing up as a siso But Eric I'm not getting paid to do that who cares who cares do you really think if you're going to put in extra effort if you're doing your current job as a security engineer but you're also going in and doing some additional things that help the company and help your boss you really think they're going to complain you really think they're going to be like don't do that stop doing that no of course not so start putting it in place now it's always funny I always love this part of it because when I go in and I teach this and tell people show up start behaving you know everyone says oh Eric there's no way my current boss is going to let me do that there's no way the current organization is going to allow me to do this they're just not going to let me do that so let's start basic first of all how in the world can your current organization stop you from reading at night really like like they're going to follow you home and start beating you with a bat if you read business books no they they have no control of that so that one's easy start learning about business start understanding business then we get into ones a little trickier so if you go to one of the execs and if you're a first year engineer depending on the size of your organization might or might not want to go to the COO or CFO to ask them to Mentor you that that might be a little bit of a push but here's what I found if you don't ask the answer is always no my friends always no but if you do ask then guess what the answer might be no but isn't there a probability 1% even 1% chance that they might say yes isn't your career worth 1% isn't your future worth a 1% chance and here's the thing that I find most people don't ask what you're asking and most people want to help therefore it's probably more like 15 or 20% of the time I am shocked I am not shocked but people are shocked all the time when they come to to go Eric I heard your advice and I said what the heck you I mean I I trust Eric I think I don't think he's right here but what the heck let me get the no so I can prove that I at least tried and they send a message out to the CFO where they say listen I'm a security engineer and 5 years I'd like to move into the sis Ro at the company and I'd like to just better understand business finances I was wondering if once a month I could buy you coffee and we could spend 30 minutes just talking about business and understanding business and most of the time they go Eric I was shocked when the reply I got back was yes how about this Thursday how about this Thursday meet me at my office at 7:30 we'll walk to Starbucks and they they're looking at us going did that really happen and the reality is this very few people ask the CFO for mentoring that's the ultimate compliment that's the ultimate give back to help other people and that CFO trust me they want to help people they love mentoring I often talk to Executives and you know what they tell me all the time they have mentoring on their list but they don't do it because nobody ever asks so don't be afraid to ask you never know oh but Eric boss is never ever going to let me do that how do you know how do you know they won't ask them to Mentor you then and and here's the catch22 go listen I know you're super busy and I know you're planning on uh retiring in three to four years so in five or six years I would like to be in your position I know how busy and swamped you are so I don't want to ask you directly but I was wondering are you okay if I just asked the CFO if I can get mentored once a month by them because I just want to understand business and see how I can better help you and support you in your job two things will happen they could say no more than likely one of two things they're either going to go hey I'm actually not that busy and I think that's cool I'd love to Mentor you and then that's a win or yeah I am super swamp go ahead and ask him and they'll say because they don't think the CFO is going to say yes and then when they do they'll be like oh wow I didn't think it was going to play out that way but the point is take control of your future start asking for help start asking for mentoring start asking questions because the reality is people want to help you but nobody ever asks it's my Richard Branson story I know some of you have heard this before but it's a great story so I highly respect Richard Branson he is I think one of the few or maybe one of the only people who have ever built and ran multiple billion dollar companies simultaneously the Virgin Brands right you had Virgin Atlantic uh the record company Virgin uh Fitness Virgin Airlines virgin Cruise ver I mean there was so many multi-billion dollar and the reason I'm fascinated is I am running multiple companies and the advice that everyone gives me Eric you can't do that you only can run one company at a time if you try to run and build multiple companies simultaneously it'll divert your energy and it won't be effective but I'm sitting there going but that completely contradicts what Richard Branson did so I read all of Richard Branson's books and I still didn't have in there how he was able to manage his time across multiple companies without deluding the effort so I researched and found his email and I sent them an email and I basically really short and sweet I read all your books one of my favorite Parts was in this book where you did X so I showed him I actually did read it I always want to validate I said but one thing I'm curious about that I didn't see in any of your books is in the beginning how did you manage your time across multiple companies because everyone's telling me I can't do it and it will dilute my energy but somehow you figured out the secret I was curious if you could give me any tips or tricks s Emil out wasn't expecting much but I know my rule if you don't ask it's always no if you do ask 5 or 10% so about a week later I'm up early working and I get an email back from the Richard Branson email address that says what's your number I'm free for the next 45 minutes I'd be happy to help you now I'm looking at this thing and I'm like are my friends punking me like did somebody figure out and they spoofed an email address and a punk at me is this really Richard Brad said so I wrote back with my cell phone number and sure enough Cole comes in I pick it up and sure enough it's him and we proceed to talk for 40 minutes and at the end and I'll never forget this at the end I said Richard I just have to ask you a question as busy as you are and as wealthy and famous and successful As You Are are why did you respond to my email and why did you spend 40 minutes on the phone with me he goes Eric any successful person has made it to the top because other people have helped them we always want to give back successful people always want to help others that are up and coming be successful because that's the way we got there he goes but we want people to be sincere and real he goes yeah I get so many emails from people with silly stuff like will you give me a million dollars or they're asking me questions that are in my books or can will you bear my children or stupid things like that he goes but I get very few legitimate requests like yours he goes your request showed you did your homework you researched and read all my books and you didn't find an answer and you're right the question you had was not in my books so I knew that you did your homework you had a sincere question you sounded eager I did research you briefly and you are an upand cominging entrepreneur so I felt very compelled to help you and to be honest with you I enjoyed the conversation you asked very good questions I enjoyed it it was nice to help you and hopefully we can talk again sometime in the future and I was just sort of shocked with his answer because it's so contrary to how we're trained we think that these successful people are these Untouchable robots that have no humanity and no heart but they're caring humans just like us billionaires are just like us billionaires sleep just like us they go to the bathroom just like us they breathe oxygen just like us and they like to help people just like us so you'd be shocked when you go in and start asking for help not everyone will say yes but you don't need everyone to say yes you just need one or two people so start asking for help asking for mentorship and here's the big twist that I want to sort of as I start to wrap up this addition with you've heard me a lot saying worldclass security Engineers do not make worldclass SOS the skill set that's needed to be a security engineer isn't going to make you a world class syo because they're different security Engineers need to be the smartest person in the room cisos are not security Engineers look for problems cisos look for Solutions security Engineers want to always improve the security and always spend more money and cisos want to balance risk accordingly security Engineers are focused on technical issues and cisos are focused on strategic Solutions so they're quite different that's why we say three to five years is sort of The Sweet Spot because the longer you're a security engineer the harder it is to make that twist very few exceptions but very few security Engineers that are the best in the business that have 12 to 15 years experience can become worldclass SOS because they love the technology too much they can't transition but here's here's the secret world class SOS can actually make great security Engineers because being a security engineer that understands business doesn't hurt you being a security engineer that gets mentored by CFOs doesn't hurt you being a world-class security engineer that can brief Executives and understand business doesn't hurt you my friends so starting to learn the siso skills while you're still a security engineer is actually a net positive I don't know any company where a security engineer that can fill in for their boss and brief Executives is a bad thing I don't know any company where a security engineer that actually understands business and when they go to a meeting instead of always spitting out problems problems problems and Technical technical technical they can actually step back and say why don't I give you a risk-based solution why don't we balance and understand risk and here's a way to do that and now your boss instead of do you need anyone to proofread the slides for you and check the slides or do any work on Graphics or here's the ultimate ask I'm curious about how board meetings are run and I'm curious of how you brief the board I know you're one of the best in the business is there any way I can come and just sit in on the meeting and observe and in the past that was tricky because boardrooms were not that big and there weren't a lot of empty seats so there wasn't like room for spectators but now more and more boards are met virtually they they still do Zoom meetings I sit on a lot of boards and every one of them we do Zoom we don't do any face to face so now you can sit in because you're not taking up a seat once again once again I know what you're going to say and you know what I'm gonna say you're gonna say oh but Eric you don't know my boss they're not going to let me do that they're not yes maybe you're right maybe you're wrong but guess what if you know what I'm saying if you don't ask the answer is always no you do ask it might be no but here's something else persistence with a smile gets you further than you could ever imagine keep asking I hear this all the time I go Eric I took your advice and I went to my boss and asked and they said no so then the next meaning I asked again and I asked again and I asked and finally my boss let me and I asked my boss I'm like what made you change your mind and they said you just got so freaking annoying I figured if I didn't eventually say yes you would never leave me alone compliment so if there's something you want go for it be kind be polite but be aggressive and if you start showing up like a siso today you start acting like a siso you start asking for help asking for mentorship sitting on meetings putting together board presentations reading business books guess what by the time you're ready to be a siso you won't have to ask me what do I need to do now to get ready you will be ready your CV will scream siso and you will have more job offers than you know what to do with so don't wait to wanting to be a siso start acting and showing up like a siso today and then in 3 to five years the world will be your oyster hope you enjoyed this edition of Life of aiso and we'll see you next [Music] week
Info
Channel: Dr Eric Cole
Views: 919
Rating: undefined out of 5
Keywords:
Id: OGq1VTChgtg
Channel Id: undefined
Length: 32min 26sec (1946 seconds)
Published: Thu Mar 28 2024
Related Videos
Creating a CISO Roadmap
Dr Eric Cole
198
Dr. Cole's Journey Part 2
Dr Eric Cole
411
CISO CHALLENGE (Mindset Not Skillset)
Dr Eric Cole
516
BEING A CISO
Dr Eric Cole
1.1K
Dr. Cole's Journey Part 1
Dr Eric Cole
612
Awareness (Strength and Weaknesses)
Dr Eric Cole
585
World War III
Dr Eric Cole
1K
What Do You Really Want (and are you willing to do what it takes)
Dr Eric Cole
306
Cyber 101
Dr Eric Cole
647
C _ _ O + _ I S _ = CISO
Dr Eric Cole
584
Becoming A CISO
Dr Eric Cole
905
Core Skills For Working In Cyber
Dr Eric Cole
981
Goals and Time Management
Dr Eric Cole
709
Screenwriting Plot Structure Masterclass - Michael Hauge [FULL INTERVIEW]
Film Courage
498K
ZERO TRUST
Dr Eric Cole
888
The CISO Paradox
Dr Eric Cole
748
Business 101
Dr Eric Cole
669
Lessons Learned
Dr Eric Cole
531
Note
Please note that this website is currently a work in progress! Lots of interesting data and statistics to come.