Building Your First Cybersecurity Program

On today’s episode we are joined by Benjamin Edelen, former CISO of the City of Boulder. Leading with people first strategy, he aims to serve and protect the community and discusses his transition in and out of the CISO role.  Starting from Scratch5 years ago, Edelen was chosen to be the first CISO of the City of Boulder. With no security programming or procedures in place, he had to build the program from scratch. This was a large challenge he had to face. His solution was to pour a lot of himself and his personality into the company. Ultimately, the program became deeply intertwined with his personality. Although he has since left the position, he tried to figure out how to leave while keeping the system in tact. Having connection and passion for your job is important. However, it can make it hard to discern work from personal life.  Turning PointWhen did Edelen realize it was time to move on? He notes that the CIO of the organization was very transformative with a thorough plan of advancement. He speaks on the fact that she wanted to guide him on being successful both in the company and beyond. He was encouraged to go out into the world, even if that was with another organization. There is often a point when someone needs to move on in order to continue to grow.  Passing the TorchPassing a role that you served in for a long time can be very challenging. It is important to learn how to move on. It can be difficult to see the role fade away or change. Sometimes the company may not listen to your advice or continue to take the role in the ways you envisioned it. Emotional reactions during these times are natural.  Transitioning DocumentsWhat is Edelen’s advice for leaving the role? He had to decide how to transition out of the role as he was leaving. This can be deciding to recommend people to take on the roles. Writing down the tasks is important. The biggest challenge was a request/business case for the continuation of the role he was leaving. As he was creating the transition documents, he realized he was also creating a document he could use to begin his next role.  RecognitionEdelen notes that the recognition he needed was knowing he was protecting the people. Recognizing successes within the company is very important. In cyber security, the focus is often the failures. However, focusing on success can make a large difference.  Employment ContractsCISOs are not always the best at creating employment contracts. Putting together a list of questions and topics can be a great thing to consider. Contract negotiation is pretty standard. It is powerful to outline certain expectations you have of the job. Steeve Moore encourages listeners to reach out to him on LinkedIn.  Being a New CISOTo Benjamin Edelen, being a new CISO means placing an organization and their people under your protection. He builds an organization intertwined with who he is as a person, and he would do it again. Helping other people navigate mistakes is a large part of the role. Taking on the role means making a commitment to the people and standing against risk.  Links:Exabeam Podcasts