Culture Eats…Security for Breakfast

On today’s episode, George Finney, the CISO of Southern Methodist University, joins us to discuss how cybersecurity is a team sport that depends on openness and collaboration, and examine how culture can directly impact the likelihood of future breach.    How a Law Degree Helped George  George Finney is an accomplished CISO with a more unique background: he has a JD. While it’s becoming more common for CISOs to get an MBA, it’s rare that they would have a law degree. He attended night law school while working full time, reading thousands of pages of dry legal cases. George reflects on the process and says it helped push him to a new level of work, made him more efficient, and helped him understand the big picture of “why” with cybersecurity.  George says receiving higher education made him more curious and gave him more of a global understanding of the business. While he doesn’t encourage every CISO to apply to law school, he points out how useful it can be to understand security through another lens than just a technological one. Additionally, higher education degrees help CISOs more with employment opportunities.    Advice for 25-year-old George  George reflects on what advice he would give his younger self. He focuses on how your career is a process; he’s worked corporate jobs, startups, and attended law school. He believes that those different experiences can help prepare someone for a leadership position. He tells his younger self to embrace variety and wishes he had pursued more diversity in his career.  He touches on how he’d tell his younger self that cybersecurity is a team sport, which we delve more into later. The Healthy Leadership Mindset  Traditionally, there is the idea in cybersecurity that the problem is always people-based, or that certain people are to blame. However, this pervasive attitude discredits employees and doesn’t allow them rise to the occasion. George speaks on how leadership needs to include mentorship, and needs to want people to succeed, instead of just waiting for them to fail.  Listen to the episode to hear more about the dangers of writing people off as “dumb” instead of taking the time to help them improve.  The CISO that Cried Wolf George also discusses how the fear of being poorly perceived can impact security. He gives the example of Robert Ebeling, the engineer who tried to warn NASA about the space shuttle the Challenger. Unfortunately, he was ignored, as he told his management something NASA didn’t want to hear, and as a result, the astronauts died.  We speak on the nuances of trying to navigate the CISO position, as its purpose is to raise alarm when necessary. We talk about how you don’t want to be the CISO that cried wolf every time there is potential for risk. However, you also don’t want to keep quiet out of fear. Listen on to hear what George has to say on this topic.  Well-Aware: Master the Nine Cybersecurity Habits to Protect your Future  Whether you are a technical or non-technical leader, you can benefit from this book through the lessons you learn in his historical and psychological examples    George wrote the book because he wanted to help CISOs bridge the gap in speaking to other leadership positions within the company    Professional development book for CISOs specifically    Focusing on habits and small challenges that can make a huge difference    Potentially adjusting these habits can help prevent attacks    Listen to the episode to hear more on the nine habits and more about George’s book Leadership in the Time of COVID George urges team leaders to have extra compassion in this time. People are now in a seven-month long stress period—whether with kids at home or worrying after elderly parents. As a leader, it’s important to...