P-CSO Podcast
Pragmatic CSO Podcast #13 - Digging deeper into the business plan
This
week we are going to dig a bit deeper into the business plan and deal
with the first two sections of the plan. Initially we need to POSITION
our securirty organization. What are we doing and why is it important?
Then we need to make our PRIORITIES very clear. What do we focus on
first and why?
The business plan is as much for them (meaning your senior
executives and the like) as it is for you. So you need to start the
plan off with a bunch of information about them, before you get back to
what you are going to do.
Running time: 6:45
Intro music is Jungle and we end with Ben Folds' "Don't Change Your
Plans." Obviously the plan must adapt given the dynamic nature of our
businesses, but by building the plan with the customer in mind you
won't be changing it based upon the way the wind blows.
Direct Download: 13_Pragmatic_CSO_Podcast_13.mp3
Subscribe
in a reader
Photo Credit: nbonzey
Pragmatic CSO Podcast now on iTunes
Now you can take the P-CSO on your iPod with you. This is great news, so now I can haunt you in your car, on an airplane, or even when you are running. Although since all of the podcasts are 6-7 minutes, it wouldn't be much of a run I guess.
To get the podcast, click this link and then it should direct you to iTunes to subscribe to the podcast. Screenshot of what you should see is below.
Pragmatic CSO Podcast #12 - The Business Plan
This week we get back into the Pragmatic CSO methodology, and jump into Section 2: Building Your Pragmatic Security Environment. The first step in S2 is Step 4 or Building Your Security Business Plan. Why do we need a business plan anyway? What's the point?
All is revealed in podcast #12. Well OK, not all - but I lay the groundwork on why the business plan is probably the most important of the 12 steps and what goes into building it. Over the next 2 months or so, we'll be delving deeply into the business plan and the associated efforts to "sell" the strategy to the senior team.
So, buckle up as we take off for the next leg of the P-CSO journey.
Running time: 5:52
Intro music is Jungle and I sign off with Acquiese from Oasis'
Masterplan album. Since the security business plan is YOUR Masterplan,
I thought that was appropriate.
Direct Download: 12_Pragmatic_CSO_Podcast_12.mp3
Subscribe
in a reader
Photo Credit: Peter J. Bury - IRC
Pragmatic CSO Podcast #11 - The Fixer
This week I take another tangential journey to discuss a concept I call "The Fixer." You know, when a senior staffer is airlifted in to "fix" security. The Fixer knows how to get things done in your organization, and can certainly be viewed as a threat and as indicative of the fact that security is broken.
How should you deal with the Fixer? Why is he (or she) there? Can you turn this into an advantage?
Check out podcast #11 and find out...
Running time: 6:40
Intro music is Jungle and I sign off with the classic Kool and the Gang
anthem "Jungle Boogie," which is the song I associate most with Pulp Fiction.
Yes, that's where I stole the term "The Fixer."
Direct Download: 11_Pragmatic_CSO_Podcast_11.mp3
Subscribe
in a reader
Pragmatic CSO Podcast #10 - It's So Easy
Today I go on a bit of a tirade. Basically, just coming back from RSA -
I'm a bit sensitive to vendor claims vs. reality. I've been
pounded by a webcast announcement from AlertLogic for the past week
about "PCI Compliance made Easy." After I cleaned the puke off my desk,
I needed to rant a bit. So this week's podcast is a little different.
All rant, no filler.
Nothing about security is easy. Regardless of what the vendors want you to believe.
Here is the invite, so you have some context... The event is
today, so you can figure out just how "easy" security is.
=============================================
VENDOR WEBCAST: Simple & Affordable PCI Compliance with Alert Logic
=============================================
WHEN: LIVE! April 16, 2008 at 2:00 PM EDT (1800 GMT)
SPEAKER: Nick Ignatiev, Sales Engineer, Alert Logic
SPONSOR: Alert Logic
http://go.techtarget.com/r/3435132/6133928
ABOUT THIS VENDOR WEBCAST:
In this webcast, you will discover:
* An easy solution for addressing the PCI DSS requirements for
intrusion protection, vulnerability management, and log management
* Strategies for compliance that don't strain employee or budget
resources
* The ways that your company can pass an audit quickly and easily
* And more...
Running time: 6:46
Intro music is Jungle and I sign off with Linda Rondstadt's classic
"It's So Easy" because at least something in this world should be easy.
I was going to use a Guns song "It's So Easy," but the lyrics are
pretty hardcore and it may have been a bit much for our younger
listeners out there.
Direct Download: 10_Pragmatic_CSO_Podcast_10.mp3
Subscribe
in a reader
Photo credit: Mikey
aka DaSkinnyBlackMan (his alias - not mine)
Pragmatic CSO Podcast #9 - Making Deposits in the Credibility Bank
This week we wrap up our stop in Step 3: Managing Expectations by
talking about the long term plan. The first step of the managing
expectations presentation is all about providing the context of the
program and educating the senior team about why it's important. Then
next step is about triage. Based on the baseline, what are the most
important things that need to be tackled RIGHT NOW. Finally, we are in
a position to start accepting responsibility for the long term success
of the security program and ensure they senior team understands YOU are
accountable for it's results. This final aspect of the presentation is
all about mapping out the next few steps, setting milestones and
starting to make those deposits in the credibility bank.
Running time: 5:22
Intro music is Jungle and I sign off with Madness' "Our House," mostly
because today is the first day of the NCAA basketball tournament, so
there is a lot of March Madness going around Incite Central.
Direct Download: 09_Pragmatic_CSO_Podcast_9.mp3
Subscribe
in a reader
Photo credit: Orfield
Photography
Pragmatic CSO Podcast #8 - Triage (or saving the patient)
March 12, 2008 - #48 (Podcast #8)
Podcast #8 - Triage (or saving the patient)
This week we continue our journey through Step 3: Managing Expectations
and
talk about how to present
the "bad news," as part of your efforts to ensure the senior team knows
what you are up to and why. The triage part of the discussion is also
pretty important because it will indicate whether you have a snowball's
chance in hell of actually making progress on the program. If you can't
get agreement on the 2 or 3 things you think are most important to do
TODAY - then it doesn't bode well for the stuff you want to do tomorrow
and the day after that.
Running time: 6:27
Intro music is Jungle (get used to it, it's not changing unless the
copyright poli ce come to visit), and we finish up with a live excerpt
of Bon Jovi's "Bad Medicine," since that's the news we tend to deliver
during triage.
Direct Download: 08_Pragmatic_CSO_Podcast_8.mp3
Subscribe
in a reader
Photo credit: MargiL
Buy It Now!
Ready to buy the Pragmatic CSO right now? Good, I'm sure you'll find the process of value to your organization. But if not, then remember you've got 30 days to tell me it sucks and ask for your money back. Click on the links below and go right to the shopping cart. A journey of 1000 miles begins with one step, take that step today.
Pragmatic CSO Podcast #7 - Educating the Team
This week we dive into Step 3: Managing Expectations and investigate
why one of the most important
things a security professional can do is
to give the senior team the PERCEPTION that you're in CONTROL of the
situation. Reality means little, perception means everything.
A couple of the topics covered include:
- Why managing expectations around security is hard
- How to provide context about what a security program is about
- The 3 most important ideas to convincing someone you have your act together.
This is the first of 3 podcasts that will be devoted to Step 3, which is the last task in the planning section.
Running time: 6:35
Intro music is Jungle, and we send you on your merry way with Alice Cooper's "School's Out."
Direct Download: 07_Pragmatic_CSO_Podcast_7.mp3
Subscribe
in a reader
Photo credit: Chris Campbell
Pragmatic CSO Podcast #6 - Assessing the Skills Gap
This week we wrap up on Step 2: Taking the Baseline by being
candid with ourselves and really understanding if we have a skills gap.
This is one of the most brutal parts of being a manager, but it needs
to be done.
I refer to a few books from the Gallup Organization, so you can
understand what may be a different way of thinking about management. First, Break All the Rules and Now, Discover Your Strengths.
I don't have to manage much of anything nowadays, but these resources
and philosophy were instrumental in being able to build great teams
when I had to, and at the end of the day if you team isn't great - you
can't be.
Next week, we'll start up with Step 3: Managing Expectations.
Running time: 6:57
Direct Download: 06_Pragmatic_CSO_Podcast_6.mp3
Subscribe
in a reader
Photo credit: Márcio Cabral de Moura
Pragmatic CSO Podcast #5 - Dig (into) the Baseline
This week, we continue our journey through Step 2: Baseline Your Environment. Here are a couple of the topics covered:
- Finding the holes in your perimeter
- Looking at your applications (the most IMPORTANT ones anyway)
- The softer side of security: User perception and user awareness
Also make sure to listen for Dr. No. He makes a special guest appearance in today's show.
Time: 5:43
Intro music is Jungle and I sign off with Ozzy's No More Tears. Yes, one of the classic bass lines in rock.
Direct Download: 05_Pragmatic_CSO_Podcast_5.mp3
Subscribe in a reader
Image credit: hello_heiko
Recent comments
1 week 14 hours ago
1 week 17 hours ago
1 week 2 days ago
2 weeks 19 hours ago
2 weeks 20 hours ago
4 weeks 16 hours ago
4 weeks 16 hours ago
4 weeks 1 day ago
4 weeks 6 days ago
6 weeks 1 day ago