As noted in our recent CISO Strategies & Tactics for Incident Response, establishing a security culture with clear communication is an imperative. Some say awareness is simply the first step and that infusing the organization with a cyber security culture and consciousness is an ultimate goal.
Jeff Campbell, Chief Information Security Officer, Horizon Power is one such executive, “It’s about making incident response part of an automatic reaction. Ensuring there is a cyber security culture. Making sure there’s a state of mind around what cyber security is - so when things happen you know what to do, and it’s almost natural. If a staff member accidentally clicks on an
email, and then realizes and has that, “Oh, s#!%,” moment,
then they automatically know what to do. That’s bringing
incident response forward.” This week's TF7 guest agrees.
Episode Overview:
How CISO's create an Information Security Strategy varies greatly from organization to organization. One particular challenge is creating a strategy for a tech startup with very little resources. The Vice President of Information Security for Daily Pay, Jeffrey Hudesman, talks about the biggest threats FinTech companies are facing, how they are combating these threats, how he works to establish a security culture in his organization, and how important are security certifications like ISO 27001 to smaller companies. Hudesman also comments on how important timely threat intelligence is, how he goes about implementing red teaming operations in a FinTech, and how he sees the role emerging technologies play in the security posture of a small startup.
