- Listen on:
Change The Conversation For Greater Infosec ROI - Part 2
In our second episode, Rick Dudek and I resume discussion of "digital everything" risks and harm, including how good the bad guys are at what they do. Rick describes the value of mentorship to infosec operations, and we both reflect on how the most enduring lessons we learned from mentors - especially early in our careers - had nothing to do with the technical aspects of our jobs. We talk about the value of learning to collaborate and work as a team, and Rick follows that with a compelling discussion of why infosec teams need "whole people" on them, not just technical experts. Rick's observations and insights make great take-aways, and here are some of my favorites: 10:34 - You can easily miss good mentoring as it happens, but you can look back 10 or 20 years and see what a gift it was. 15:06 - You want people bringing everything they are to a job, especially in information security - volunteer work, being a lifeguard, ripping an old computer apart to see what you can do with it. It's all evidence of aptitude and affinity relevant to work. 17:26 - Why it's better for an infosec team to have "whole people" catch and respond to threats. 24:42 - You can have a risk register and use a risk management framework, but their effectiveness is no greater than the quality of the conversation you have about risk - with lines of business and the C-suite. ...