Building Leadership Strategy Beyond Tech with Brian Haugli
Hacker Valley Studio3 Tammi 2023

Building Leadership Strategy Beyond Tech with Brian Haugli

Brian Haugli, Founder and CEO of SideChannel, brings his CISO expertise to the security podcast this week for a discussion about strategy and leadership in cybersecurity. Working alongside CISOs and fractional VCISOs, Brian has seen his share of leadership mistakes and has learned about the purposeful approach that security needs along the way. In this episode, Brian revises the mantra of “people, process, and technology,” to include the first and most important element in your security success: purposeful strategy. Be sure to subscribe to Hacker Valley Studio, the premiere cybersecurity podcast for cybersecurity professionals.

Timecoded Guide:

[02:01] People, process, and technology in your leadership strategy

[05:12] Tenants of a strong security strategy

[13:11] Setting up new fractional CISOs for success

[18:29] Creating SideChannel & walking the line between CISO vs consultant

[27:44] Thriving professionally by thriving personally

Sponsor Links:

Thank you to our sponsors Axonius and NetSPI for bringing this episode to life!

The Axonius solution correlates asset data from existing solutions to provide an always up-to-date inventory, uncover gaps, and automate action — giving IT and security teams the confidence to control complexity. Learn more at axonius.com/hackervalley

For more than 2 decades, NetSPI has helped companies discover and remediate critical security issues through its platform-driven, human-delivered security test. NetSPI is much more than a pentesting company, bringing you the most comprehensive suite of offensive security solutions. Visit netspi.com/HVM to learn more.

What has been your philosophy throughout the years when it comes to leadership versus technology?

The security adage of “people, process, technology” isn’t one combined concept. That is, in Brian’s opinion, why so many leaders make the mistake of prioritizing technology as a central part of their strategy. Strategy is not what technology you use, and you can’t buy your way out of every security conflict with a shiny new product. Ask yourself what problem you’re supposed to solve, not which tech is going to solve your problems.

“Strategy is not technology, it's figuring out what you want to look like when you grow up, in a sense. Everyone jumps to the shiny object. What can I buy to go solve this problem? You never stop and question: Was that the first problem I was supposed to solve?”

What are the tenants of making sure that you've done the work of creating a strong security strategy?

The North Star of your security strategy should be the identity and purpose of your business, according to Brian. If you don’t have a current assessment of your current capabilities, assets, resources, and objectives, you aren’t positioning yourself for success. Strategy comes from a knowledge and understanding of where you are now, and where you need to be. When your company “grows up,” what do you want security to look like for you? Understanding that guides you towards your target state without wasting your time on the wrong problems or objectives.

“I think a lot of people throw strategy around as a grander concept and don't actually think about the elements that need to go into building one. You need to align to a definition that supports your business and outcomes, and that's what is strategic. The idea is not strategic.”

Let's say I'm a brand new fractional CISO and I have my first client. What are the top three questions I'm going to ask of this organization to set me on the right path?

When dealing with a new client, fractional CISOs have to understand why they’re involved with this client in the first place. Why are you here? Who brought you here? And, most importantly, what is the reason security is being addressed now? A fractional CISO can’t defend what they don’t know exists, and they can’t meet a deadline without first understanding what this company’s unique security environment needs are.

“You don't jump into, ‘Okay, well, what's the budget?’ No, I like to understand what I have to actually defend and build to, how fast I have to actually make that happen, that then informs and sets up the much better discussion around, realistically, what you should be considering.”

What advice do you have for our audience that is interested in becoming a CISO?

Although Brian jokes that he would advise anyone against taking on a CISO role due to the workload, he understands and loves the grind of cybersecurity leadership. To not only survive but thrive as a CISO, Brian believes a practitioner has to keep their love for problem-solving and protecting organizations at the forefront. Still, as passionate as someone might be, Brian also advises knowing when to unplug and unwind to avoid burning out fast in such a strenuous role.

“Look, just take care of yourself. I think exercising is huge. Eat right, sleep right. You've got to take care of your mental health, take care of physical health, you've got to take care of your spiritual health. You've got to do all that, or you're never going to be good professionally.”

---------------

Links:

Keep up with our guest Brian Haugli on LinkedIn and Twitter

Learn more about SideChannel on LinkedIn and the SideChannel website

Connect with Ron Eddings on LinkedIn and Twitter

Connect with Chris Cochran on LinkedIn and Twitter

Purchase an HVS t-shirt at our shop

Continue the conversation by joining our Discord

Check out Hacker Valley Media and Hacker Valley Studio

Jaksot(406)

Understanding the Psychology of Cyber Risk with David Shipley

Understanding the Psychology of Cyber Risk with David Shipley

Most people think cybersecurity training is about knowledge, but what if motivation is the real key to success? David Shipley, CEO and Field CISO at Beauceron Security, shares how psychology and neuroscience reshape how we approach security awareness, reducing risks in ways tech alone never could. In this episode, Ron and David examine why people, not technology, are at the core of effective cybersecurity. David teaches us about the SCARF model, warns us about the dangers of overconfidence in training, and explains how gamification can drive meaningful behavior change when it comes to cybersecurity awareness and risk reduction.    Impactful Moments: 00:00 – Introduction 02:00 – David Shipley’s journey from journalist to cybersecurity leader 06:10 – Why motivation outshines knowledge in security training 08:20 – The Dunning-Kruger effect: Overconfidence in cybersecurity 11:17 – How overreliance on tech increases click rates 17:03 – Cybercriminals’ evolving tactics and emotional manipulation 25:00 – Gamification in cybersecurity: Changing security behaviors 30:56 – Using the SCARF model to enhance security culture 39:45 – Emotional intelligence as a defense against AI threats Links: Connect with our guest, David Shipley: https://www.linkedin.com/in/dbshipley/ Learn more about Beauceron Security here: www.beauceronsecurity.com/partner   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

7 Tammi 202544min

From Landscaping to Cyber Leadership with Cole Lisko

From Landscaping to Cyber Leadership with Cole Lisko

How does a scorching July day in a van with no air conditioning lead to a career at one of the world’s top cybersecurity companies? In this episode, Cole Lisko shares his journey from landscaping to becoming the Cortex Team Manager at Palo Alto Networks.  Joined by his bestie Cole, Ron weaves the conversation through their history of friendship with laughs and lessons learned along the way. Discussing career pivots, unexpected opportunities, and the impact of mentorship, this conversation offers relatable motivation and a candid look at the power of meaningful connections.   Impactful Moments: 00:00 - Introduction 03:00 - Cole’s first exposure to cybersecurity 06:30 - Pivotal moment: a call for mentorship 11:40 - Breaking into cleared work 18:30 - Lessons learned at Booz Allen 22:00 - The art of work-life compartmentalization 27:45 - Leadership insights from landscaping days 32:50 - What’s next for Cole at Palo Alto Networks Links: Connect with our guest, Cole Lisko: https://www.linkedin.com/in/matthewlisko/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

24 Joulu 202434min

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

Think Like a Hacker, Solve Like a Leader featuring Ted Harrington

What if the key to innovation is breaking the rules? Ted Harrington, Executive Partner at Independent Security Evaluators and a pioneering ethical hacker, explores the power of commitment, curiosity, creativity, and nonconformity to rethink cybersecurity and life itself. From hacking the first iPhone to disrupting misconceptions about security testing, Ted shows why the hacker mindset matters more now than ever. Join Ron and Ted as they discuss strategies for using the hacker mindset to solve problems, address risks like AI-driven deepfakes, and uncover unconventional opportunities in both business and personal growth.   Impactful Moments: 00:00 - Intro 03:15 - The four traits of a hacker mindset 07:40 - Hacking the first iPhone and Tesla 11:50 - Why penetration testing is misunderstood 16:30 - Risks and realities of AI deepfakes 21:20 - Applying hacker traits to entrepreneurship 28:45 - Ted’s upcoming book: Inner Hacker 33:00 - Why mindset matters most   Links: Connect with our guest, Ted Harrington: https://www.linkedin.com/in/securityted/ Order Ted Harrington’s book “Hackable” here: https://www.amazon.com/Hackable-How-Application-Security-Right-ebook/dp/B08MFTQ7Q4 Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

17 Joulu 202441min

Hacking Trust with AI and Deepfakes featuring Iain Jackson

Hacking Trust with AI and Deepfakes featuring Iain Jackson

What happens when cutting-edge AI meets the art of deception? In this episode, Iain Jackson, Academy Hive Leader at CovertSwarm, takes us through the uncanny potential and risks of synthetic voices and AI in cybersecurity.  Together, Ron and Iain discuss how adversaries are using AI to bypass human intuition. From synthetic voice calls to automating phishing attacks at scale, this episode explores how hackers leverage technology using these tactics and what you can do to stay one step ahead.    Impactful Moments: 00:00 - Introduction 01:56 - Iain shares his journey with AI 03:29 - Demonstrating voice cloning in real-time 06:31 - Risks of automated synthetic voice attacks 09:46 - Impact of AI on social engineering tactics 11:00 - Importance of "vibe checks" in cybersecurity 15:17 - Real-world phishing and HR scam example 20:00 - Uncanny Valley: Defense against AI deception 23:37 - The future of AI in adversary emulation   Links: Connect with our guest, Iain Jackson: https://www.linkedin.com/in/iain-j-98578a238/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Joulu 202425min

Championing the Human in Cybersecurity with Julie Haney

Championing the Human in Cybersecurity with Julie Haney

What happens when cybersecurity puts people first? Julie Haney, Human-Centered Cybersecurity Program Lead at NIST, shares how designing security with humans at the center leads to greater adoption, reduced frustration, and stronger protection. In this episode, Julie discusses how to improve user adoption by simplifying complex security processes, why empathy is a game-changer for effective security, and strategies for empowering people to feel confident and secure online. This conversation will inspire you to rethink how we protect people in the digital age and shares a fresh perspective on making cybersecurity work for all. Impactful Moments: 00:00 - Introduction 07:15 - Breaking down barriers in user design 15:40 - Why empathy matters in cybersecurity solutions 21:05 - Challenges in bridging tech and humanity 28:30 - Designing systems with people, not just for them 35:10 - Practical steps to empower users in security 42:45 - Final reflections on human-centered innovation   Links: Connect with our guest, Julie Haney here: https://www.linkedin.com/in/julie-haney-037449119 Check out NIST’s Online Community of Interest here: https://csrc.nist.gov/Projects/human-centered-cybersecurity/hcc-coi Learn more about Human-Centered Cybersecurity on NIST’s website here: https://csrc.nist.gov/projects/human-centered-cybersecurity   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

3 Joulu 20242min

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do You Deserve To Be Hacked? Featuring Ilan Fehler and Dahvid Schloss

Do you deserve to be hacked? With that bold tagline, CovertSwarm is pushing leaders to rethink how they test and defend their systems, and in this episode, they’re sharing firsthand how organizations can prepare for adversaries in the wild. Recorded at Black Hat 2024, Ron is joined by Ilan Fehler, US Sales Lead at CovertSwarm, and Dahvid Schloss, Hive Leader at CovertSwarm to explore the world of adversary emulation. From physical breaches to API exploits, this conversation covers the human, digital, and physical elements of cybersecurity. Impactful Moments: 00:00 - Introduction 01:25 - You Deserve To Be Hacked 03:05 - Emulating criminal behavior: The hive structure 07:55 - Social engineering tactics that really work 20:16 - Physical breaches: Pentesting in action 24:09 - Past the firewall: Second- and third-layer testing 29:14 - Digital exploits and real-world vulnerabilities 35:24 - Why organizations hesitate to invest in red teams 37:33 - Building muscle memory for security   Links: Connect with our guests, Ilan Fehler https://www.linkedin.com/in/fehler/ and Dahvid Schloss https://www.linkedin.com/in/dahvidschloss/ Learn more about CovertSwarm here: https://covertswarm.com/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

26 Marras 202440min

Transforming SOC Operations with AI featuring Roy Halevi

Transforming SOC Operations with AI featuring Roy Halevi

Cybersecurity is evolving fast, and AI is at the center. Roy Halevi, Co-Founder and CTO of Intezer, explains how AI automates SOC operations, improving speed and accuracy while freeing up teams to focus on critical threats. In this conversation with host Ron Eddings, Roy explains how AI automates critical tasks like alert investigation and response, reducing noise and improving accuracy. Roy shares insights on overcoming challenges in adopting AI, the future of SOC roles, and how organizations can optimize their defenses using AI driven tools.   Impactful Moments 00:00 – Intro and the AI revolution in cybersecurity 01:16 – Meet Roy Halevi, Co-Founder and CTO of Intezer 03:00 – The story behind the name ‘Intezer’ 06:14 – Key challenges facing today’s SOC teams 15:04 – Top use cases for AI in the SOC 21:27 – How Intezer automates alert triage and response 37:32 – Future predictions for SOC and cybersecurity roles 48:23 – Closing thoughts and call to action   Links: Connect with our guest, Roy Halevi: https://www.linkedin.com/in/royhalevi Learn more about Intezer here: https://intezer.com   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

20 Marras 202449min

From Shadow IT to Full Asset Visibility with Wes Wright

From Shadow IT to Full Asset Visibility with Wes Wright

Can you truly protect what you can't see? Wes Wright, Chief Healthcare Officer at Ordr, joins Ron to share how organizations can shine a light on their network and asset blind spots and take control of their digital assets. In this episode, Ron and Wes discuss the importance of asset visibility in cybersecurity, outlining the potential of CAASM (Cyber Asset and Attack Surface Management) and how it empowers teams to expose hidden vulnerabilities, streamline operations, and stay ahead of security threats, vulnerabilities, and exposures.   Impactful Moments: 00:00 - Introduction 01:35 - Asset visibility and blind spots 03:47 - What keeps CTOs and CISOs up at night 08:45 - Bridging IT and OT: CAASM explained 12:10 - Real-world use cases for CAASM 18:37 - The power of automated asset management 25:00 - Why continuous inventory is a game-changer 35:59 - Wes’s advice for getting started with Ordr Links: Connect with our guest, Wes Wright: https://www.linkedin.com/in/4kidwes/ Learn more about Ordr here: https://ordr.net/   Check out our upcoming events: https://www.hackervalley.com/livestreams Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/

12 Marras 202437min

Suosittua kategoriassa Koulutus

rss-murhan-anatomia
psykopodiaa-podcast
voi-hyvin-meditaatiot-2
jari-sarasvuo-podcast
rss-niinku-asia-on
rss-duodecim-lehti
psykologia
aloita-meditaatio
rss-psykalab
aamukahvilla
ihminen-tavattavissa-tommy-hellsten-instituutti
rss-liian-kuuma-peruna
rss-valo-minussa-2
rss-narsisti
rss-vapaudu-voimaasi
uskonnon-pitka-oppimaara
mielipaivakirja
rss-koira-haudattuna
rss-anteeks-etukateen
rahapuhetta