S26 Ep5: Amanda Fennell - The Unicorn Leader's Self-help Guide to Confidence and Competence

In this episode, Steve speaks with Amanda Fennell, a security professional with over two decades in the industry who currently serves as CISO and CIO of Prove and adjunct professor of cybersecurity at Tulane University. She talks to Steve about why a CISO must be an educator at heart, how to embrace feedback in order to grow, and how young professionals can shape their careers in security as the role of the CISO evolves.


Key Takeaways:
1. Important foundational principles in security include least privilege, risk mitigation, and vulnerability management.
2. Amanda Fennell suggests that new CISOs befriend their legal officers, in order to better understand security and risk.
3. Handing change can be a key indicator of high performance in security, with those who thrive in change being more likely to be high performers.


Tune in to hear more about:
1. Teaching technical skills and emotional intelligence in a technical field (2:25)
2. Security leaders’ communication and education strategies (4:35)
3. Security fundamentals and vulnerability management (10:37)
4. Evolving role of CISOs, career progression, and coping with stress in security leadership positions (13:21)
5. Managing stress and mental health in leadership roles (18:57)


Standout Quotes:
1. “It was a long, long time ago. My boss sat me down for a performance review and said, you have a reputation for not taking feedback well, because you're really sure that you're right. And I took that to heart. And for a long time, I did have to fake that feedback coming to me, like, ‘Thank you for the feedback. I'll think about this. That’s so …’ You know, whatever, and just freeze your face into a smile. Now, I love it. I invite it.” -Amanda Fennel.

2. I think that probably, my other big advice for people who are first-time CISOs who are new in their role: become good friends with your legal officer.That’s going to be your best friend on the team. They understand, especially if they have compliance and audit — those people, and I say this as someone who worked at a legal tech company, software for five years — but your legal officers understand security and risk really well. And they're going to help you to interpret and translate things often. And that has been one of my biggest helps in my career. -Amanda Fennell


Mentioned in this episode:

• ISF Analyst Insight Podcast
  
  

Read the transcript of this episode
Subscribe to the ISF Podcast wherever you listen to podcasts
Connect with us on LinkedIn and Twitter

From the Information Security Forum, the leading authority on cyber, information security, and risk management.