Resilient Cyber Podcast - Episode 19 - Richard Seiersen - CISO / Author

Overview: In Episode 19 of the Resilient Cyber Podcast, Chris Hughes and Dr. Nikki Robinson host Rich Searson, a seasoned Chief Information Security Officer (CISO) with extensive experience in cloud-native security and infrastructure as code. Rich shares his journey through various leadership roles in cybersecurity, including his current position at Soluble and previous roles at Lending Club, Twilio, and GE Healthcare. The conversation delves into key aspects of cybersecurity leadership, the evolution of cloud-native development, the challenges faced by CISOs, and the importance of measuring and managing cybersecurity risks effectively.

Highlights:

1. Rich Searson's Background: Rich provides an overview of his career, highlighting his roles as CISO at various organizations and his co-authorship of the book "How to Measure Anything in Cybersecurity Risk." He also introduces his forthcoming book, "The Metrics Manifesto," which focuses on a data-driven approach to security metrics.

2. Becoming a CISO: Rich offers advice for aspiring CISOs, emphasizing the importance of developing a deep skill set in a specific area of cybersecurity and then scaling that expertise across different domains. He stresses the need for continuous learning and adapting to the rapidly changing landscape of cloud-native development.

3. Challenges in Cybersecurity Leadership: The episode explores the challenges faced by CISOs in modern organizations, particularly in managing the complexities of cloud-native environments. Rich discusses the importance of hiring the right talent, building a community, and staying engaged with the cybersecurity ecosystem to attract and retain top talent.

4. GitOps and Security: Rich explains the concept of GitOps and its significance in cloud-native development. He discusses how GitOps allows for more efficient and secure software development by ensuring that infrastructure as code is the single source of truth. He also highlights the challenges and opportunities associated with implementing GitOps in a security context.

5. Metrics and Measurement in Security: The conversation touches on the importance of using data-driven approaches to measure and manage cybersecurity risks. Rich shares insights from his work in developing metrics that provide meaningful insights into an organization's security posture, helping to identify and remediate risks more effectively.

6. Final Thoughts on Cyber Resilience: Rich concludes the episode by discussing the concept of cyber resilience in the context of cloud-native environments and DevSecOps. He emphasizes the need for security teams to focus on enabling developers while maintaining oversight and control through automated processes and effective use of metrics.