On the second of this two-part conversation, Stephen and Steve talk about how to build security awareness within your organization, identifying why the business needs a cybersecurity program and, ultimately, how to build your first program.
Principles vs. Policies
When you’re getting buy-in for a new cybersecurity program, aligning to the policies of the business you’re securing is key, but if you’re doing this before cybersecurity was even a thing, principles could mean the difference between success and failure.
This episode also hits on topics like:
- Marketing yourself as a leader to your company
- Why principles are as important as policies when it comes to security
- The customer’s perspective and,
- The Citi data breach and the first time the term “CISO” was used
More about Steve Katz
For over 35 years, Steve has been directly involved in establishing, building and directing Information Security and Privacy functions. He is the founder and President of Security Risk Solutions, providing consulting and advisory services to major, mid-size, startup companies. He is also an Executive Advisor to Deloitte. Steve served as a member of the (ISC)² Americas Advisory Board for Information Systems Security. Steve organized and managed the Information Security Program at JP Morgan for ten years. In 1995, he joined Citicorp/Citigroup, where he was the industry’s first Chief Information Security Officer.