The New CISO Podcast - Episode 32 | Exabeam

The New CISO Podcast Episode 32: Lessons Learned from the “First CISO” Part 2″


On the second of this two-part conversation, Stephen and Steve talk about how to build security awareness within your organization, identifying why the business needs a cybersecurity program and, ultimately, how to build your first program.

Principles vs. Policies

When you’re getting buy-in for a new cybersecurity program, aligning to the policies of the business you’re securing is key, but if you’re doing this before cybersecurity was even a thing, principles could mean the difference between success and failure.

This episode also hits on topics like:

  • Marketing yourself as a leader to your company
  • Why principles are as important as policies when it comes to security
  • The customer’s perspective and,
  • The Citi data breach and the first time the term “CISO” was used

More about Steve Katz

For over 35 years, Steve has been directly involved in establishing, building and directing Information Security and Privacy functions. He is the founder and President of Security Risk Solutions, providing consulting and advisory services to major, mid-size, startup companies. He is also an Executive Advisor to Deloitte. Steve served as a member of the (ISC)² Americas Advisory Board for Information Systems Security. Steve organized and managed the Information Security Program at JP Morgan for ten years. In 1995, he joined Citicorp/Citigroup, where he was the industry’s first Chief Information Security Officer.

Listen and Subscribe on Your Favorite Podcast App


Get in Touch!

Have a topic or guest you'd like to see featured on The New CISO?
Email us at thenewciso@exabeam.com