The New CISO Ep. 87: What Would a Breach Cost You? Personal Risk vs. Reward as a CISO with guest Jeff Farinich
Podcast Transcript | Air Date March 22, 2023
Listen to Steve and Jeff discuss the right time to leave a company and the personal and monetary cost of a breach:
Meet Jeff (1:45)
Host Steve Moore introduces our guest today, Jeff Farinich.
In his early twenties, Jeff studied accounting but realized it wasn’t for him. He then became a general contractor, but by his mid-twenties, he was still determining what he wanted to do. He soon took a course that kickstarted his IT career, putting him on the path to becoming a CISO.
Adjusting To The Job (4:20)
When Jeff started his first IT job, he was excited by the change of direction.
Jeff now realizes that he always dabbled in tech, as he even helped manage PCs at his first accounting job.
Multiple Paths (6:28)
Jeff reflects on a job at a large property management company and his position as an MS manager at a small movie studio.
He soon began his path into security management and leadership. Through the movie studio, he also went to the premiere of a Jean-Claude Van Damme movie.
Advice To His Younger Self (10:45)
If Jeff could give his younger self advice, he would suggest getting as much tech experience as possible on the VAR side. He would have even considered staying in Silicon Valley longer, possibly leading to an even more explosive career.
A MacGyver Type (15:38)
Steve presses Jeff on whether he would ever consider stepping away from the technical side of security to get on the strategy/VAR side.
Jeff is very open but also likes to fix things. He refers to himself as a MacGyver type “born with a screwdriver in hand.”
A Development Relationship (19:30)
Jeff enjoys having a development partnership with partners by trying new, untested tech at a low cost.
This type of relationship is mutually beneficial by allowing Jeff to be creative while also driving innovation for that vendor.
Evaluating Vendors (22:13)
There are fewer IT vendors than security vendors, so there have been fewer decisions for Jeff to make. Evaluating vendors is a process and can leave room for great, collaborative relationships.
A Small Step (27:35)
Before jumping into vendor development, Jeff recommends understanding the industry and being knowledgeable about the vendor space you’re interested in.
If you are someone who doesn’t always want to contact your VAR but doesn’t know where to start, it’s essential to begin by learning and choosing carefully.
Moving Up and Out (32:59)
Steve presses Jeff on clarifying his belief that “the best way to move up is to move out.”
Jeff is far from a job hopper — but, if you wait to the point where you are desperate to leave your company, you probably should have left sooner. If you are not fixing the problems you want to repair, or there are a lot of risks, it’s valid to seek new opportunities.
Managing Liability (34:51)
CISOs always need to evaluate how much risk they are taking on. Whether you are an officer or a director, you should realize that liability can reach you. Jeff has pushed for new ways to protect CISOs from personal liability when a breach occurs.
Individual Risk (36:20)
Jeff and Steve share the costs of a breach and how that can trickle down to the CISO, whether monetarily or mentally. CISOs have “bad day factors” that can vastly outweigh other leaders.
The New CISO (43:44)
To Jeff, a new CISO is someone who deals with ever-growing cybercrime. You may not get everything you need on day one, but being a CISO is a journey of learning.
Links mentioned: