Podcast - The New CISO Podcast Episode 96: The 70-20-10 Rule - Steps You Can Take for Professional Growth - Exabeam

Podcast – The New CISO Podcast Episode 96: The 70-20-10 Rule – Steps You Can Take for Professional Growth

Podcast Transcript | Air Date July 27, 2023

Listen to the Podcast

Listen to Steve and Andrew discuss his five-step mentorship plan and essential interview guidelines for CISOs:

Meet Andrew (1:38)

Host Steve Moore introduces our guest today, Andrew Wilder, who has worked in cyber security for twenty years.

Andrew got his start in cybersecurity by working at a paper company, where he worked in marketing, sales, inventory, customer service, and more. One day the owner came to him, wanting to change their computer systems. Being the youngest in the office, Andrew was given the project, beginning his IT journey.

Eighteen Years (6:23)

Andrew reveals why he stayed at Nestle for eighteen years. Andrew loved the people and culture and even met his wife on the job.

Steve presses Andrew on why he didn’t stay longer, and Andrew reveals that he progressed as far as he could go. Wanting to move forward in his career, Andrew felt inclined to make the jump.

A Difficult Move (8:12)

Andrew shares how challenging it was to leave Nestle. Although his co-workers were shocked, Andrew knew going was right for him.

If you’re in a similar situation, you may always find something to regret, but no situation is perfect. Ultimately, you have to do what’s best for you.

Care About Your Career (11:50)

When contemplating a career transition, Andrew recommends finding a mentor. Of course, no one will care for your career for you. You will make time for something and seek the necessary resources if you care about it.

The Five-Step Plan (13:59)

Andrew shares his five-step plan for changing careers, which includes creating a development plan with your mentor and filling in the gaps in your desired skill set.

In addition, Andrew shares a helpful tip he received from Nestle, which is that 70% of your learning should be learning by doing. 20% of learning is through relationships, while 10% should be through a course or learning program.

Getting In The Room (20:00)

Steve presses Andrew on what steps CISOs should take to get in the room. Andrew recommends ensuring people know who you are and your expertise.

If people don’t know you, you’ll never be able to prove yourself. That is the value of expanding your network.

What To Ask (24:47)

If you’re offered a board-type position, it’s essential to learn about the company culture and the CEO and review any incident reports that allow you to bring your expertise to the position.

Interview Questions (28:24)

Enterprise risk management is an excellent framework to focus on during an interview. Asking questions based on prior risks will reveal much about an organization, including red flags.

Andrew also reveals other red flags to look for in an interview. If companies don’t show change or progress with security, the work culture will be less desirable for a CISO. The worst cyberculture you could join is one where they won’t admit when they’ve experienced a breach.

Business Continuity Planning (37:20)

Business continuity planning is ignored a lot in cybersecurity because it is business driven. In Andrew’s opinion, cybersecurity should be separate.

Andrew and Steve discuss other business dynamics and what should or shouldn’t be the responsibility of the CISO.

Why Teaching (41:43)

Steve presses Andrew on why he teaches. Andrew likes to think it’s to give back, but he recognizes it’s a two-way street.

Andrew teaches deputy CISOS, CIOs, and executives seeking to transition into the CISO role. He has created his own lesson plans from scratch to give security professionals the highest value in their education.

The New CISO (47:55)

To Andrew, being a new CISO means seeing cyber security as a business enabler. This mindset can include expanding your network and learning what different people in the field do.


Quote: Well, I’m a strong believer that if we’re not constantly learning and growing and progressing, that we will become obsolete. The skills you were using five years ago are not the ones you’re using. And the same thing goes for five years from now. [00:50:30] They also talk about the jobs that our kids are gonna have don’t exist today. So whenever I have people reporting to me, I dedicate 10% of their time to learning and training, and growing so that they will develop the new skills and be able to take on those new things as they come.

Listen to the Podcast