#117 - Good Governance (with Sameer Sait)

Has bad governance given you trauma, boring committees, and long speeches on irrelevant issues?  Today we are going to overcome that by talking about what good governance looks like.  We bring on the former CISO of Amazon Whole Foods (Sameer Sait) to discuss his lessons learned as a CISO.  We also highlight key topics of good governance found in the Cyber Security Profile from the Cyber Risk Institute.Cyber Risk Institute - Cyber Security Profile https://cyberriskinstitute.org/the-profile/Full Transcripts: https://docs.google.com/document/d/1vBM6A0utvhRFMA04wzrZvR8ktNwYo-li Chapters 00:00 Introduction 03:10 Good Governances is a Good Thing, Right? 05:08 Cyber Strategy & Framework 06:43 Is NIST the Same as ISO? 08:40 How to Convince the Executive Leadership Team to Buy In 11:19 The CEO's Challenge is Taking Measured Risk 20:05 Is there a Cybersecurity Policy 22:32 Culture eats Policy for Lunch 24:14 The Role of the CISO 27:52 How do you Convince the Leadership Team that you need extra resources 29:51 How do you Measure Cybersecurity? 32:22 How do we communicate Risk Findings to Senior Management 36:07 Are you Aligning with the Audit Committee