Becoming a CISO w/ Accidental CISO

With us today, is a very special guest, Accidental CISO, of Twitter fame. His anonymity on Twitter, allows him to be a little more “truthy” about the CISO game than a lot of us can afford to be on social media. We have distorted his voice a bit to protect that anonymity. “Accidental” shares how he got into cyber, and that is a culmination of being in a career where he had to fill “all” the hats. He stepped away from his CISO role a few years ago and is now in consulting where he has the opportunity to help other people realize they need to build security programs when they have never done it or know how. How did he become the “Accidental CISO”? Simply by trying to help during the course of going through an audit. They had to identify who was the CISO, and he made the mistake of asking who the security officer was for the company. The answer was, “That’s you.” Accidental CISO doesn’t think becoming a CISO accidentally is all that uncommon. When going through audits, etc., someone has to be named, someone ends up drawing the short straw. The role is different than what people think. You can draw on your technical background, but you have to be able to focus on the “why” for the business and all the nuts and bolts that come with it. One must understand this is not a technical role. Allan shares his pivotal moment in becoming a CISO and realized all he had to do was recognize the business as the system he was hacking. When Allan asked Accidental CISO about guidance for building a team and getting started, Accidental had one word, “Pray.” In reality, you need to know the skills you need. Allan and Accidental CISO discuss “selling the functions”. It is tied to the business objectives in so many ways, and companies need a human to seal the endpoints. As they close this discussion loop, Accidental shares how to get the practice off the ground and the importance of relationships. Sometimes, believe it or not, not having all the knowledge and knowing all the details is a benefit. In addition, being the first CISO for a company is all about educating, communicating and painting a picture. And of course, Accidental CISO answers Allan’s final question, “Why are you motivated to get out of bed and do more of it?” Key Takeaways 0:30 Introduction of Accidental CISO of Twitter fame 1:37 How Accidental CISO got into cyber 2:14 Accidental CISO talks about his day job 3:33 The background of Accidental CISO 4:49 The security tool Accidental CISO embraces 5:20 Accidental CISO is not an uncommon “thing” 6:37 Advice to becoming a CISO 9:28 Allan shares a pivotal moment 10:15 Guidance on building and getting a team started 13:58 Selling the functions 16:55 Getting the practice off the ground 20:13 Importance of relationships and letting go 22:24 Being “their” first CISO 26:47 Building a security council 27:49 Why Accidental CISO is motivated to get out of bed each day and do more of it Links: Learn more about Accidental CISO on Twitter Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius