Executive Cybersecurity with Dave Tyson

Dave Tyson

One of the industry's most decorated CISOs, Dave Tyson served at SC Johnson, Pacific Gas and Electric, and led eBay's security, all before taking on his role as president of Apollo Information Systems. Executive Cybersecurity is Dave's direct conversation with boards and executives about how to handle the challenges they face as an organization and their role in building a culture of security in everything they do.Short and practical, Executive Cybersecurity with Dave Tyson gives you direct access to the latest in cybersecurity thinking and strategy.

Episodes

  1. 02/13/2024

    Steering Through Uncertainty: A Board Chairman's Journey in Governance and Cybersecurity

    Dave's  latest conversation with Meghan Juday, the Chairman of the Board at IDEAL Industries, charts a course through her extraordinary ascent from pre-med uncertainty to corporate governance advocate. As technology entwines itself ever more intricately with the fabric of business, the specter of cyber threats looms large. Meghan and Dave dissect the importance of fortifying cyber defenses within the boardroom, not just the server room. This episode delves into the stark reality of legal repercussions for cybersecurity lapses and the imperative for directors to continuously arm themselves with knowledge. They shed light on the unique vulnerabilities of smaller enterprises and the pivotal role industry support plays in elevating cybersecurity expertise across boardrooms everywhere. The discussion spotlights the pressing need for boards to evolve, drawing in digitally native and deeply focused directors who can navigate the multifaceted risks of our age. From the potential of CISOs in the boardroom to the art of risk communication, our dialogue emphasizes the intricate dance required in governance—one that fosters a culture of transparency and support.

    59 min

  2. 10/05/2023

    Cybersecurity and the Law: A Conversation with Joe Sullivan

    In a time when the regulatory landscape is evolving faster than ever, Joe provides invaluable insights for organizations to stay up-to-date with navigating the perilous landscape for security leaders. Drawing from his extensive experience training law enforcement across the globe, as well as his personal experience around the legal fallout of the Uber data breaches, he highlights the importance of regulators keeping up with the latest technologies.  Joe lays emphasis on the need for security leaders to effectively communicate technical risks to non-tech-heavy audiences, firmly establishing themselves as trust-builders within their organizations. Joe talks about the symbiotic relationship between the public and private sectors in cybersecurity. He underscores the challenges in transitioning between these sectors and the crucial role of information sharing and standardized risk-management frameworks.

    1h 7m

  3. 05/27/2022

    Easy Cybersecurity Framework for Boards

    By focusing on the Crown Jewels of the organization and adding robust security intelligence about real threats the appropriate metrics and measurements can be defined that enable a superior cyber security governance and decision-making framework.In many industry verticals now, good cyber security is considered “table stakes” but truly focused cyber security excellence is used as a business differentiator for many, and can provide business competitive advantage, which drives customer and employee trust.Cyber attacks are a business with typical business goals, understanding and monitoring these trends and changes is instructive for managing cyber security business risk. Measure risk by business unit in your framework.Build security metrics and performance dashboard based on crown jewels protection and business priorities, not IT activity.Most poor security circumstances are a result from a business decision made, either with or without risk understanding. Bring transparency to those business decisions and ensure the risk taken on aligns with executive guidance. Track decision-making performance versus risk over time.Track and measure risk creation and expected mitigation by the leader, align expected risk resource allocation and results to performance pay metrics.Disconnect from the idea that security tools by themselves will solve your problems, you need good processes, policies, communication, and aware employees and contractors to create an environment where security tools can create their value.Security capabilities are created every day that can greatly reduce business cyber risk but are rarely implemented because innovation dollars are assigned elsewhere, and risk strategy is stuck in traditional thinking. Real expertise can break the logjam.Much of the industry is, not surprising, invested in just selling you more……. recognize what this is and ensure your spend decisions are actually reducing risk specific to what matters the most.

    13 min

  4. 05/20/2022

    Handling Cybersecurity Risk

    Boards should engage and take an active role in cyber security governance: The expectations of private and public board members in governing cyber security risks in under more scrutiny and legal and personal liability benchmarks are evolving.Disengaging cyber security from compliance requirements reporting is critical in understanding cause and effect in cyber security.Cyber security is a business issue, not IT, embed cyber security deep into the business and the protection of the business crown jewels.Boards should focus on getting the right metrics reported to them that clearly articulate cyber risks to business priorities in business context, they should reject tactical conversations.Disconnect traditional funding models from Cyber Security conversations, establish how much risk is acceptable and the risk/threats brought on by business decisions, then align strategies to those decisions or accept the new risks. Doing nothing delivers the latter.Spend the time to get advanced security threat intelligence that can refine your understanding of the real risks that face your specific organization, inform the right security strategy, and enable the business to act boldly where risk is low.Leaving cyber security to IT, sticking cyber security in the audit committee purview, and giving the topic 10 minutes on a quarterly management agenda pretty much ensures you will be a victim – that may sound blunt but its backed by a lot of hacking incident data.You do not have to spend a fortune to protect what is important to your organization – you would be surprised how much inefficient and ineffective security spend exists inside organizations, but strategy and clear tone from the top will be needed to break log jams when trade offs need to be made.Business strategy dogma often creates business plans without cyber security considered, then the business complains cyber security says no or is in the way – solution, put them in the total conversation so they can ensure they find the safe way on how to achieve the business goals.

    11 min

  5. 05/13/2022

    Cultivating Experience in Security

    The number one reason why cyber security programs fail is the business is misaligned or completely missing cyber security strategy.How much you spend on cyber security does not reflect the level of your protection, it is how and what you focus on and the expertise it is executed with.The amount others spend does not inform your comparative protection with others’ level of protection. – Gartner 2021 (Benchmarking is not a good comparison)Get a real cyber security pro who is ruthlessly focused on the business’s success, and protection, IT, compliance, and privacy will follow as a byproduct.Do not expect IT to solve this issue, Cyber is a business issue and must be located there to effectively develop the right strategy.Cast out all turf, sacred cows, and organizational limits – align cyber priorities directly with business decisions and priorities – in the same breath as a major business decision, the cyber risk issues should be a strategic component.The right advisor can cut through the noise, get rid of the IT speak, and align your security strategy directly to the business – it's business expertise combined with cyber security understanding that creates the right strategic thinking and advice.The board’s role should focus on strategic goals, to do this, they need to have clarity on the investment worth crown jewels of the company and the realistic threats against them.Hackers love budget restrictions, project delays, and other business decisions that make it easy for them to hack you. Your strategy needs to be dynamic and support daily decision-making on changing risk issues.

    13 min

  6. 05/06/2022

    What the Board Needs to Know About Cybersecurity

    The cybersecurity industry, as a whole, is invested in selling solutions that reduce the most general security issues, not solving your company’s specific problems or the problems that will hurt you the most! So there’s a lot of snake oil--or maybe not snake oil, but solutions that don’t fit the problem. Maybe they are over-engineered, or maybe they don’t do what they’re supposed to. So executives and board members need to look out for that. How do they navigate this, then? What should they do? Let’s focus on the board here. Because, really, the board has a different role here then the business leaders within the organization. What is the board’s role in finding the right cybersecurity advisor or solution?

    11 min
  • 6 Episodes

About

One of the industry's most decorated CISOs, Dave Tyson served at SC Johnson, Pacific Gas and Electric, and led eBay's security, all before taking on his role as president of Apollo Information Systems. Executive Cybersecurity is Dave's direct conversation with boards and executives about how to handle the challenges they face as an organization and their role in building a culture of security in everything they do.Short and practical, Executive Cybersecurity with Dave Tyson gives you direct access to the latest in cybersecurity thinking and strategy.

Information