CISO's Guide to Making Friends: How to Engage IT for Cybersecurity Initiatives
Manage episode 341780511 series 3052259
Engaging IT and other technical stakeholders to support cybersecurity initiatives can be a daunting task for security professionals. We are often the bearers of bad news or can be perceived as adding to the workloads of already overburdened IT teams. In short, it can be hard to make friends.
Join us for this episode of the CyberPHIx podcast where we hear from David Jones, Director of Information Security for RxBenefits, Inc.
David has held leadership roles in security, infrastructure, engineering, and networking for a variety of organizations inside and outside of healthcare. He has lived through security program implementations and learned how to work across IT functional groups to break down barriers and achieve mutual objectives.
David provides practical insights and guidance for making friends with various IT groups and teams to reduce cybersecurity risks while advancing IT objectives.
Topics covered in this session include:
- Explanation of the different technical stakeholder groups that security most commonly needs to engage in support of the delivery of security programs
- How to prevent and resolve tension between security teams and server admins, network engineers, help desk, development teams, and more
- Best practices for engaging server admins and engineers through common security functions such as patching and configuration management
- Network administrator touchpoints with security and ways to communicate effectively
- Strategies for embedding security resources with infrastructure teams and vice versa to improve collaboration
- Leading practices for engaging software development, DevOps, and helpdesk teams
- How to manage audit fatigue and coordinate efficient audits with IT groups
- Industry resources including conferences and training sources for emerging security and IT personnel
99 bölüm