Jul 28, 2022
On Cloud Security Reinvented, Orca’s cloud security podcast hosted by Andy Ellis, Advisory CISO, enterprise security leaders weigh in on cloud security trends and share their experiences working in cybersecurity.
Listeners get to hear insider perspectives on what’s changed since the emergence of the cloud, including some of the best and worst practices they’ve seen and experienced, and how these changes are impacting security.
One topic these cybersecurity leaders are passionate about is mentoring up and coming security practitioners and building the security talent pipeline. So without further ado, here are the best pieces of cybersecurity career advice from the CISOs who joined Andy in the first half of 2022 on Cloud Security Reinvented.
On a dead-end path? Find an in-demand opportunity and ‘own it,’ advises Nick Selby, Director of the Software Assurance Practice at Trail of Bits, (episode #12): “I would recommend that for people who are starting a career in information security or are at a turning point where they’re sort of saying, ‘I like information security, but I’m at a dead-end in the path I’ve chosen,’ find another one [path]. They’re out there. And there will be an opportunity because you will find something that really floats your boat and turns you on and you think is the cat’s meow that nobody else wants to do. Hey, it’s yours now. Just grab it and own it.”
Building a pipeline of security talent is something that Meg Anderson, VP and CISO at Principal Financial Group, takes seriously in her day-to-day work (episode #16): “I believe in building the future pipeline of talent, whether it’s a result of shifting security left and helping engineers understand where the security team’s coming from, or helping those that are specializing in security.”
Meg explains why investing in security talent today will help secure the innovations of tomorrow: “It’s just something that we need to do as a community and as seasoned CISOs to really make sure that we have the cybersecurity talent that we’re going to need in the future to make sure all these great things that we’re building operate safely and securely.”
“At the end of the day, security is really a business function that’s woven throughout the organization,” notes Dan Walsh, the Chief Information Security Officer at VillageMD, (episode #7). To lead in security, Dan explains the importance of feedback: “If you can understand these feedback loops, you’ll really understand how security works, and you’ll be a really good security leader, either on the security team or outside of the security team. It doesn’t necessarily have to be inside.”
Andy Steingruebl, CSO at Pinterest, (episode #17) shares how he helps mentor up and coming leaders in security to collaborate and build relationships. ”I try to coach younger engineers on the differentiator [of relationship-building] as you go up in level. It is less about your technical acumen and more about how well you can work with others to get things done.”
For more insights on cross-functional and team collaboration, check out 5 Collaboration Strategies from CISOs on Cloud Security Reinvented.
Nick Selby (episode #12) elaborated on the secret to his career. “If you are willing to go in and do the hard work and get things moving, then you are usually able to do it. Because, often, it’s something that either people don’t understand or it makes them feel icky. Or they understand, and they just don’t want to do it because they know that it’s going to be a lot of work.”
On the payoff, Nick explains how doing the hard work that no one else wants to do can help forge a brand new career trajectory: “If you’re willing to do that and let your passion be the guide and not worry too much about, ‘Well, where’s my bonus coming from this year?’ — If you’re willing to just forego the sort of normal things that people are unwilling to forego in a career, then you really can forge a new way forward.”
Ready for more security leaders dishing on their favorite cloud security stories and advice? Don’t miss the next edition of Cloud Security Reinvented to hear more expert advice from the enterprise frontlines. From CISO survival to best practices on cloud security, these security leaders know what it takes to run world-class security programs. Listen to any episode on-demand here, or download and listen using your favorite streaming platform: Spotify | Apple Podcast | Google Podcast
Want to see what you might be missing today in the cloud? With Orca’s free, no-obligation 30-day trial, you can get full visibility into your cloud environment in minutes and receive a complimentary assessment of your cloud estate risks. See how Orca’s cloud security platform can help you manage cloud risks in real-time and mature your cloud security program over time.