Join us for an exclusive preview of the engaging conversations and insights from RSA Conference 2024 with cybersecurity experts Sean Martin and Marco Ciappelli.
Guests: Jessica Robinson, Executive Officer of PurePoint International [@PurIntl]
On LinkedIn | https://www.linkedin.com/in/jessica-a-robinson-she-her-22740311/
At RSAC | https://www.rsaconference.com/experts/jessica-robinson
____________________________
Hosts:
Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/sean-martin
Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli
____________________________
Episode Notes
The RSA Conference 2024 is just around the corner, and our hosts Sean Martin and Marco Ciappelli are gearing up for an insightful and engaging on-location coverage of the event. In this second Chat On The Road to RSA Conference 2024 conversation with cybersecurity expert Jessica Robinson, we got a sneak peek into what to expect from this year's talk she will give during the event.
Now You’re in Role: The Fearless CISO
As a follow up to the talk last year at RSAC, attendees will learn the top three skills for success for any first time CISOs to advance and grow their cybersecurity program. This talk will be a discussion on what is most important as we start to really think about what is required for success in the CISO role as it directly relates to the success of the cybersecurity program.
The stage is set for an enriching dialogue on the nuances of the CISO role, cybersecurity programs, and the evolving landscape of cyber threats. Jessica Robinson, with her wealth of experience and fearless approach to cybersecurity leadership, promises to dive deep into the art of making possibilities a reality in the realm of cybersecurity.
Embracing Fear to Unlock Potential
One of the key themes that emerged from the conversation was the idea of embracing fear to unlock untapped potential. Jessica emphasized the importance of facing challenges head-on, advocating for cybersecurity programs, and pushing boundaries to drive meaningful change within organizations. By transforming fear into a catalyst for growth and innovation, CISOs can navigate the complex cybersecurity landscape with confidence and resilience.
The Art of Possibility in Cybersecurity
The theme of this year's RSA Conference, "The Art of Possible," resonates deeply with Jessica's approach to cybersecurity leadership. By infusing creativity, strategic thinking, and a proactive mindset into their roles, CISOs can redefine what is achievable in the realm of cybersecurity. The session with Jessica promises to offer valuable insights on how to leverage the art of possibility to advance cybersecurity programs and drive success in an ever-evolving threat landscape.
Joining the Conversation
As Sean Martin and Marco Ciappelli gear up for the RSA Conference 2024, they invite cybersecurity enthusiasts, industry experts, and professionals to join them on this enriching journey. The on-location coverage promises to capture the pulse of the conference, featuring engaging conversations, expert insights, and thought-provoking discussions on the future of cybersecurity.
With Jessica Robinson's fearless approach to cybersecurity leadership and the insightful conversations lined up for the RSA Conference 2024, this year's event is set to be a landmark gathering for cybersecurity professionals. Stay tuned for more updates, interviews, and coverage as Sean Martin and Marco Ciappelli bring you the latest insights from the forefront of cybersecurity innovation.
RSA Conference 2024 promises to be a platform where possibilities converge with reality, fear transforms into opportunity, and cybersecurity leaders pave the way for a secure digital future. Join us on this exciting journey as we explore the art of possibility in cybersecurity with Sean Martin, Marco Ciappelli, and a host of industry experts at RSA Conference 2024.
Be sure to follow our Coverage Journey and subscribe to our podcasts!
____________________________
Follow our RSA Conference USA 2024 coverage: https://www.itspmagazine.com/rsa-conference-usa-2024-rsac-san-francisco-usa-cybersecurity-event-infosec-conference-coverage
On YouTube: 📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS-B9eaPcHUVmy_lGrbIw9J
Be sure to share and subscribe!
____________________________
Resources
Now You’re in Role: The Fearless CISO: https://www.rsaconference.com/USA/agenda/session/Now%20Youre%20in%20Role%20The%20Fearless%20CISO
Learn more about RSA Conference USA 2024: https://itspm.ag/rsa-cordbw
____________________________
Catch all of our event coverage: https://www.itspmagazine.com/technology-cybersecurity-society-humanity-conference-and-event-coverage
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit: https://www.itspmagazine.com/redefining-cybersecurity-podcast
To see and hear more Redefining Society stories on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-society-podcast
Are you interested in sponsoring our event coverage with an ad placement in the podcast?
Learn More 👉 https://itspm.ag/podadplc
Want to tell your Brand Story as part of our event coverage?
Learn More 👉 https://itspm.ag/evtcovbrf
Now You’re in Role: The Fearless CISO | A Conversation With Jessica Robinson | A Deep Dive into RSA Conference 2024 | On Location Coverage with Sean Martin and Marco Ciappelli
Please note that this transcript was created using AI technology and may contain inaccuracies or deviations from the original audio file. The transcript is provided for informational purposes only and should not be relied upon as a substitute for the original recording, as errors may exist. At this time, we provide it “as it is,” and we hope it can be helpful for our audience.
_________________________________________
Sean Martin: [00:00:00] Marco. The car's packed in the shape of a plane.
Marco Ciappelli: Or a bicycle, or we can just walk it out.
Sean Martin: Well, let's walk. Maybe a train would be nice, I don't know. We've not taken the train to RSA Conference yet.
Marco Ciappelli: You know, what we used to get there is not important. We are on our way. You know, some kind of a road in the air or In the countryside or in the desert, doesn't matter.
We're getting there. And what we do when we get there, that's the fun part.
Sean Martin: We chat. That's right. That's right. We, so somewhere along the way, we have a journey, uh, chats on what we used to call the road, but chats on the road to RSA conference. Uh, and we're continuing this journey, uh, with a good friend who's been on the show before and does amazing things with, and for the community, including [00:01:00] presenting and engaging with the community at RSA conference.
I'm thrilled to have her on the show as part of our coverage for RSA conference. Jessica. Thanks. Thanks for being on
Jessica Robinson: Yeah, thank you for having me. I'm thrilled to be here. So it's really truly great to see you both again So yeah,
Marco Ciappelli: yeah, it's been a while for sure. So exciting. Yeah. Yeah We want to know what's been going on since the last time that we talked to you, which may be Maybe even too long.
How about What's going on since the last conference that you were at? The RSA conference.
Jessica Robinson: Um, it's been, it's been a busy time. You know, there's, um, I'm focused on right now, continuing to do the work of, uh, supporting companies and supporting them in thinking about how they can grow their cybersecurity program.
I've been working with CISOs and providing some advisory service and helping them in thinking about, um, Particularly if they're a first time CISO thinking about approaching the [00:02:00] role and also managing through some of the challenges within their business, but also having meaningful conversations with executives that are, um, that are in other roles about also thinking about cyber security.
And, um, and I'm really, uh, excited about what's to come. Um, some things that we have on the horizon for later on this year. So possibly a course and a couple other things, um, that I'm really excited about, um, that will come further down the line. So it's been really, really busy and I feel really grateful.
And I, I just feel, um, I just feel like it's really been a meaningful time, and there's been a lot of meaningful conversations around, um, the CISO role itself, but also how to continue to increase, um, um, I want to say kind of just confidence in, in what it means to take on the CISO role today.
Sean Martin: I'm going to take a detour.
Thanks for all that. You said something there that I want to, uh, [00:03:00] understand a little bit more. I see you soon. Talking to people in the role and then talking to others in the organization. I think something along those lines. Is it others in the organization that want to be in the role or want to better collaborate with the people?
People in that role.
Jessica Robinson: It's people in the organization that want to better understand cyber security and particularly how it relates to them in their role. So part of it really is also about helping them to also feel more confident about what it means, how cyber security impacts them. And how they can also better support cybersecurity.
So I would say it's kind of, you can look at it almost two ways. You could look at it as how can, you know, particularly me, um, if I'm on the side of, um, thinking about it from building a cybersecurity program, how can I best engage, Uh, executive management to better understand security and how it impacts them in a way where they can truly receive it and in a way where they feel engaged and they feel, um, like, [00:04:00] uh, they feel like, um, they can see about the, the, the program in a different way in terms of value.
Um, and also how they see their role in it. I think that, um, that's one of the key things that I, that I think is absolutely critical because I think for more mature organizations, particularly organizations that have strong governance and they've had the role and their organization for a number of years, it's a different kind of conversation than when you have an organization that has only had maybe one or two CISOs and they're still trying to figure it out.
Um, one of the things the CTO said to me, um, Quite a few times last fall is the CISO role is such a nebulous role, such a nebulous role. I can't really understand it. And you know, and so, and that's, that's, that person is not the only one. And so as much as, um, as much as I do talk about the CISO role itself and, and, um, also helping my focus is to really alleviate the challenges that security leaders themselves have about the CISO role.
One of the things that I've learned in this journey, is the importance of also [00:05:00] having a conversation with senior management so that they can better understand the CECL role too, um, and that they can be an actual ally for the role and for the cybersecurity program.
Marco Ciappelli: Is it more or less nebulous nowadays?
Yes.
Jessica Robinson: I feel that it is, you know, I think that It is less nebulous, but I think for those that have really not been engaged with, uh, or have been around the role itself or have had the role in their organization, uh, particularly for maybe people that lead that area, if they're CTOs or CIOs or COOs, and they've kind of had someone within the organization that has been responsible for security, but not a CISO.
themselves, um, then I think that it can be very nebulous because now the thing is, is you have someone who, depending on the industry that you're in, now has a responsibility to report, um, to senior management, you know, um, outside of just them, just that, that particular role. You have someone who is responsible to reporting to the board.
In some cases, you have [00:06:00] someone who is taking on responsibility that. can be quite challenging for someone, particularly if they don't fully understand the responsibility themselves. And so as much as we spend learning in the organization or in the industry around this work, it's so important to ensure that partners that are there working along beside us have their own set of, Continuous learning around this as well.
Um, and I think that that's, you know, really part of the changing nature of the CISO role. It's not even, I think it's one conversation to talk about a lot of the challenges that people talk about most, which is the regulatory piece, particularly the SEC and what we've seen there over the past couple of years.
But for me, it's really the conversation with executive management, because the executive management really I think, um, can really make the CISO role a comfortable place to be in an organization or very uncomfortable place to be, uh, for an organization simply based off their own level of knowledge and how to work with a CISO.
Um, so the more we can engage senior management as well, to [00:07:00] be able to feel more comfortable with the role, um, and to just allow a CISO to do what they're there to do, I think in many cases it can be a much better experience for CISOs overall.
Marco Ciappelli: It's less nebulous, but it's not a walk under the sunny sky either.
Sean Martin: Well, what it, what it says to me is that, and I don't know, we're kind of off on a little tangent here, but I love it because The, the role was nebulous. I think continues to be a little bit as well, but with, with that is a ton of ambiguity, right? So you can't pin down somebody. And then there's a lot of freedom as a CISO to do what you think is right.
And then a lot of trust in the organization to, to say, I hope they're doing what they're supposed to be doing. Um, So my question then is with, with less, I don't know what the right word is for, with it being less nebulous, um, does that, does that kind of frame the role in a way that maybe [00:08:00] gives the, the Cecil a little less freedom to navigate some of these uncharted waters, which the threats continue to be somewhat nebulous and certainly the regulations continue to be nebulous and technologies continue to be nebulous.
So I don't know, do these, Do these frames kind of, I'll say pigeonhole is a word I was thinking earlier as you were talking. Does a pigeonhole role, uh, to be less fluid, do you think?
Jessica Robinson: You know, I don't think so. I mean, I think to your point of a lot of freedom, I do think that there is a lot of room for freedom and creativity actually in the C SORL.
That's part of what I love about it, um, is that there is a lot of room to be able to do what's needed in order to be able to create what's needed in the organization. But I do think that, um, Um, that it does also take a lot of, um, I think the points that you're bringing up, particularly around the threats that are coming in.
I think it does take a particular attunement into those threats. So ensuring that there's a strong risk [00:09:00] process in the organization, that there are strong processes around, um, um, incident management and understanding, um, and also vulnerability management and being able to really understand what's happening in the organization.
And I think it's being able to understand how, um, you know, What's going on in one organization versus maybe another organization that someone has had experience in and really been able to tailor their strategy for that organization that can allow for, um, you know, I would say the freedom to do what they want to do to really grow the program, I think, is important.
So I think some of these things can be very nebulous. And to your point, yes, I think without a doubt, there's a lot of ambiguity. Um, and I think that, um, but I, I also think that that's, that's one of these, that's part of the challenging role of being a CISO is managing through all of that. Um, and I think that, um, you know, it's in the management of that, that, um, you know, where it can be extremely challenging, but I think the other side of the coin is it can also be, it can also create a lot of freedom.
So I do think [00:10:00] that there is a balance. Um, I think. I think the challenges is managing that balance, which can be very, very hard. And that actually goes into the talk that I gave last year at At RSA, it was really about the CISO role itself. How do we manage the fear? How do we manage what it means to take on this responsibility and navigate through the ambiguity that's there?
Um, and to, and all of these things that can feel very nebulous. And, um, and what does it mean to also be able to, um, stand in accountability or, uh, or responsibility, self responsibility and managing that, um, how we show up and how we hold our own selves, uh, what I call responsible versus, um, how others may, uh, try to hold us accountable.
Um, and, um, and, and also how we know ourselves, you know, where, where do we know where we are innately strong, where we maybe have innate gifts that we are bringing to the program, but where are also our, Our growing edges where we're not so strong and how are we balancing that out in the organization through the [00:11:00] partnerships that we develop, um, and also through the partnerships we create in the industry and the team that we build.
And so I, so that I think that, um, I think that's in some cases for a CISO where the art comes in versus the science to really, to really be able to move forward to and create success, um, in their role.
Marco Ciappelli: It's really cool. So last year was, uh, one of the top rated station. at RSA conference. So congratulations to that.
They obviously, obviously all our friends there called you back because they enjoy successful conversation. So how do you approach it differently this year? I know you have a co presenter, one friend of yours is going to be on stage and What can people expect? Let's say, it's not a, it's not a replay of last year.
So if I saw last year, can I come back and I see something different?
Jessica Robinson: Absolutely. And yes, you will see something different. Um, last year, [00:12:00] um, everything happened really quickly in terms of how I applied because I just, um, I saw that the, through the emails that the registration was coming to an end. And when I went to, I, I, I, the thought hadn't really even occurred to me to do it, but it's.
Something inside of me just said, you know, go ahead and apply, um, and to talk about the CISO role because I, I did feel that there was so much, so much energy around the fear around just being in the role. And we need really great people in this role. So I thought that it. It just seemed like there was kind of this calling to just talk about the role.
And that's that, and that's exactly what that conversation was. It was interesting to me to hear, to get into discussion with people afterwards. And they're like, Oh, you're, you're talking about leadership and you're talking about, um, you know, someone said to me, you're talking about politics, handling politics in the organization.
And I was like, really, that's what you took away. And I just thought that that was really interesting, uh, but I loved it. And I, in some ways that, that's true. That wasn't always, that was, I wasn't thinking about it in that way, but it was very, very true in many [00:13:00] cases. This, this conversation is about the cybersecurity program itself, not necessarily just about the CISO role.
So what are those core elements that go into a successful cybersecurity program that is extremely important? Um, and that no matter what, um, you want to make sure that you're thinking about. from a couple of different perspectives. And so, um, myself and Daniel Gorecki, who's going to be my partner in this presentation, we're going to talk a bit about that.
And so we'll both be sharing from our lens, um, as CISOs and to really kind of give context and also to share that every program is a bit different. I mean, obviously we create our strategies based off the risk assessment. So it's being able to bring in some contrast and be able to show, okay, If this is something that's going to, you know, if something's going to be a priority for you and, um, uh, within your program, this is, this is a way to think about it and a way to approach it.
Sean Martin: And is, is the goal, so I know I'm looking at the description you posted on LinkedIn, which I'll, we'll include the link to this in the show notes, but, uh, [00:14:00] it says you're going to discuss the top three skills for, uh, for CISOs to advance their program, advance and grow the program. Um, but also what it means to be successful.
Yeah. As it relates to the program. And it's under the context of being a fearless CISO. So I'm wondering, what about the fear, are you going to connect such that you can present those things? Do we, do we take, how do we get rid of the fear? Do we embrace the fear? What, kind of make that connection for me.
Jessica Robinson: Yeah. You know, I think the. Yeah. I think we've all been in situations and I think both in work and in life where we've probably been like, Oh my gosh, you know, there is this fear that's welling up. And I think I'm thinking of a first time parent, maybe when they see, when they finally see their child for the first time, you know, there could, there's just some, I have not had that experience because I'm not a parent, but I can imagine that that's just completely overwhelming.
And I've heard people talk about it. [00:15:00] Um, and, um, and when you think about it from a work perspective, I think, uh, no matter kind of what your role is, you know, being a leader, we know has its challenges and it can be really hard, right? It's that, that thought of it's, it could be, it could be extremely lonely situation when you're, when you're kind of at the, kind of at the top or the boss.
Um, and there's, when you're a CISO, I think that that can be very much, um, I think it can be enhanced and elevated because you're constantly really advocating for the program. Um, and you're advocating for what's needed. And a lot of times that can go against the business. Even though you're always supporting the business, it can go against some business interests.
And so it's constantly a bit of a challenge. And so there's no doubt at times, I think, just to speak your truth, just to be able to do what you're actually required to do for the role can, can bring up fear. Um, and I've talked to CISOs about this where they, they're just basically trying to do the basic aspects of their job and you know, [00:16:00] just, they're just sitting there and they're kind of shaky.
And I know that because I've had that experience. I've gone into meetings where I've been shaking and I've just had to kind of calm down. And so I've had to develop ways for myself to be able to manage my own self going into a meeting. And, um, but at the end of the day, you know, when you're constantly facing fear every day through conversations, through advocating for yourself and through the program, um, you know, that it's through and it's through that process where I think you do start to be able to build a great program.
Um, I think sometimes where, um, I think sometimes Where CISOs back away from that, you know, maybe courage isn't as strong or, um, something happens that causes someone to step back and maybe, um, maybe not state the thing that they wanted to say or that was coming to them to say, I think that's sometimes where challenges can start.
So, um, because You know, when you, uh, you know, I, I think that it's really important to always be the an [00:17:00] advocate for the cybersecurity program and that we're always there advocating for the program itself. Um, and that we always kind of have to do, we have to have, we have to kind of have that front and center.
Despite some of the challenges that come up within an organization. So, um, but how do we do that? And so we'll talk a bit about that, but yeah, managing that fear, um, and embracing that fear to your point is, is absolutely key. And there are multiple different ways to do this. Um, um, but the, I think the part, one of the key things is, you know, which I do, you know, kind of say is it, is, I, I do think it's part of the role.
Um, and I, I think I have heard a couple people when they're speaking say they haven't experienced it. And I think that that's. That's fine but I think, and I think that people have a wide spectrum of ways that they experience the CISO role. Um, and I, I think that for those that do experience it, and I think every role is different, so I think part of it could be they just haven't experienced it yet.
Um, but for those who have experienced it, it can be quite overwhelming. So, uh, but that can't paralyze you [00:18:00] from actually, from stopping, um, and not doing what you actually need to do To be able to move the program forward. So, um, and if there are, and what are those risks that, what are those personal risks that you're going to take, um, to push a program forward or to challenge senior management on why something should happen?
And what, and what are things to think about when you, if you're doing that? And so we'll, we'll talk a bit about a bit about that and why, no matter what, there are certain areas they kind of have to be able to push forward on to be able to have a successful program. Some of these things may feel like, yeah, well, we know these things, but it, but in some cases it's, well, and when you're in it.
Um, um, it, you know, if you're in it and you, uh, it can feel almost like it's easier and safer to back away than to continue to push forward. And so the key thing is to, to remember to keep pushing forward.
Sean Martin: I heard two magic words there, Mark, I'll let you go. I heard paralyzed and stop. I was half expecting to hear, hear those words.
Um, is personally paralyzed, which, which then impacts and [00:19:00] perhaps even stops the program. Thank you.
Marco Ciappelli: Well, after you brought us down with that, I was going to bring us up because I want to mention the theme of the conference this year, as this is one of the first conversations that we have on our chats on the road.
And this year is the Art of Possible. And so I'm announcing to Sean that The tradition this year will be to ask to all our guests, uh, how they, how do you interpret this theme, the art of possible? What does it mean to you and everybody? I'm hoping it's going to have a different answer, but it's your turn to get it started.
Jessica Robinson: Yeah. Yeah. You know, when I think about what's the art of possible, the first thing that comes to me is creativity and creating something new. Being able to create something that, uh, that maybe hasn't been done before in a particular, in a particular way. Um, and for me, um, that, that is kind of how I see these series of talks.[00:20:00]
Um, and I think part of that is because the narrative of my own story and how I I came into the CISO role is very different. So how I approach thinking about this is, is different. And I think, um, and I do think that I tend to take risks, um, and I look at risks differently, particularly interpersonally, because I'm, I'm, um, I work as a consulting CISO, not as an FTE.
So, um, the way that I think about the role is different. And so I, when I think about the art of possibility, I think about what it means and what it can be and how wonderful it could be if more people saw this role from that perspective. Um, and, um, were and felt, um, maybe, um, that sometimes the, the, the, the, the fear that they have when they're sometimes in the role, or even just sometimes the dissatisfaction when they have, um, um, how that can be viewed from a different perspective just, um, by looking at it differently.
And, and that's really part of the intention and really a huge intention for why [00:21:00] I, I, It's why I really feel the need to follow the call of speaking on this topic and, um, and I, um, and I think that that's just an important perspective to, to be able to not just have, but to, but to share with others.
Sean Martin: Nice one.
Transforming fear into. into, uh, possibility potential. Nice one. Nice one. Well, Jessica, it's always a pleasure. Marko, did you want to say something? No. All
Marco Ciappelli: right. No, I'm good with this.
Sean Martin: I know. Great answer. Thank you. Well, this is, uh, I'm, I'm excited to hear, uh, That it was yet another, uh, top rated session.
It's, uh, now you're in the role of fearless CISO. It's on 6th of May, 2. 20. It's part of the professional development, personal management track. And, uh, you and Daniel are going to [00:22:00] rock it. No question. No question. And then, uh, hopefully we'll see you, uh, physically on location in San Francisco. Marco and I will be there.
We'll be in the broadcast dolly. We'll be chatting with friends, making new friends, and capturing as many stories as we can. And we're thrilled to capture yours, and Share with our audience and hopefully they'll they'll join you there for your session. Yeah And follow us on our ongoing journey as we continue our chats on the way on the road on the way whatever to RSA conference Are part of our on location?
Coverage with Sean and Marco. Lots of stuff going on, and we appreciate you, Jessica, all that you do, and I wish you great success with your, with your
Jessica Robinson: session. Thank you so much. Yep. Wishing you a great chat, um, conversations on the way to RSA. Thank you so much for having me on. This has been a lot of fun.
Marco Ciappelli: Yep. Absolutely. See you there, and hopefully we'll [00:23:00] see a lot of you people, and if you don't, if you're not going to RSA conference, we'll bring you there anyway.
Sean Martin: That's right. Top of the trunk. Yep. On the roof. Tuning the radio. The bike rack. You're welcome.
Marco Ciappelli: See
Sean Martin: ya everybody. Autonomous cars. Alright. Thanks everybody.
See you on the next one. Thanks Jessica.