In our first episode of “CISO Platform Security Show”, our host and founder of CISO Platform Bikash Barai spoke with Joshua Corman, founder of “I am Cavalry” and a security veteran, who is extremely passionate about public safety in cybersecurity.
Talking about what built Joshua’s interest in cybersecurity, Joshua mentions that people think policies ruin technology. But an author “David Rice” in a book mentioned that software is becoming concrete today. Like steel and concrete are pervasive or ubiquitous structures. But they are invisible because they are dependable and reliable. No one sits fearing that the building you are sitting in will suddenly collapse.
Also, the failure rate in cybersecurity is 100%, everyone in the US has lost a credit card and despite spending lots of money on PCI compliance, 100s of fortune 500 companies have lost intellectual property and trade secrets. Due to espionage or other forms of hacking. So on a long enough timeline, you know, we can't actually secure things.
Also, if you take that failure rate and now that we're putting software in medical devices, in our cars and our bodies in our voting systems, public infrastructure, oil and gas pipelines, trains, airplanes, that failure rate won't be acceptable because we're going to have a very different consequence of failure.
So while Joshua does have a private-sector career, his passion is making sure that people understand the awesome responsibility that comes with cybersecurity as a profession. Because if the world is increasingly depending on digital infrastructure and it's not yet trustworthy or defensible, it falls to us to do our best, to not just protect our computers or our company, but also contribute to public safety as well.
You May Listen To The Podcast Below
- Learnings For CISO’s - Joshua talks about a few learnings for CISOs from his personal experience. He mentions one of the few things the CISO needs to do when they get appointed is planning the first 80-90days. And that should involve asking questions and learning and understanding the organization. Understanding the local language, the lexicon, and doing a high-level cap analysis.
- Presenting To Board Members - Joshua gives out a checklist for how to manage talking to the board when you are a new CISO. Says the board needs to be respected for their skill and experience and they should be told about your organizational priorities.
- Hacking - Talking about hacking Joshua says “Hacking is like magic, there are bad wizards like Voldermort and then there are good people like Harry potter. Depends on how you use it.”
- Preparing A Board Presentation -Joshua makes a point on preparing the board presentation, says one doesn’t get too many slides to make. So one needs to “really prioritize the salient points. The board has every right to ask questions and follow-ups, so sometimes one may want to prioritize the things that would provoke more questions, and they are inviting you to do it.
- Advice To CSOs - Joshua says “ know what you are good at, improve, what you're good at and bring your compliment and your skill and your talents to that, to make the world a better place sooner”.
- Getting Ready For Failure - Joshua talks about accepting failure, with reinforcement that all systems will fail. But one needs to know how to avoid failure. How do you tell it, tell the public how you avoid failure. And most important is what do you learn from your failure. And finally, how do you recover from it.