At ADAPT’s CISO Edge, David chats with Peter Hind as they explore how a CISO can fully realise their toolsets, how to keep on top of security issues, and why he started his podcast.

Peter Hind:

David, you have a business as a content and social media influencer. One of the Kardashians who’s not even out of her teens is a billionaire in this thing. And yet you give it all up, or don’t give it up, but you set up a whole new business about CISO podcasts. What drew you? What was the catalyst to do that?

David Spark:

So the catalyst to start the CISO series, as I normally say, “CISO series.” But now that I’m in Sydney, I’m trying to adapt as the Australians do. Through my content marketing business I had a lot of security clients, and I would ask the inevitable question that a marketer would ask, “Who do you want to reach?” Every single one of them across the board says, “Oh, we want to reach CISOs.” To which I thought, well if all of my clients are saying they want to reach CISOs, I have to assume every security vendor is trying to reach CISOs as well. And through my research, I discovered that’s pretty much the case. And I also got to assume that these CISOs are overwhelmed.

We have this mutual dependency on each other, that the CISOs need security tools to secure their environments. And the security vendors need CISOs, as they are the ones that sort of control the purses.”

That they’re the ones essentially authorising purchase of security products. But, the imbalance happened when literally you’ve got 3,000 plus security vendors trying to hammer a single CISO, it becomes overwhelming. And that’s why it became so intense, that I realised there needed to be some kind of mediation, some discussion that’s going on. And that’s kind of what I see here at the CISO Edge conferences, we’re just doing it in podcast form. Same kind of idea.

Peter Hind:

But a topic like CISO covers, and I’m going to say, “CISO.” So you take me up on that. It covers such a breadth of topics, it’s so diverse, we’re getting different angles. How do you keep abreast of all the potential material that needs to be covered in something like that?

David Spark:

Well, I do a lot of podcasts, I’d say. The joke I always say is that, “I have zero first degree knowledge in security.

Everything I know comes from interviewing extremely smart people in security.”

And fortunately, I’ve had a lot of them on my show. Actually, I just found out from a listener the other day that he’s making one of my podcasts Defence in Depth a required listening for his students. Which is awesome! And also, I’ve heard that some security vendors, Tanium was one of them, in particular, that were required the CISO Vendor Relationship podcast to be required listening for the sales staff, for that matter.

The issue is, fortunately for me that this is such a rich topic that I can keep doing shows. So my answer is, it’s not something that scares me, it’s something that excites me because I never have a hard time coming up with topics for each episode. Because there’s just so much out there and the other thing I have to say is, our audience is so loyal to me, that I would say about half of the stuff that I get for every show at least comes from listener’s suggestions.

Peter Hind:

It’s just a reflection I suspect of how much the digital world embraces business in everyone’s life and the issues that arise from that sort of stuff. I was thinking here though that when you talk about this podcast, one of the things you mention is this disconnect between the vendors and the CISO community. And my experience is, one of the biggest challenges for CISOs is around change management. How you get people to embrace and utilise the toolsets that you’ve got. What sort of feelings do you have on how that issue can be addressed?

David Spark:

Well, change management is not something that’s isolated to just the digital world. Just think about it. It is hard for people to change behaviours period. There is an entire industry of weight loss out there, that is trying to get people to change the behaviour of how they consume food and exercise to lose weight. And that is a change management process in a way. So, security is the same thing. Not only is security about buying tools and applying them to your environment, to secure your environment but it’s also getting the people to change their behaviour of how they approach security and how they are secure about themselves and other things.

The number one advice that we hear on the show is, “How does this advice about being more secure, apply to you personally?”

So if you start talking about personal issues, how they become personally more secure. With their banking, with their private information, with their social media. Then they start to learn how that applies to the business and probably one of the best tips that we’ve ever heard on the show that my co-host back in the States, Mike Johnson and many others advises is, purchase a password manager for your entire staff for personal use. And that is probably the most aggressive move one can make to help them to understand their own personal security which will evolve to business security. But, that’s the big thing.

If you don’t make it personal to them first, they’re going to have a hard time understanding the value to the business.”

WATCH INTERVIEW

David Spark on Making Security Change Management Personal
Play Icon WATCH 05:31
Contributors
David Spark Host of the global “CISO/Security Vendor Relationship” podcast series
David Spark is a veteran tech journalist and founder of Spark Media Solutions. He’s been the creative director, producer, voice, and face... More

David Spark is a veteran tech journalist and founder of Spark Media Solutions. He’s been the creative director, producer, voice, and face of many content marketing campaigns for a number of Fortune 1000 B2B tech companies.

Since 1996, Spark and his articles have appeared in more than 40 media outlets including eWEEK, Wired News, PCWorld, ABC Radio, John C. Dvorak’s “Cranky Geeks,” KQED’s “This Week in Northern California,” and TechTV (formerly ZDTV). Spark is also the author of the book, “Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.”

In addition to traditional media, Spark spent ten years working in advertising at various agencies, the last being Publicis Dialog where he launched the company’s new media division. Spark also squandered more than a dozen years working as a touring stand up comedian, a San Francisco tour guide, and comedy writer for The Second City in Chicago.

Today, Spark blogs regularly on the Spark Minute. You can listen to his weekly tech and media podcast Tear Down Show and subscribe to his YouTube series Content Marketing Tips.

Spark is a noted speaker, entertainer, and moderator at tech and marketing events. He also offers training for moderating.

Less
Peter Hind Principal Research Analyst at ADAPT
One of the ICT industry’s foremost analysts and commentators, Peter Hind has spent over 25 years advising and talking on topics across... More

One of the ICT industry’s foremost analysts and commentators, Peter Hind has spent over 25 years advising and talking on topics across the technology industry. His primary areas of interest are the potential of technology to transform the way organisations operate, the change management obstacles executives encounter in realising this potential, as well as the tactics and techniques leaders have deployed to overcome these difficulties.​

With roles across IDC, Unisys, NCR, Sigma Data, and others, Peter now takes on multiple roles within ADAPT including the moderation of private events and roundtables, interviewing business executives about the strategies they are pursuing and assisting with the structuring of delegate surveys.​

Less
Security Compliance