logo
episode-header-image
Dec 2021
41 m

Keeping Security Simple with Johanna Bau...

MISSION
About this episode

There is a lot of conversation among IT security leaders about engaging the workforce in order to mitigate threats. But how do security professionals actually win people over to their side? Many employees are willing to comply but what can be done to really get through to those that are resistant? Johanna Baum, the CEO and Founder of S3 (Strategic Security Solutions), contends that to enact change, leaders must involve those that are most reluctant to go along with security protocols — especially the person still keeping their login password on a post-it note on their computer. In order to change the security culture of a company, Johanna suggests seeking out the person at a company who is least likely to comply.

Main Takeaways

  • It Comes Down to the People: There’s always going to be a security tech stack. A security platform and relevant apps will help reduce threats. But, fundamentally, people are still required to act with any given platform or system as part of the security solution. Furthermore, employees also need to engage in secure behaviors that reduce the overall risk to the company.
  • Involve the Malcontents: Cultural change concerning security is only as strong as the weakest link. Leaders must seek out the malcontents in order to engage them in the process. Leaders must put employees who are reluctant to accept security protocols in situations where they can test out measures and be part of the solution. 
  • Keep Security Simple: Because there are so many security threats, there can be a tendency to assume risk mitigation must be very complicated and beyond human capacity. Although artificial intelligence and automation can certainly be helpful to thwart so many threats, there are also really simple things people can do on their own to embolden security. For instance, this can be as basic as ensuring people log out or use effective passwords. On a company-wide level, it can be as elemental as making sure there is an up to date list of all the users at the organization.

IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform

Up next
Today
Turning 90 Years of Data into AI-Powered Insights
Discover how to turn decades of data into a competitive edge, build lasting customer relationships beyond the first click, and apply AI in ways that truly drive impact. Joining us is Vineet Mahajan, CTO of US News & World Report, who shares how he’s led the 90-year-old brand thro ... Show More
37m 3s
Jun 26
What IT Leaders Can Learn from How the Government Buys Tech
IT leaders in regulated industries know the pain of navigating outdated, slow procurement systems – especially when critical missions depend on modern tools. In this episode, Bryana Tucci, Lead of the AWS Marketplace for the US Intelligence Community, shares how government agenci ... Show More
44m 4s
Jun 5
AI in Content Management | Opportunities and Challenges
Feeling buried under content chaos? You're not alone. Ravi Singh, President and Chief Product Officer at Brightspot, joins us to break down how IT leaders can regain control, cut through AI-generated noise, and build scalable, secure content systems. He shares the secrets behind ... Show More
52m 56s
Recommended Episodes
Dec 2021
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You ca ... Show More
49m 21s
May 2024
Creating a Security-Minded Culture
In this podcast, I enjoyed talking with Chirag Shah, Model N's Global Information Security Officer and Data Privacy Officer, about creating a security-minded culture. Infusing a security culture within organizations starts with leadership buy-in and support. Chirag highlighted th ... Show More
39m 50s
Mar 2024
2820: The Cyber Insurance Equation: Risk, Responsibility, and Readiness
In today's digital landscape, the role of cybersecurity within organizations is more critical than ever. As businesses navigate the complexities of protecting their data and infrastructure, the Chief Information Security Officer (CISO) stands at the forefront of this evolving bat ... Show More
36m 29s
Jun 2022
Privacy is a moving target. Here’s how engineering teams can stay on track.
 Ever since personal information started flowing into applications on the web, securing that information has become more and more important. General security and privacy frameworks like ISO-27001 and PCI provide guidance in securing systems. Now the law has gotten involved with t ... Show More
26m 52s
Nov 2023
Cybersecurity
Dr. Eric Cole's latest episode of "Life of a CISO" delves into the importance of reflection and gratitude in a cybersecurity professional's journey. He highlights the tendency to focus on the next challenge without acknowledging past achievements. Dr. Cole emphasizes the value of ... Show More
24m 34s
Dec 2021
#497: Enabling Business Through Security
How does building in the cloud make it easier to achieve positive security outcomes? What role does security culture play and how can the department of no become the department of yes? In this episode, Simon speaks with Paul Hawkins from the Office of the CISO at AWS, to answer t ... Show More
30m 22s
Feb 2023
Implementing and achieving security resilience. [Research Saturday]
Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilien ... Show More
20m 14s
Feb 2022
111: ZeuS
ZeuS is a banking trojan. Designed to steal money from online bank user’s accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever. SponsorsSupport for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or ... Show More
48m 35s
Oct 2018
099: Passwords - A Smashing Security splinter (replay)
With Carole in the wilds of Canada, and Graham knee-deep in a security conference in Glasgow, we drag an episode out from the archives of February 2017 - looking at the thorny subject of passwords. Join computer security veterans Graham Cluley, Carole Theriault, and Vanja Švajcer ... Show More
16m 45s
Listen to millions of songs and podcasts on Anghami