Home / 

Podcasts / 

#5 It’s Not a CISO’s Job to Accept Risk, His Job is to Develop a Plan to Reduce or Prevent it!

Summary of the Podcast

Kyle Morris interviews Alon Nachmany, an accomplished cybersecurity and compliance executive. Alon has over five years of experience as a CISO and currently serves as a field CISO at AppviewX. The interview covers a range of topics including zero trust, artificial intelligence, data security, and board reporting.  

Regarding zero trust, Alon mentions that there are many misconceptions around the concept. His workgroup is developing best practices and documentation to clarify how organizations should implement zero trust. Alon stresses the importance of business enablement and architecture in cybersecurity. The CISO’s role is to make the compliance officer’s job easier by ensuring security in a way that enables the business. 

When reporting to the board, Alon recommends focusing on dollars and cents. The board cares about financial risks, not technical details. The CISO should express security risks in terms of potential costs to the business and present solutions with ROI calculations. The board can then decide the appropriate risk tolerance and budget based on financial impacts. Compliance is necessary but tedious at times. While audits can be challenging, working with compliance professionals has exposed Alon to interesting discussions and varying interpretations. Overall, compliance rules are written in “losses” and aim to protect stakeholders.

Alon sees potential for artificial intelligence to assist with compliance monitoring and testing. However, AI will not replace compliance professionals who provide opinions and judgments. When it comes to tackling security challenges, Alon believes each organization is unique and requires a case-by-case approach. For those interested in pursuing a compliance career, Alon advises preparing for challenging but interesting discussions with smart people. A passion for technology and theoretical conversations is key.

The SOC 2 Bible

Everything you need to know about compliance