CyberWire Daily – November 28, 2024: Solution Spotlight Featuring Lee Parrish, CISO of Newell Brands
Host: Simone Petrella
Guest: Lee Parrish, Chief Information Security Officer (CISO) at Newell Brands and author of "The Shortest Hour: An Applied Approach to Boardroom Governance of Cybersecurity".
Introduction
In this special edition of CyberWire Daily, Simone Petrella engages in an insightful conversation with Lee Parrish, the CISO of Newell Brands and author of the newly released book, "The Shortest Hour: An Applied Approach to Boardroom Governance of Cybersecurity". The discussion delves into Parrish's approach to leadership in cybersecurity, team building, relationship management, and navigating emerging SEC regulations.
Leadership Philosophy in Cybersecurity Programs
Timestamp [03:33]
Simone opens the conversation by exploring Lee Parrish’s leadership philosophy in developing effective cybersecurity programs.
Lee Parrish: "The true differentiator in a cybersecurity program then lies in its people... selecting people who are curious and people who like to dive into unintended use cases for technology... It's all about making sure they're engaged, they're doing work that they find challenging."
Parrish emphasizes that while technological tools and frameworks are universally accessible to CISOs, the people behind these programs create the unique value and effectiveness of a cybersecurity strategy.
Team Building and Hiring Strategies
Timestamp [05:20]
The discussion transitions to the challenges of building a cybersecurity team, especially under budget constraints and the perceived shortage of experienced professionals.
Lee Parrish: "I seed the team with three, four cybersecurity experts... and then the rest of the team I fill with people who... don't have a lot of experience in cybersecurity, maybe they don't have any experience... But it's all about professionalism and curiosity."
Parrish outlines his strategy of balancing seasoned experts with less experienced but highly curious and professional individuals. This approach fosters innovation and adaptability within the team while optimizing budget allocations.
Security Relationship Management
Timestamp [18:00]
Simone shifts the focus to Security Relationship Management, a key theme in Parrish’s book, highlighting the importance of building robust relationships with peer executives and stakeholders.
Lee Parrish: "If you're not tracking those and understanding the key stakeholders and the interactions that you have with those folks, you're not going to be successful."
Parrish shares his personal journey of realizing the necessity of relationship management early in his career, leading him to pursue an MBA to better communicate and align cybersecurity initiatives with broader business objectives. He developed a structured program to track and nurture relationships, ensuring effective collaboration across the organization.
Navigating SEC Regulations and Materiality
Timestamp [23:12]
Simone brings up the evolving SEC regulations regarding the disclosure of cybersecurity breaches, probing Parrish’s perspective on their impact.
Lee Parrish: "I think it's a positive step in the right direction... it's no longer enough to just say you have it. Show me how you have it."
Parrish likens the new SEC requirements to a teacher asking students to show their work in math class. He acknowledges the initial challenges and ambiguities, especially around defining materiality, but views the regulations as ultimately beneficial for enhancing transparency and accountability in cybersecurity practices.
Recommendations and Takeaways
Timestamp [14:41]
In response to strategies for integrating effective cybersecurity program development, Parrish advocates for a proactive, strategic approach akin to the "Moneyball" philosophy.
Lee Parrish: "You should already know what it is that you want, who you're going to talk to, and kind of know how much you're going to pay."
He recommends creating a quad chart to prioritize essential skills and identify gaps within the cybersecurity team. Engagement with other executive leaders—such as CFOs, CIOs, and HR heads—is crucial to ensure that cybersecurity strategies are aligned with overall business goals and that resource allocations are optimized.
Building and Maintaining Key Relationships
Timestamp [31:08]
Parrish highlights the pivotal role of maintaining strong relationships with general counsel and other key executives.
Lee Parrish: "One of my deepest relationships across the board... has been with general counsel. You're talking a lot, you're sharing ideas. You really need to."
These relationships are instrumental in navigating regulatory landscapes, such as SEC disclosures, and ensuring that cybersecurity initiatives are well-supported and understood at the highest levels of the organization.
Conclusion and Book Promotion
In wrapping up the conversation, Simone commends Parrish on his contributions to the field and his new publication.
Simone Petrella: "Thank you for taking some time to share your experiences... Where can someone go get their hands on a copy of The Shortest Hour?"
Lee Parrish: "It's available at all the favorite booksellers like Barnes and Noble, Amazon, and directly through Taylor and Francis."
Simone encourages listeners to explore Parrish’s book, which provides valuable insights for both new directors and existing CISOs aiming to enhance their boardroom governance of cybersecurity.
Key Takeaways
-
People-Centric Approach: The effectiveness of cybersecurity programs is significantly influenced by the team's composition and the individual attributes of its members.
-
Strategic Hiring: Balancing experienced experts with curious and professional newcomers fosters innovation and efficiently utilizes budget resources.
-
Relationship Management: Building and maintaining strong relationships with key stakeholders, including general counsel and other executive leaders, is essential for successful cybersecurity governance.
-
Navigating Regulations: Emerging SEC requirements for cybersecurity disclosures, while challenging, are a positive step towards greater transparency and accountability.
-
Proactive Strategy Development: CISOs should adopt a proactive, strategic approach in program development, akin to the "Moneyball" methodology, to effectively address skill gaps and align cybersecurity initiatives with business objectives.
For more insights and expert discussions on cybersecurity, tune in to future episodes of CyberWire Daily.
![Solution Spotlight: Simone Petrella talking with Lee Parrish, CISO of Newell Brands, about his book and security relationship management. [Special Edition] - CyberWire Daily cover](/_next/image?url=https%3A%2F%2Fmegaphone.imgix.net%2Fpodcasts%2F58ab7ae0-def8-11ea-b34c-b35b208b0539%2Fimage%2Fdaily-podcast-cover-art-cw.png%3Fixlib%3Drails-4.3.1%26max-w%3D3000%26max-h%3D3000%26fit%3Dcrop%26auto%3Dformat%2Ccompress&w=1200&q=75)