Join Gartner experts Eric Grenier and Chris Mixter on this episode of CISO Edge for a conversation on the steps that CISOs must take to close the gap between prioritizing employee productivity and cybersecurity in end-user device management.

Eric Grenier is a Director Analyst with Gartner, focusing on endpoint security including endpoint protection (EPP) and endpoint detection and response (EDR). Eric’s research and advisory supports clients implementing EPP and EDR tooling, securing endpoints and using tools like unified endpoint management (UEM) and strategies such as bring your own device (BYOD) and bring your own PC (BYOPC) that allows users to remain productive from wherever they work and be secure. In addition to his work at Gartner, he is also a professor at Central Connecticut State University.

Join Gartner experts Chris Mixter and Bart Willemsen for a conversation on the steps that CISOs must take to evolve their role in privacy from merely supporting compliance to improving cyber risk management.

This episode of CISO Edge Podcast explores the role that privacy can play in accelerating cybersecurity’s priorities:

• The five questions smart CISOs ask to focus their privacy efforts. (4:30)
• How to counteract “data hoarding” with a tool already at cybersecurity’s disposal. (8:30)
• This month’s obligatory GenAI-focused conversation. (12:10)
• How CISOs can use privacy legislation to their advantage. (17:10)
• Where to use privacy-enhancing technology to enhance cybersecurity. (25:20)

Bart Willemsen is a Gartner VP Analyst with focus on privacy and related challenges in an international context, as well as on ethics, digital society, and the intersection of these disciplines with modern technology including AI. He has a broad, in-depth history of experience, and was among the earlier Fellows of Information Privacy (FIP), and has held accreditations like CIPP/E, CIPM, CISA, CISM, bringing proven and multidisciplinary best practices to our worldwide clients. Before Gartner, Bart held various roles as (chief) privacy and security officer where he implemented, audited and oversaw privacy and security and compliance program strategies for holding companies and their subsidiaries.

The U.S. Securities and Exchange Commission’s (SEC’s) new cybersecurity disclosure rules standardized the timing and location of reporting material cybersecurity incidents, and disclosing risk, governance and strategy processes. In this episode of the CISO Edge Podcast, Gartner experts Chris Mixter, Alissa Lugo and Lisa Neubauer have an in-depth discussion on how general counsel and chief information security officers can team up to accelerate compliance with these high profile new expectations.

Guest Speaker: Lisa Neubauer

Lisa Neubauer is a Senior Director Analyst with Gartner, advising chief information security officers, chief information officers, security leaders and non-IT executives on maturing their security and risk management programs and practices. In particular, Lisa focuses on executive/board reporting, strategy, metrics, governance, policy and security organizational structure.

Guest Speaker: Alissa Lugo

Alissa Lugo is a Senior Director Analyst with Gartner, providing C-suite, boards, and general counsel advice relating to corporate governance challenges facing their companies. Alissa assists clients on a wide range of corporate governance issues, including emerging corporate governance trends, board and management matters, director lifecycle events, corporate secretarial duties, developing and improving ESG programs, and assessing and improving corporate governance practices and board processes.

Attrition is a natural part of any function, yet cybersecurity organizations are often caught off-guard and see productivity and morale drop when staff depart. Having a strategy for planned and unplanned turnover is a crucial component of your cybersecurity programs’ greater success. In this episode of the CISO Edge Podcast, Gartner experts Chris Mixter and Victoria Cason discuss the three essential components of an effective talent release program: transition planning, offboarding and alumni relations.

CISOs today are taking on more responsibilities and doing so faster. However, this rapid expansion comes at the cost of stability and amorphous priorities. CISO Edge podcast host Chris Mixter talks to Gartner VP analyst Nader Henein about trust — who needs to trust CISOs, what trust means to each constituency, and how CISOs can build trust with each one.

This episode explores :

• The connection between trust and the CISO’s effectiveness in role. (02:00)
• What trust means to the C-suite and board in the context of cybersecurity (07:30)
• What trust means to the CISO’s peers around the organization. (16:15)
• How CISOs should build and maintain trust with their direct reports. (23:00)
• How CISOs can support the development of trust from the organization’s customers. (29:24)

This episode explores:

• Why cybersecurity should stop customizing due diligence questionnaires (06:20) 
• How to increase the likelihood that accepted third-party cyber risks become managed risks (13:30)
• Making contingency planning a core element of third-party cyber risk management (21:45)

Savvy cybersecurity leaders must look to new approaches to training employees to combat social engineering. While phishing tests are seen by cybersecurity leaders around the world as essential in the fight against email-based attacks, abundant evidence exists that the outcomes do not justify the investment. Phishing testing’s lessons are not extensible to other behaviors, the exercise foments a culture of distrust between cybersecurity and the workforce (name one other function that deliberately tries to to trick employees in the name of training), and, combined with the reality that it only takes one employee clicking to generate the worst-case outcome, phishing testing is more an exercise in security theater than a contributor to a secure culture.

Andrew Walls is a vice president and distinguished analyst in Gartner’s cybersecurity practice. Prior to joining Gartner in 2007, Andrew held cybersecurity leadership posts in industries from chemical/pharmaceutical R&D to banking.