Thursday May 16, 2024
When It's Good To Deprioritize Security with Drew Simonis
Howdy, y’all, and welcome to The Cyber Ranch Podcast! That’s Drew Simonis, CISO @ Juniper Networks, former CSO @ Hewlett Packard Enterprise, former CISO at Willis – you get the idea. Drew’s posts on LinkedIn are pure fire – not in the hot takes way, but because of the quality of the thinking behind them. Drew has also been on the show a couple of times now, and we keep inviting him back because he’s always worth hearing from. Drew and Allan were chatting this afternoon about the idea that oftentimes cybersecurity does not matter – and that that’s okay! So we decided to record a show on that topic.
Drew and Allan share some real-world stories where they put security on hold for the benefit of the business:
- VP of R&D had been told he had to get a new product off the ground that was only quasi-planned for. He had properly allocated headcount, but realized his cloud costs were going to rise dramatically. At the time Allan had a big security initiative he was pushing for out-of-bandwidth. They met and talked. His out-of-bandwidth need was stronger than Allan's in terms of benefits to the business. Allan backed him AND also made sure that his extra cloud spend included a few more security features in AWS. Win-win. Drew has a similar tale.
- Flat-out, Top line was declining and we could not figure out specifically why. New competitor explained some of it, but not all of it. Market fatigue? But that was not all of it. CRO wanted more sales folks to throw at the problem. CISO backed him and agave away project budget to support him.
- Company had a mismanaged an expansion. Building was paid for, but nobody had thought about the IT costs and headcount. CIO was trying to figure out where to get bodies to populate the new site. Allan gave up 2 headcount for 2 more quarters.
- Startup: CISO took on Marketing department temporarily when head of Marketing left. Slowed down the security focus, but Marketing needed some hands-on attention beyond what the CEO could give. It paid off for the business.
- CISO Joined forces with head of Pro Services to push through a security initiative that benefited key customers for him (contracts he could now secure), but also gave me some more generalized security comfort.
- Spent huge amount of what could have been security operations time training sales teams on security as differentiator in the market. Benefited top line.
Drew and Allan share many more stories and break down why in each of these cases, deprioritizing daily security operations was the right thing to do!
Y'all be good now!