In this episode of The New CISO, Steve is joined by Mike Woodson, Director of Information Security and Privacy at Sonesta International Hotel Corporation, to discuss the risk and rewards of being a CISO.
First starting his career in law enforcement and cybercrime investigation, Mike now applies his police mindset to cyber security leadership. With his varied experiences in mind, he shares how his unique background makes him a well-equipped CISO. Listen to the episode to learn more about getting to the root of a threat, working with global agencies, and why CISOs should be compensated well for their high-risk responsibilities.
Listen to Steve and Dr. Adrian discuss the value of mentorship and the ins and outs of a CISO career:
About Mike (1:46)
Host Steve Moore introduces our guest today, Mike Woodson. Mike reveals how long he’s worked for Sonesta International Hotel Corporation and how he started in the cyber security field.
Mike details his background in law enforcement and teaching, leading him to investigate global cyber crimes and begin his CISO career.
The Cyber Cop (9:09)
Steve presses Mike on how he applies his police investigative skills to the cyber security field.
Mike asks the right questions to understand what he’s dealing with during a threat. He understands that his various skill-sets are a unique asset to the CISO job and help him get to the root of the problem.
The Best Job (12:27)
When asked about his favorite job, Mike shares how much he enjoyed his time working for the Indonesian government. He worked with various global agencies investigating cyber crimes, which allowed him to make a difference and meet impressive people.
Mike’s Advice (14:53)
Mike’s advice to his younger self is not to settle and be adventurous. He did not plan to go to Indonesia or be a CISO, but he took his opportunities and listened to the mentors he had along the way.
Radio Days (18:57)
Mike shares his past as a radio DJ and how it was his first love. Steve also discusses his recent experience as a podcast host.
Interview Tips (22:35)
Steve presses Mike on his perspective on perfecting CISO interviews.
Mike reminds the listeners to be themselves and take the interview as it comes. Ultimately, you have to focus on being dynamic and asking probing questions. You have to “look before you leap.”
Why CISOs Quit (27:53)
Mike shares why some CISOS leave a position. If someone in this role is being treated as an afterthought by higher-ups, it can easily lead to dissatisfaction. For such a high-pressure job with crucial responsibilities, it’s essential to be taken seriously by management and paid appropriately.
Should We Ever Ask The CIO? (29:39)
Steve asks Mike if there are ever times a CISO should ever report to the CIO. To Mike, the answer is no.
The role of the CISO has grown, and if they are the chief executive officer of cyber security, they should have a seat at the table. For the business's survival, the CISO should be trusted based on their expertise.
Do We Need CSOs? (32:46)
Many companies have CISOs and CSOs, which share the same command line. Mike believes some organizations should have both positions, depending on their structure.
Setting The Tone (37:38)
Steve asks Mike how new CISOs can be proactive post-hire.
You'll do well if you focus on building relationships, listening to people, and learning the business. To Mike, a CISO is the person who looks, listens, and leans into his work.
Sonesta International Hotel Corporation