In this episode of The New CISO, Steve is joined again by Dr. Adrian Mayers, VP and CISO at Premera Blue Cross, to dig deeper into his knowledge of insider threat management and intelligence.
As an experienced CISO, Dr. Adrian understands the difficulties of a cyber security career. With this in mind, he shares the day-to-day obstacles of the profession and what aspiring CISOs can expect from the job. Listen to the episode to learn more about the pressures CISOs face, the psychology of insider threats, and how to work past life's challenges.
Listen to Steve and Dr. Adrian discuss how to get through difficult life hurdles and manage cyber threats:
The “Superhero” CISO (1:44)
Host Steve Moore reintroduces our guest today, Dr. Adrian Mayers. They acknowledge the stress and pressure a CISO may feel to play a superhero role, stopping every cyber threat.
Although no one can prevent every obstacle, Dr. Adrian insists that every CISO must consistently attempt with high motivation to stop every threat that comes your way.
Taking A “Bad” Job (5:26)
Steve presses Dr. Adrian if someone should ever take a “bad” CISO job.
Dr. Adrian brings up that every CISO needs their eyes wide open with every gig, but that early in your career, you may have to take less than ideal positions in exchange for experience.
The Bad Day Factor (9:53)
When asked about his worst day on the job, Dr. Adrian reflects that there is always something you can learn from your most challenging moments.
Insider Threat Management (13:01)
Dr. Adrian shares that his affinity for investigating insider threats first developed from his love of video games. After extensive research on counter-intelligence, he understands that specific triggers in people’s lives can lead to unattended consequences or malicious intent.
Evaluating The Insider Threat (15:35)
Steve questions why an insider psychologically may want to compromise the security of their company.
Dr. Adrian states that every insider who goes against their company has one thing in common: a desire to deviate from the norm. And determining that motivation helps the CISO manage their investigation.
How Far Should The Staff Go (20:46)
Dr. Adrian states that your team needs to understand exactly what their doing before talking to vendors or others. By discussing with your team the boundaries for their current investigation, you can gain additional insights that will put everyone on the right path.
The “Why” For Education (22:31)
Years ago, Dr. Adrian decided to get a doctorate in business administration specializing in international security. He then decided to get additional certificates in the security field. Ultimately, his desire for further education came from his immense curiosity but also was prompted by the grief of losing his daughter.
Defining Quality Intel Programs (28:49)
“Threat intelligence is full-spectrum intelligence,” according to Dr. Adrian. By leveraging the information from your intel program and applying context around it, every security team should be able to determine the motivation for the threat and paint a more holistic picture.
Surprising Information (32:00)
Steve presses Dr. Adrian on the most surprising things he’s learned from his background in threat management.
Dr. Adrian reflects on the amount of data vacuumed from our adversaries. Another shocking piece is the amount of data our allies gather on the U.S. Though, of course, the reasoning for gathering that information varies.
Ph.D. Proud (35:54)
Dr. Adrian always puts his doctorate before his name for several reasons.
As a Black man from Canada living and working in the United States, he realized he would experience more hurdles than others in the field. This put him on the path to being better, and getting his education has always put him in the position to thrive.