Artwork for podcast The CISO Diaries
Steve Zalewski - Former CISO at Levi Strauss & CO; Cybersecurity Advisor; Evolving the Security Vendor Relationship with CISOs
Episode 112nd December 2021 • The CISO Diaries • Syya Yasotornrat & Leah McLean
00:00:00 00:45:40

Share Episode

Shownotes

Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company.

Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC.

Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.

Steve currently provides CISO, security consulting and security advisory services. These include:

• International cybersecurity advisor and trainer since 2017.

• Executive advisory board member for security startups, providing guidance to the executive leadership on sec 

Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything

Highlights:

0:00 - Introductions and Backgrounds

  • Steve highly recommends everyone takes a sabbatical

8:14 – Brutal Truths

  • “it’s not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren’t solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process”

15:15 “I Learn to Understand the Perspectives of the Individual I’m Working with – the Win-Win”

25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that."

29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again."

42:39 - It Takes a Village!

  • "We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently."

LinkedIn: https://www.linkedin.com/in/szalewski/

 Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/

r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/

Follow

Links

Chapters

Video

More from YouTube