What Would a Breach Cost You? Personal Risk vs. Reward as a CISO
The New CISO - A podcast by Steve Moore - Giovedì
In this episode of The New CISO, Steve is joined by guest Jeff Farinich, SVP of Technology Services and CISO at New American Funding.First starting his career as a general contractor, Jeff now prides himself on solving security problems. Today, Jeff shares how he makes career decisions and manages his organization’s risks. Listen to the episode to learn more about Jeff’s extensive career journey, his development relationship with vendors, and how CISOs take on a great deal of personal risk.Listen to Steve and Jeff discuss the right time to leave a company and the personal and monetary cost of a breach:Meet Jeff (1:45)Host Steve Moore introduces our guest today, Jeff Farinich.In his early twenties, Jeff studied accounting but realized it wasn’t for him. He then became a general contractor, but by his mid-twenties, he was still determining what he wanted to do. He soon took a course that kickstarted his IT career, putting him on the path to becoming a CISO.Adjusting To The Job (4:20)When Jeff started his first IT job, he was excited by the change of direction. However, Jeff realized he always dabbled in tech because even at his first accounting job, he helped manage PCs.Multiple Paths (6:28)Jeff reflects on his job at a large property management company and his position as an MS manager at a small movie studio.He soon began his path into security management and leadership. Through the movie studio, he also went to the premiere of a Jean-Claude Van Damme movie.Advice To His Younger Self (10:45)If Jeff could give his younger self advice, he would suggest getting as much tech experience as possible on the VAR side. He also would have stayed in Silicon Valley longer, possibly having an even more explosive career.A MacGyver Type (15:38)Steve presses Jeff on whether he would ever consider stepping away from the technical side of security to get on the strategy/VAR side.Jeff is very open but also likes to fix things. He refers to himself as a MacGyver type “born with a screwdriver in hand.”A Development Relationship (19:30)Jeff enjoys having a development partnership with partners by trying new, untested tech at a low cost.This type of relationship allows both parties to win and allows Jeff to be creative and drive innovation for that vendor.Evaluating Vendors (22:13)There are fewer IT vendors than security vendors, so there have been fewer decisions for Jeff to make. Evaluating vendors to work with is a process and can leave room for great, collaborative relationships.A Small Step (27:35)Before jumping into vendor development, Jeff recommends understanding the industry and being knowledgeable about the vendor space you’re interested in. If you are someone who doesn’t always want to contact your VAR but doesn’t know where to start, it’s essential to begin by learning and choosing carefully.Moving Up and Out (32:59)Steve presses Jeff on clarifying his belief that “the best way to move up is to move out.”Jeff is far from a job hopper, but if you wait to the point where you are desperate to leave your company, you probably should have left sooner. If you are not fixing the problems you want to repair, or there are a lot of risks, it’s valid to seek new opportunities.Managing Liability (34:51)CISOs always need to evaluate how much risk they are taking on. Whether you are an officer or director, you should realize that liability can reach you. Jeff has pushed for ways for CISOs not to be personally liable for breaches.Individual Risk...