What is the role of a CISO (Chief Information Security Officer)? - Melanie Ensign - Bonus

07/29/24 • 17 min

Critical Point War Stories with Kevin Riggle

Host Kevin Riggle interviews Melanie Ensign, former Global Head of Security, Privacy, & Engineering Communications for Uber, about what the role of a CISO (Chief Information Security Officer) is. (Hint: It's not being the smartest security person in the room.)

Bonus episode from https://warstories.criticalpoint.tv/episodes/the-reporter-called-her-christmas-day-melanie-ensign-bug-bounty-incident-management-programs

Video: https://youtu.be/e60YHYHTFUk

Melanie's newsletter: https://discernibleinc.com/newsletter-signup
Melanie's company: https://discernibleinc.com/
LinkedIn: https://www.linkedin.com/in/melanieensign/
Twitter: https://twitter.com/imeluny
Mastodon: https://defcon.social/@Wednesday

To subscribe to the video version of the podcast on YouTube, and watch other Critical Point content, check out https://youtube.com/@critical-point

Credits:

Edited by sleepingsage.

Intro & outro - "Senpai Funk" by Paul T. Starr. Used with permission.

https://soundcloud.com/ptstarr

Produced by Complex Systems Group LLC (https://complexsystems.group).

Bonus episode from https://warstories.criticalpoint.tv/episodes/the-reporter-called-her-christmas-day-melanie-ensign-bug-bounty-incident-management-programs

Video: https://youtu.be/e60YHYHTFUk

To subscribe to the video version of the podcast on YouTube, and watch other Critical Point content, check out https://youtube.com/@critical-point

Credits:

Edited by sleepingsage.

Intro & outro - "Senpai Funk" by Paul T. Starr. Used with permission.

https://soundcloud.com/ptstarr

Produced by Complex Systems Group LLC (https://complexsystems.group).

Previous Episode

He Won George Hotz's Money - Andrey Petrov

Host Kevin Riggle interviews Andrey Petrov about three different incidents he was involved with: A programming mistake in high school that filled its alumni's email inboxes, a Twitter analytics site he built that got co-opted as part of a phishing scam, and how he won a bug bounty on the Ethereum blockchain rollup prototype developed by superstar hacker George Hotz.

Chapters:

(00:00) - Intros/titles
(05:02) - The Alumni Email Explosion
(18:00) - The Twitter Tracker Takeover
(33:09) - The George Hotz Ethereum Rollups Bug Bounty Bonanza
(57:02) - Socials/outro

Video: https://www.youtube.com/watch?v=mWuqAePsquo

News coverage of the Twitter Tracker Takeover:
“New Twitter Scam Won't Show You Your 'Stalkers'” - NBC News
https://www.nbcnews.com/id/wbna44123467
“Beware: Twitter spam viral application on the loose” - Posilan
https://www.posilan.com/2011/07/20/beware-twitter-spam-viral-application-on-the-loose/
“After a lull of a few months, new Twitter Phishing Scam phrases appear” - Just Practising
https://www.justpractising.com/social-tools/twitter/after-a-lull-new-twitter-phishing-scam-phrases-appear/

Andrey's Twitter: https://twitter.com/shazow
Farcaster: https://warpcast.com/shazow.eth
Web site: https://shazow.net/

To subscribe to the video version of the podcast on YouTube, and watch other Critical Point content, check out https://youtube.com/@critical-point

Credits:

Edited by sleepingsage.

Intro & outro - "Senpai Funk" by Paul T. Starr. Used with permission.

https://soundcloud.com/ptstarr

Produced by Complex Systems Group LLC (https://complexsystems.group).

Critical Point War Stories with Kevin Riggle - What is the role of a CISO (Chief Information Security Officer)? - Melanie Ensign - Bonus

Transcript

Melanie00:00:00.560

And this is why preparation happens so far in advance of needing it. Right? Because you can't in the middle of an incident. Like, I hate to say that's, like, never waste a crisis. I hate that. I've I'm no one no one is building long term infrastructure during a crisis. They're just trying to put the fire out. Right? I need you to be thinking about, again, what are the long term outcomes that you want to see from this program? Let's build that now s