#38 - Succession Planning, with John Checco

06/15/22 • 38 min

In this episode, guest John Checco, Resident CISO at Proofpoint, makes a compelling case for CISO succession planning. As John takes us through his journey as a CISO, we learn how companies factor skills, background, and strengths into their short to long-term succession plans.
The average estimated tenure of a CISO is only 26 months. 85% of surveyed CISOs say they are now looking for another role or would consider an opportunity if presented. Unless you take aggressive retention action, it is only a matter of time before you are recruiting again. We discuss the tenets of succession planning, how to find a successor, and what transferring ownership entails.
John gives us deep insight into relationship handoffs, which often involve organizations and personnel, both internal and external. We identify a successor's essential qualities, including leadership skills, organization ability, knowledge and experience, and cultural fit. In addition to primary skills, we discuss secondary skills such as project management, administrative competence, and background diversity.
Guest:
John Checco, Resident CISO @Proofpoint
Hosts:
Josh Bruyning, Solution Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPP
Sponsor:
TrustMAPP (https://trustmapp.com)

Previous Episode

#37 – Leveraging Information Sharing To Protect Your Organization, with Bill Nelson

In this episode, guest Bill Nelson, CEO of the Global Resiliency Federation (GRF), talks about the GRF’s mission to help organizations in myriad industries share critical security threat information so they can all better defend themselves.

Bill lays out the history of GRF – how it emerged from the work he did at FS-ISAC, where he grew membership from 170 banks to 7,000. Bill led a team that was tasked with helping other industries set up their own security information sharing programs, based on what FS-ISAC was doing, leading to the creation of ISACs and ISAOs for legal, oil & gas, retail, energy, and healthcare.

You’ll also learn how the Uniform Commercial Code, article 4, in its description of “commercially reasonable” security, and who’s financially liable after a breach, drove banks to take security controls like anomaly detection, MFA, and DDoS prevention a lot more seriously.

GRF’s newest security information exchange, K12SIX, aims to protect K-12 schools, which have become the newest targets for ransomware, with attacks ballooning from 10 per year just a few years ago to more than 400 in 2020, and ransoms increasing from $20k to an astonishing $40M.
Guest:
Bill Nelson, CEO of Global Resilience Federation (GRF)
Host:
Chad Boeckmann, Founder/CEO, TrustMAPP
Sponsor:
TrustMAPP (https://trustmapp.com)

Next Episode

#39 - Don't Fire the CISO, with Quentyn Taylor

Top Tips for getting into the security industry and future proofing your strategy. This podcast will focus on Quentyn’s long career in cyber security and how working for the same company for a long period of time years has enabled him to build resilience and always think years ahead when executing a strategy.
Quentyn has a wealth of knowledge experience in both the IT and information security arenas and has driven Canon’s strategy to highlight the importance of document security and help business customers to minimize their security risk.
Host
Josh Bruyning, Solution Engineer @TrustMAPP
Guest:
Quentyn Taylor, Senior Director, Information Security and Global Response @Canon Europe
Sponsored by:
TrustMAPP