We just celebrated a couple of new milestones at the Center for Internet Security – the third anniversary of the CIS podcast series "Cybersecurity Where You Are", along with the recent release of our 75th episode.
I am an old-school tech guy, and this podcast was not my idea. The Comms Teams at CIS asked if I would be interested in co-hosting this with our CISO, Sean Atkinson. I might be old-fashioned, but I also try to be agreeable, so I said yes. And anyway, it sounded like something a "Chief Evangelist" should do.
From the Company's perspective, I think we've met the mark – bringing complex topics to "Where You Are" for the listeners, hosting engaging, timely conversations and guests, and giving our audience an inside look at CIS and some critical bits of history. And we have a "Dream Team Behind the Screen" (David, Chad, Rudy, Kim) that does the real work while Sean and I just show up and talk to each other and to interesting people (uh, those categories are not mutually exclusive).
But for me, this has also become a great experience and well worth the time. A few months ago, I realized that between brainstorming and recording, I had spent dozens of hours talking to Sean about cyber challenges, trends, and solutions – more wide-ranging, free-form, and thought-provoking conversations than I've spent with almost anyone else at CIS. This is the most time I've spent talking to any CISO or CIO in my entire career. Between watching Sean at work as CISO – switching freely between security designer, process pioneer, risk wrangler, and "Board Whisperer" - and co-hosting this podcast, I've come to appreciate his many real-life challenges and his thoughtful juggling of priorities and opportunities.
And this experience with the podcast reminds me that I still miss the everyday, unplanned technical and mission conversations with others, the sort of pre-Covid office exchanges central to my professional development. I don't miss them enough to go back to commuting. But I think we're missing something in our daily packed agenda-driven days of Webex-Zoom-Teams.
This experience also reminds me of a career lesson I have to re-learn every so often: say "yes" to new experiences, then make them into something that works for you. Something that helps you learn and something that you enjoy. And remember to stand back every so often to appreciate the greater value of the work that might not have been apparent when you started.
I just went back to listen to Episode #1. Despite my attempts to use up all the oxygen in the room talking, the content holds up pretty well. You'll hear many themes that are bedrock principles for the operation of the Center for Internet Security, like a focus on foundational security, basing defense on real-life data about attacks, pragmatic risk assessment, etc.