Join Gartner experts Chris Mixter and Richard Addiscott in this episode of CISO Edge to debunk the myths around why employees behave nonsecurely, why most tactics and executive communications around employee behavior don’t work, and to explore ways to rapidly increase the value delivered by your secure behavior and culture program (SBCP).

• What if I told you that “lack of cyberawareness” isn’t the reason people behave nonsecurely? (03:50)
• Where do your employee-related security incidents come from? (09:56)
• How can we move from compliance-centric to behavior-centric cybersecurity? (13:48)
• Help executives understand what is a defensible level of performance around human risk exposure. (26:15)

Richard Addiscott is a Vice President Analyst in Gartner's global security and risk management practice, helping CISOs and senior cybersecurity executives deliver highly effective information security programs and build high performing cybersecurity teams. With more than 20 years of experience in industry, Richard has held enterprise information security and IT leadership, information security consulting and advisory, IT governance, and business development roles across the public, private, and not-for-profit sectors.

Join Gartner experts Chris Mixter and Peter Firstbrook as they debunk the myths about vendor consolidation and provide CISOs with practical guidance on navigating this sea change in how cybersecurity technology is sold and operated.

• Does vendor consolidation contravene defense in depth? (05:34)
• Take a data-centric perspective to evaluate consolidation opportunities. (12:09)
• Questions for CISOs ask cybersecurity technology vendors about their pivot to platform-centric architectures. (21:29)
• Questions for CISOs to ask themselves about their cybersecurity talent in the platform era. (27:29)
  
  

Gartner Distinguished VP Analyst Peter Firstbrook utilizes his 25+ years of experience as an industry analyst to help clients improve their security posture to defend and respond to malicious attacks. Peter is responsible for endpoint protection platform (EPP), endpoint detection, and remediation (EDR), extended detection and response (XDR) markets, as well as topics such as security vendor consolidation, workspace security and generative AI security.

Join Gartner experts Chris Mixter and Will Candrick on this episode of the CISO Edge Podcast to learn how to implement a capability that many cybersecurity organizations see as beyond their program’s abilities or too risky to attempt: cyber deterrence.

• Why now is the time to explore cyber deterrence. (2:41)
• Where deterrence fits into your cybersecurity program. (12:15)
• Bad actors are rational and you can use that against them (16:39)
• Introducing the Gartner PARC Framework for prioritizing deterrence tactics. (20:39)
• How deterrence contributes to cybersecurity team engagement. (28:25)

This podcast explores research found in

CISO Edge: Use Cyber Deterrence to Stop Attacks Before They Start

Will Candrick is a Senior Director Analyst within Gartner’s risk and security management group. Will brings extensive experience researching cybersecurity management challenges, and regularly advises CISOs and their teams on maturing security and risk practices. In particular, Will focuses on cybersecurity strategic planning, incident response, awareness, metrics, board reporting and policies. Before Gartner, Will held research roles at CEB researching management best practices for CISOs and their teams. Will has a bachelor’s degree in economics with a concentration in political economy from Carleton College.