The Business Of Security podcast #32 – Do SMBs Need a CISO? – John Prokap

In this episode, guest John Prokap discusses the cyber security needs of small and mid-sized businesses, and if and when they need to hire a CISO.

His discussion with hosts Malcolm and Chad covers:

  • Why SMBs absolutely need a security program
  • How and when to hire a vCISO, and when it’s time to hire a full-time CISO
  • How industry associations can help their SMB members
  • The headwinds of change that a CISO will encounter, including “Technical Ego”
  • Why SMBs need to think about “Extinction Events” in their security planning

Recoil in horror as John, Malcolm, and Chad share stories from their pasts, including: users with one-character passwords, RSA auth tokens zip-tied to forklifts, and how one company had more domain admins that IT staff.

John Prokap, former CISO at HarperCollins

Malcolm Harkins, Chief Security and Trust Officer, Cymatic
Chad Boeckmann, Founder & CEO, TrustMAPP