2. Finding the Time To Find the Talent with Samm MacLeod

The hardest thing is finding the time to find the talent
— Samantha MacLeod

Samm MacLeod is the CISO at AGL, Australia's leading energy company offering electricity, gas, solar and renewable energy services to homes and businesses.

Samantha is an accomplished professional with more than 20 years’ experience supporting business strategies through technology enablement, risk management, security, and governance. In her role as CISO at AGL, Samantha is accountable for aligning Cybersecurity strategy with business strategic initiatives and integrating security practices across the organization.

During this episode, Samantha will bring light to the obstacles you may face when sourcing for security teams. Listen for her suggested immediate hiring needs and why you should strategically create employee longevity. Find out if the cybersecurity talent gap is really an industry crisis and how encouraging a diverse team of talented professionals may be the solution to a successful team.

Links:

Time Stamps:

  • 00:32 - Samantha’s background, introduction, and journey to CISO

  • 03:20 - Immediate hiring needs for a new security team

  • 07:36 - Roles that must be outsourced or can be done in house

  • 09:59 - Is there a lack of skill crisis?

  • 10:24 - “I don’t think you need 25 years experience to make a difference in a security team” - Samantha MacLeod

  • 15:41 - Are we losing in-house security professionals to micro business?

  • 16:18 - “Step out of that mold and challenge the industry and status quo” - Samantha MacLeod

  • 18:25 - Why women aren’t prevalent in this industry

  • 22:07 - The role that diversity plays on a security team of professionals

  • 24:51 - Overcoming obstacles when sourcing for teams

  • 26:14 - “The hardest thing is finding the time to find the talent” - Samantha MacLeod

  • 28:29 - Key lessons learned around cybersecurity teams

1. Security in Context with Jonathan Werrett

The team should reflect the risks that your particular organization faces
— Jonathan Werrett

Jonathan Werrett is the head of information security at FitBit and prior to that, he ran product security at Palantir. Jonathan has spent the last decade building infosec teams and maturing security operations. His roles have spanned security engineering in Silicon Valley, pentesting in APAC, and devops/SRE in Europe.

During this episode, Jonathan will share core principles to follow when hiring and building a team in information security. Learn to find ideal leadership even when the talent pool is subpar and explore the importance diversity plays in the hiring process. Listen to the end to hear some of Jonathan's hardest lessons learned during his 15+ years in the industry.

Links:

Time Stamps:

  • 00:27 - Jonathan’s background and introduction

  • 02:12 - Principles to follow when hiring a new team

  • 02:39 - “The team should reflect the risks that your particular organization faces” - Jonathan Werrett

  • 03:28 - Security teams role in proper context

  • 08:55 - Building and hiring a team in information security

  • 13:22 - Skills and roles that can be outsourced

  • 14:02 - “You don’t need a full time red team even if your multinational” - Jonathan Werrett

  • 16:22 - The importance diversity plays a role in the hiring process

  • 16:45 - “More diverse teams come up with better solutions over time” - Jonathan Werrett

  • 18:16 - Finding ideal leadership even when the talent pool is subpar

  • 23:55 - Hardest lessons learned in this industry