Trustero GRC Leaders: Ryan Kramer, Wisetail. Creating a Culture of Security

In this conversation, Michael Eggerling interviews Ryan Kramer, the Director of Information Security at Wisetail, about building a culture of security. They discuss the importance of understanding the why behind security tasks and creating a culture that is deeply embedded in the values and behaviors of the organization. They also touch on the limitations of certifications like SOC 2 and the need for continuous improvement in security practices. Ryan emphasizes the importance of communication and storytelling in security leadership and shares his personal approach to security in his personal life and at work.

Takeaways:
1) Building a culture of security involves going beyond policies and procedures and embedding security into the values and behaviors of the organization.
2) Understanding the why behind security tasks is crucial for motivating individuals to take ownership and have a positive impact on the organization's resilience.
3) Certifications like SOC 2 should not be the ultimate goal; organizations should focus on being more secure, understanding risks, and continuously improving security practices.
4) Soft skills such as communication and storytelling are essential for effective security leadership.
5) Prioritizing security initiatives involves defining goals, understanding threats, and weighing priorities against the business needs.
6) Ryan applies his security mindset and readiness approach from his personal life to his role at Wisetail, emphasizing the importance of protection and preparedness.
titles
7) Prioritizing Security: Defining Goals and Weighing Priorities
8) The Power of Communication and Storytelling in Security Leadership

Sound Bites
1) "I really want to develop a kind of a culture of security that's really deeply embedded in the values, the behaviors, practices of the entire organization."
"2) I don't think it works for people to be told that they need to handle security tasks. They need to understand why they need to be handling security tasks and really truly make that personal."
3) "I think a process that continually takes iteration... you have to keep cycling through this, reviewing it, looking at what needs to change or how things could be better or different, and really just kind of try to get ahead of that curve."

Chapters
00:00
Introduction of Ryan Kramer and Scott Knoefer
02:20
Ryan Kramer's Role and Background
06:39
Building a Culture of Security
10:11
The Limitations of SOC 2 and Certifications
12:04
Importance of Communication and Soft Skills in InfoSec Leadership
18:33
The Power of Storytelling in InfoSec
23:35
Prioritization in Security Initiatives
26:58
Applying Personal Security Mindsets to Organizational Protection
31:15
Conclusion and Contact Information


keywords
culture of security, understanding the why, certifications, continuous improvement, communication, storytelling, personal security
takeaways