The importance of building long-term relationships and partnerships for cyber leaders is critical. You do that by playing to your strengths.
Guest: Jane Frankland, Founder & CEO of KnewStart and Founder of The Source Platform
Website | https://jane-frankland.com/
On Facebook | https://www.facebook.com/JaneAFrankland/
On Twitter | https://twitter.com/JaneFrankland
On YouTube | https://www.youtube.com/user/JaneFranklandTV
On LinkedIn | https://www.linkedin.com/in/janefrankland
Host: Dr. Rebecca Wynn
On ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/rebecca-wynn
________________________________
This Episode’s Sponsors
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network
________________________________
Episode Description
The importance of building long-term relationships and partnerships for cyber leaders is critical. You do that by playing to your strengths.
This episode underscores the need for CISOs to assert themselves and actively participate in decision-making processes. By improving their communication skills and pushing back on decisions made without their input, CISOs can help ensure that security considerations are properly addressed and integrated into organizational strategies. Also addressed is the high turnover rate for CISOs, burnout, and DEI issues.
________________________________
Resources
Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025: https://www.gartner.com/en/newsroom/press-releases/2023-02-22-gartner-predicts-nearly-half-of-cybersecurity-leaders-will-change-jobs-by-2025
________________________________
Support:
Buy Me a Coffee: https://www.buymeacoffee.com/soulfulcxo
________________________________
For more podcast stories from The Soluful CXO Podcast With Rebecca Wynn: https://www.itspmagazine.com/the-soulful-cxo-podcast
ITSPMagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
Soulful CXO - Jane Frankland
Dr. Rebecca Wynn: [00:00:00] Welcome to the Soulful CXO. I am your host, Dr. Rebecca Wynn. We are pleased to have with us today, Jane Frankland. Jane is the founder and CEO of NewStart, and founder of The Source Platform. She built her global hacking firm in the late 1990s, has worked as an executive for world renowned consultancies, and has contributed to leading industry accreditation schemes and forums.
She is a popular keynote speaker, board advisor, university guest lecturer, and awards judge. And she regularly shares her expertise and iconic world media outlets. She's known for spotting trends, bringing teams together for mutual wins and quickly uncovering root problems with their remedies. She believes the world will only become safer, happier, and more prosperous when more women are in male dominated industries.
And it's why she authored her bestselling book IN Security. Wikipedia and LinkedIn recognize her as a Top Voice and UNESCO has called her a [00:01:00] trailblazing woman in technology. She is following her passion to make women in cyber security a standard, not an exception. Jane, it's great to see you again.
Welcome to the show.
Jane Frankland: Amazing. Thank you, Rebecca. I'm so happy to be here.
Dr. Rebecca Wynn: Can you explain to our audience how you started out? Because when you first went to university, technology wasn't even on the radar for you. So how did that journey go?
Jane Frankland: Yeah, that's absolutely right. I was following my passion which was art and design.
So I have a degree in woven technology, woven, not technology, woven textile design. I was gonna say, yeah, woven, woven textile design. And, so what happened to me was my parents always said do what you love. Do what you're good at. And I was very arty. So that's what I chose to do and was doing actually really well as a designer.
I was nominated as a young British designer after graduating, but I fell pregnant with my first child. I've got three [00:02:00] children, two boys and a girl. So I fell pregnant just after graduating with my first child. Sun and continued working as a designer for a little while, and I got an agent of selling work all around the world I was showing in some amazing galleries as well but the money wasn't the money wasn't.
really coming in so for me, I was a single parent and I needed to make a decision. I needed to make a change and go and get a proper job, which is what I was told to do, go and get a proper job. You've done your art for seven years. It's time to go and get a proper job. So I, retrained and that's really how it all started.
I went straight into building a business in technology and specializing in security, information security, IT security, which is what it was called then. But that's really how how my career and my entry into cybersecurity happens. [00:03:00]
Dr. Rebecca Wynn: How did you choose technology?
What leads you on that journey? Because there's a lot of different fields out there.
Jane Frankland: It was actually love. Yeah. So yeah I got, a new boyfriend and found love and he was in technology and he said to me after I got this sales job and kind of. I was doing really well in the sales job and I never saw myself as a salesperson because I'm an introvert and it was the last thing that I wanted to do.
But what I didn't recognize was that I had been selling my artwork when I was tripping around the galleries saying you show my work that was selling. And when I did various other things in order to go in holiday with a boyfriend that was still selling. So I was very good at solving problems and I could sell.
I just didn't really realize. I could. And so when I met this, guy, he was in, in [00:04:00] tech, he was director at a company, but he wanted to start a new company. And he just said to me, Hey shall we go and do this? And I was looking for a new challenge. I like a challenge. And, that's how it all happened and how I said yes to him.
And. I didn't know really anything about technology. I would actually say I was certainly at that time mega luddite I had all the tech that was handed down to me by, by my brother. Yeah, that's how I got into technology and because I didn't know anything about really technology, the two areas that interested me were AI, which was far too new in 1997.
That was just too new. And the other was security and security was emerging security was feasible, you could build a business with security, or you certainly could lead with that in those days. You [00:05:00] That's how I ended up doing what I do.
Dr. Rebecca Wynn: Amazing. Cause if you think back there the late 1990s and 2000, cybersecurity is not the cybersecurity of 2023.
So how did you go about even starting to learn about a field that was very, young during that period of time?
Jane Frankland: I just, I really just did what I'd always done. I learned how to communicate. So I learned the language some of the terms and I served. So I never pretended to be something that I wasn't.
So I listened really well. I knew how to sell. I knew how to sell in a consultative manner. I knew what our companies. Strengths were, and I knew the vision that we had for the company. So I sold on that and I sold on really great customer service and what the client wanted. I knew where we were [00:06:00] strong.
I knew our market and I knew what our clients wanted. So I just went out to serve. I didn't need to be technical. What I did need to do was to go and ask questions and to be able to get the answers for my clients. And to be able to, make sure that they were getting a really high level of service because that's what my penetration testing company back in, in the day was all about we were highly flexible.
We were really unique. We were high end. We only served a limited number of clients. And we were so absolutely amazing. We were so good at what we did. And, for me, that's just how, I dealt with that.
Dr. Rebecca Wynn: And what you brought up a few times now is about really listening to the customer and really trying to meet those needs.
And I see that today is very lacking. When I talk to vendors and [00:07:00] I'm looking at products out there, it's one size fits all. And I'm like, you don't even understand my company. You don't understand the sector that I'm in. You don't understand our objectives are, you don't understand our roadmap. What do you see?
Lacking and how do you see that those people can improve themselves? And the 2nd part, how should we take more responsibility as cyber leaders? To do a better job, in getting those great partnerships that can be with us 3 years, 5 years and 7 years down the road versus 1 and done every year you're changing vendors.
Jane Frankland: Yeah. It's got to be built on relationships, hasn't it? So it's the biggest kind of, because it's two big questions that you just asked there. For me it, is all about the long term. It's not about the short term. And it is about building relationships.
No, it's about knowing exactly what you want as well. How can I be of service to you and how can I be of service to myself as well? So [00:08:00] say if I was working with a client it was. I was evaluating them. Do I actually want to work with them as well as they were evaluating me?
And I think when it comes to vendors it has to be the same thing. It's got to be a win You've got to be able to get the service that you require from that, vendor. And you've got to have, you've got to be in partnership with them. And I do see it in that way, it is about being in partnership and getting a win for, both parties.
Dr. Rebecca Wynn: Yeah, for me, it's similar almost when you're interviewing a company, right? Finding out about the company, finding out about the roadmap, finding about what their strengths and their weaknesses are, and are they going to be adding value to you? Because that's what you need. And the same with when you're going ahead and you're looking for vendors for your company, what value you're going to get.
Add, are they adding into their company and [00:09:00] are they going to be there for long term? I see them very close. Is that how you view them too? I tell people, I think they're along the same streams and people are failing to, do that on both ends, vendor management as well as career management.
Jane Frankland: Yeah. Trust comes into it, doesn't it?
It really is a case of, do I trust this company? Do I trust this salesperson and, this team as well. No trust is, everything. And certainly when I've dealt, when I dealt with vendors through my consultancy, my, my first company in security and certainly as a pentesting company, a lot of those partnerships actually fell through due to trust.
Which was disappointing. And now, nowadays, when I'm working with vendors I can do so from an influencer perspective. So I'm not using those products, but I'm working in partnership with them. So I want to be really [00:10:00] clear on what that company does. What are their values? Do I believe them?
Do they have integrity? I need to make sure that their values align with mine. And I want to be able to work with premium brands. And they don't have to be huge companies but they have to have that attitude. They have to go out and be, a premium brand for me to really care about who they're serving and to deliver a top notch service and to show integrity and to be trusted.
Dr. Rebecca Wynn: And one of the things I look at is I look at their churn ratio for their security teams or privacy teams or compliance teams. I look at see how quickly the executives are turning over. I do things along those lines. And I think people forget about that. It's not only about the product, but is that company still going to be in business tomorrow the next day, or are they looking to be sold to another company? And I've had many times where I've had [00:11:00] startups, or maybe medium sized companies have been excellent products who then get bought out by these bigger companies and then. The road map stops and I'm like, I have to switch products because it's no longer being serviced in the same way that it has been before.
So what other areas do you look at during vendor management versus is it just going to be I need features benefits? Doesn't meet my dollar cost when we talk about those other intrinsic things. What should our audience be looking for?
Jane Frankland: Yeah They've got to look at those things. But the other thing that I naturally look at, I really want to see what their diversity is because that's just so important to me.
Yeah, I like to investigate what's happening on that front from a gender, from an ethnicity perspective, from an age perspective as well. Yeah, I like to see. metrics and yeah, I'd [00:12:00] like to see the commitment. So what are they actually doing? Where, can I actually see them being active?
On those fronts.
Dr. Rebecca Wynn: And another way is to look at what they're posting, like on LinkedIn, what things along those lines do they think is really important to them? That's one of the things I look at too. When you talked about holistically do they, do they meet not only you as a person, right? But do they meet holistically with your company's values and where it's trying to go holistically?
I think that's one way you can do it to use LinkedIn or other posts and articles. Cause I found some companies I'm like, what you say to me in the sales meeting and what you're posting as a company does not line up and it doesn't line up with who we're presenting ourself as a company. And I know for contracts when I've dealt with some bigger contracts and I started looking at vendors, having some vendors that didn't line up with the values of my big contracts or us as a company, I've had to drop those vendors.
Have you seen that as well too? [00:13:00]
Jane Frankland: Yeah, absolutely. I have. Yeah. It's like what is not what you get often it's there's an awful lot of virtue signaling out there. So there's nothing that beats asking around. So when it comes to your peers how have you found them? What's the quality of the service like?
What's the team like? Do they actually practice what they preach? So yeah, I, I always ask around.
Dr. Rebecca Wynn: You mentioned about looking at diversity of the company and really the leadership as well too. A lot of times people think diversity DEI is only unfortunately. In their viewpoint about skin color, and I think it also goes by educational background.
It goes by years that you've been in the business or some companies out there that let's face it. If you're over 40, they don't think that they want you to work for them. And I think they're missing out. And there's some companies who think if you are not 40, you're not going to be hired, or if [00:14:00] you don't have a college degree, we're not even going to look about how many years you've really put into the School of Hard Knocks and self education.
I think people miss out on that. What are your views about diversity and especially too, because you're not a woman, how women are unfortunately negatively affected.
Jane Frankland: Yeah, absolutely. It's, it goes on and I'm not seeing it actually improve.
I'm, tired of us being in the same situation that we were when, I wrote my book and that was, I wrote that book in 2016, so it was published in 2017. So yeah I'm, very frustrated with the situation because I don't see much change at all. I am seeing women being more visible, which is great.
That's fantastic. I am seeing them speaking out more. I'm seeing them writing more. So I'm seeing them doing more and being more visible, which is great because it's absolutely key for their [00:15:00] careers. Certainly for progressing and advancing in their careers, but I'm really not seeing companies do anything at all.
If they are actually doing something, it will be getting a woman in to speak, and usually they're asking that woman to come in and speak for free, and to make up her time, however. And the other thing that I see them doing is maybe creating a women's network and then that's, about it.
So the changes that we need to really see happen. aren't happening, because there are other things that I think are more important to them. And most of the leaders are guys, and they are busy doing other things, and they're not all women, so they just, even when they've got daughters, and even when they believe in it, they don't, they can't ever know what it feels like to be a woman. Other priorities are just taking preference for them. [00:16:00] And I don't blame them for that at all because the situation for us in cyber security is really tough at the moment. It's so tough. The levels of burnout are absolutely huge. They're worse than front help frontline healthcare workers which is terrible.
I spoke to someone the other day, he was working his weekend, he was going to be have, he was going to have to travel on, Sunday. He'd had a heart attack earlier in the year. The company he was working at had hiring freezers. He was working in a small team, they'd lost four people, they couldn't recruit and they'd won more business.
So, so his working manor, that the hours that he was putting in were huge. And there was no solution. Yeah. It's really tough out there for people.
Dr. Rebecca Wynn: What do you think the solution is for burnout? I see one of the [00:17:00] things I see is we keep getting shifted to the left where we were trying to become chief as part of the suite, then we became suite light.
And now we're pretty much allowed places where suite non existence. And they really want a security engineer or network engineer, or even desktop engineer to be a CISO. And I find that one, I think more breaches are going to happen to that, but of course, they're going to get burned out. And then, like you said, If you end up having a seasoned CISO come in, then you find out I joined a job on time and then immediately they said we just let 17 of your people go and say what I didn't have those skill sets.
And then I had to pick up the slack. I think part of it. It's we're not getting positioned right as a viable department / organization and being critical and I see it's going back to almost like back when we were 2015, all of a sudden, and attitudes.
Jane Frankland: It's [00:18:00] almost like we've got the title, but we just don't have.
We don't have.
Dr. Rebecca Wynn: Clout.
Jane Frankland: Yeah, absolutely. We don't. We're not getting that seat at the table. Which affects our jobs, doesn't it? Because those decisions are being made without us being there to influence anything. And then we get the direction. And then we have to execute, but yeah, so it's really tough for C levels, for CISOs right now.
And the only, way I think for change to occur is by CISOs actually doing two things. They can step up and they can learn how to communicate more effectively to the people who they are, the state and the other stakeholders. And the other thing that they can do is push back. It's that not tolerating, which a lot of them are doing.
A lot of them are leaving. I read a piece from Gartner the other day, and it said that 25 percent of [00:19:00] CSOs would be leaving the industry in the next two years. So by 2025, 25%, a quarter of our CSOs would leave completely. Over 50% Or 50 percent would be changing jobs in the next two years.
That didn't surprise me at all, because the changing of jobs is consistent. And they don't stay in a job for very long on average. It's less than two years, which is half the time. For that a CIO would for them the average tenure is four to five years, but for a CISO it's less than two years.
But it's so worrying when you think 25% quarter of our CISOs may leave. It's a prediction by Gartner. So that for me is really worrying. I do see them moving to startups where they actually have a little bit more control and they can actually get on and do their job [00:20:00] so, that's.
That's positive. And the other thing I see them doing is joining big consultancies where they're not responsible for for, the, company, they're out there advising what the company has to do, which alleviate, can alleviate the pressure.
Dr. Rebecca Wynn: I think 25 is way understated, especially from all the interviews I've conducted this year is probably more around 43%.
And I do agree that we need two years. It's more like what I see is more like 15 months, which means they really started looking at 6 or 9 months out of the gate. And I think part of the reason for that is I call it The Great Bait and Switch. You go through the, interviews, you speak with all the leaders, you get all the support.
Then you come in and then you're finding out that now they want you to be a security engineer or network engineer, or we want you to do the firewall. I'm not saying that you can't help out at points, but you're finding out that what you were thought you're going to [00:21:00] be able to do strategically and tactically and being able to do hiring and stuff like that.
It's not there. And. That's, I think, reason why a lot of people are leaving too. We're finding that over and over again. I saw the other day on LinkedIn where two, two actually three things. One, they were actually, it was an, it was a pen tester that they were calling a CISO. I saw another one where it was an AppSec engineer.
And then I saw another one where they says two of them, they said one was a CISO $10,000 USD a year annual pay. And another one says CISO $23 to $25 USD per hour. I think all 4 of those are insulting to, to CISOs. And I think part of the reason for that and make sure if you agree with me is that when you look at SOC 2 and PCI and all stuff, they say, thou must have a person called CISO, but they're not defining that role.
And if they would start defining that role that would give us more teeth. How do you [00:22:00] feel about that? About these regulations, stuff like that, supporting us. So then we're not the water down.
Jane Frankland: Absolutely. And I think it's anything that can help us right now. We need help. We need support because we're not getting it by and large. So I think it's almost like time to revolt.
Dr. Rebecca Wynn: I wish we could strike to be honest with you. I'm like, can we have a sisso strike? I'm in concept. I don't want anybody's data to be breached or anything else, but in concept.
Jane Frankland: Yeah, I actually wish we had a union. A trade union where we had a body that could lobby for us because we don't speaking to a CISO the other day he actually was he wasn't as he's not a CISO. So he's got his own company, but he was a former CIO and he had acted as a CISO. So before, but we were, communicating about various topic and he needs some lobbying work done and it's, there [00:23:00] isn't anyone out there that can lobby.
There's no, no party, no union. No organization that can do that. They can all take your money from you and three, three memberships, they can offer training and things like that. There's no, no one company out there, no one organization that can lobby on your behalf. And we really need it.
Dr. Rebecca Wynn: I think the one thing that we can do and I do is. I walk away from a bad situation. I do go ahead and say no. When I find out that there is a bait and switch with what the promising is not going to be there when you want me to do what for basically what you're playing, a marketing person, no offense to a marketing person, but you're going to pay me what you're paying those.
No, I'm not gonna do that. The self worth to say no. Because there is a company out there who will value you. I that's the one thing that's a problem with the market [00:24:00] right now when you do have a lot of people who have been laid off and looking for a job and we'll grab a job is. Then they really have cut the pay considerably and those people are finding that you're got way less pay, but you have way too many hours and responsibilities and then that leads to resiliency and burnout problem.
So I think being able to go ahead and say no, that there is going to be a better opportunity out there. I think if more people say no to the cut down in the industry, I think that would help us as well too. But some people are going to argue back on, I do need the paycheck.
Jane Frankland: Absolutely. Yeah. But that's why that whole money, management like comes in, isn't it?
Like scribble a bit away for a rainy day for when you need it, because then it gives you options. The other thing that I see is. People who want to move into that CISO role, and they're prepared to take one of those lousy CISO jobs [00:25:00] in order just to get the title, and then they'll do it and then use it as a hopping stone to the next hopefully better CISO role.
But so it's tricky from that perspective because you've got aspiring CISOs who might be prepared to do that and take it, which doesn't help existing CISOs who are not prepared to take that job with with the responsibilities and the way that it's, laid out. So it's difficult and I can't see how that, I can't see how that can change actually.
Dr. Rebecca Wynn: More breaches are going to happen because they're hiring less experienced people. It's better to go ahead and hire a really experienced person than maybe bring a person who has the heart and soul and the background and stuff like that to be, to maybe be a deputy and train up.
But I've talked to more people who are finding that there's a lot of, I call them pariahs out there. There are a lot of the younger people out there [00:26:00] who I will do anything. To step over you. And that's going on in the field, too. And I tell people that doesn't do anybody any good. It doesn't do the industry any good.
And you're forgetting about we're in a cyber war at all points in time, and you have to have the best fielding team that has to be able to trust each other at all points in time. Because it only takes one bad insider or one good insider who made a bad decision to really go ahead and not only bring a company down, but affect thousands and thousands of people that can be a generational negative effect to them and their family.
That is the perspective that I think is also being lost of why we're in the field.
Jane Frankland: Yeah, absolutely. I'm, thankful I've not worked actually with people like that at all. So most of the time I've had my own company, so I'm [00:27:00] building a company and like setting the values and making sure that I've got a team that works really well as a team.
When I have worked for other companies, I haven't witnessed, I haven't witnessed that so I'm just thankful, I'm thankful about that, but I have heard the stories in security there were plenty of stories. Yeah. Similar to the one that you've just mentioned that are included in there.
So yeah, I know it goes on. I'm just thankful I've not walked in a place like that.
Dr. Rebecca Wynn: There's been a really big uptick, like in the last three years and I nicknamed it The Pariah Syndrome. That's what I personally have nicknamed it. Because I've had enough CISO stories. What we talk about it it's, the people who I would just say a lot of us have gotten to where we are because we have put in the 15, 20, 25 years, and it takes a long period of time to be able to have the breadth and the depth of [00:28:00] knowledge to attempt to do this job very successfully.
Jane Frankland: Yeah quite frankly, I can't understand anyone wanting to be a CISO.
To me, it's like, why would you want to be a CISO? Oh my God, that's a tough gig. Talk about pressure. It's, yeah, it's but some people, do and we need them. So, go for it. Yeah it's, a hell of a job right now.
Dr. Rebecca Wynn: So our time, unfortunately, is running short. What is the best way for people to get ahold of you for advisory services, speaking engagements, and to learn more about your company?
Jane Frankland: Yeah, I would say go to my website https://jane-frankland.com.
Dr. Rebecca Wynn: Great. Jane, thank you so much for being on the show. You are a Soulful CXO.
Jane Frankland: Thank you, Rebecca.