Sign up to get updates from us
In this episode of the Candid CISO podcast, host John Donovan sits down with Mandy Andress, an experienced CISO, investor, and board member, to explore her career journey in the cybersecurity industry. Mandy discusses how her diverse roles have shaped...
In this episode of the Candid CISO podcast, host John Donovan sits down with Mandy Andress, an experienced CISO, investor, and board member, to explore her career journey in the cybersecurity industry. Mandy discusses how her diverse roles have shaped her perspective on implementing security measures tailored to different organizations, taking into account their culture, communication styles, and technological infrastructure. She also opens up about her personal experiences as a gay woman working in tech, offering insight into how diversity has influenced her leadership approach and decision-making processes.
The conversation touches on the evolving responsibilities of a CISO, especially in the context of remote work and the rise of AI-driven cyberattacks. Mandy reflects on her experiences balancing compliance and security in both traditional and tech-forward industries, sharing her strategies for building effective security teams and fostering collaboration.
Key Takeaways
Mandy emphasizes the importance of aligning security strategies with an organization's unique culture, communication style, and tech stack to ensure they are effective and sustainable.
She talks about how her experience as a gay woman in cybersecurity shows that diversity enhances problem-solving, fosters collaboration, and strengthens team performance.
Mandy believes in creating a safe and supportive environment for team members by being a good listener, sharing personal experiences, and being open to vulnerability.
The role of a CISO continues to evolve, and while it has become more defined in terms of business impact, it still requires constant adaptation due to the fast-paced changes in technology and cyber threats.
Remote work presents unique challenges for leadership and team cohesion, but it also offers opportunities to redefine communication and collaboration through virtual means.
Mandy advocates for taking on lateral career moves, as they can provide valuable learning experiences that contribute to broader skill sets, particularly in leadership and security roles.
Building trust and rapport within an organization is crucial for a CISO, especially when influencing security decisions and balancing the organization's risk appetite with technical considerations.
Mandy underscores the importance of balancing compliance and security, recognizing that they do not always align perfectly, and making informed decisions on when to prioritize one over the other.
The rise of AI-driven cyberattacks is a growing concern, and security teams need to rethink their approach, focusing on speed, adaptability, and leveraging AI tools for defense.
Lastly, Mandy encourages cybersecurity professionals to stay curious, remain open to learning, and take calculated risks in their careers, always keeping an eye on long-term growth and opportunities.
TrustLogix is a sponsor of the Candid CISO podcast. Visit their website at: https://www.trustlogix.io/candidciso
For show notes, transcripts, links, and more episodes visit https://www.candidciso.com
The Candid CISO podcast is produced by Nonconformist Innovation Media.
CISO / Author / Advisor
Mandy Andress has spent more than 25 years at the crossroads of business, technology, and security, a career defined by boundless curiosity first sparked as a teenager behind the keyboard of her Texas Instruments-99/4A. Since then, she’s earned an alphabet of degrees and designations – CISSP, CPA, JD, and CISO, where she’s led Elastic’s security posture since 2018.
Mandy marries a deep technical background in system auditing, core security, architecture design, and security programming with legal expertise as a member of the Texas Bar to act as a bridge between rapidly evolving security regulations and her teams in the trenches. While staying ahead of technological and legislative change, she’s focused on the human side of security and how behavioral science can help influence rather than impede security approaches and best practices.
Mandy is the author of Surviving Security: How to Integrate People, Process, and Technology, a guide to holistic security awareness used as a foundational textbook by educators around the world. She’s also a committed mentor and advisor, both to advance the careers of future security leaders on her teams and in a voluntary capacity to share her experiences, challenges, and lessons learned with security startups as they navigate entry to market.