May 15, 2024

Obtaining Security Budgets You Need (Not Deserve): Ira Winkler’s Cybersecurity Playbook for Executives

Ira podcast



In this episode of CyberOXtales Podcast, host Neatsun Ziv, CEO and Co-Founder of OX Security, interviews Ira Winkler, CISO and Vice President of CYE. They discuss the challenges faced by CISOs in obtaining the necessary budgets for their cybersecurity programs. Ira emphasizes the importance of CISOs understanding the business side of cybersecurity and being able to demonstrate the return on investment (ROI) of their efforts. He discusses the limitations of current risk quantification models, such as FAIR, and proposes a more advanced approach that combines machine learning and graph flow theory to calculate cyber risk and identify optimal countermeasures. Ira also highlights the need for CISOs to more effectively and efficiently communicate real threats and potential financial losses to the organization in order to justify their budget requests.

About Our Guest:

Ira Winkler is a renowned cybersecurity expert and award-winning CISO. He started his career as an intelligence analyst at the NSA before transitioning to become a computer systems analyst. Ira has worked for various government agencies and private companies, including HP and Walmart, where he held positions such as Chief Security Strategist and Chief Security Architect. He is currently the CISO at CYE Security, an Israeli company specializing in cyber risk optimization. Ira has authored seven books on cybersecurity and is recognized as a leading authority in the industry.

Connect with Ira: LinkedIn

Key Takeaways:

  • CISOs often struggle to obtain the budgets they need for their cybersecurity programs because they fail to demonstrate the ROI of their efforts.
  • Understanding the business side of cybersecurity is crucial for CISOs to effectively communicate the value they bring to the organization.
  • Risk quantification models like FAIR provide a high-level framework but lack the precision and actionable insights needed for budget justifications.
  • Advanced approaches that combine machine learning, Monte Carlo algorithms, and graph flow theory can provide more accurate risk calculations and help identify the most effective countermeasures.
  • CISOs should gather historical data, analyze industry trends, and highlight real-world examples of cyber threats to support their budget requests.