Steve Zalewski - Former CISO At Levi Strauss & CO; Cybersecurity Advisor; Evolving The Security Vendor Relationship With CISOs The CISO Diaries podcast

The CISO Diaries « »

Steve Zalewski - Former CISO at Levi Strauss & CO; Cybersecurity Advisor; Evolving the Security Vendor Relationship with CISOs

2+ y ago 45:41

Content provided by Syya Yasotornrat & Leah McLean, Syya Yasotornrat, and Leah McLean. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Syya Yasotornrat & Leah McLean, Syya Yasotornrat, and Leah McLean or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Steve Zalewski was formerly the Chief Information Security Officer at Levi Strauss & Co., a global leader in jeanswear. Prior to Levi Strauss & Co., Steve was the Managing Enterprise Security Architect responsible for cybersecurity critical infrastructure protection at Pacific Gas & Electric Company.

Earlier in his career, Steve has held leadership roles in healthcare security at Kaiser Permanente, and in data protection at Fujitsu, Vixel and DEC.

Steve is a huge proponent for maximal automation of cyber-risk mitigation and containment – people, processes, tools, whatever it takes. He has multiple patents in data protection and multi-processor operating system design and holds CISSP, CISM and CRISC security certifications.

Steve currently provides CISO, security consulting and security advisory services. These include:

• International cybersecurity advisor and trainer since 2017.

• Executive advisory board member for security startups, providing guidance to the executive leadership on sec

Steve is a frequent co-host with David Spark on the CISO Series podcast, Defense in Depth. He has also contributed to mentoring others answering their questions via the Reddit AMA Series – Ask a CISO Anything

Highlights:

0:00 - Introductions and Backgrounds

Steve highly recommends everyone takes a sabbatical

8:14 – Brutal Truths

“it’s not get better; what we have now is over 4,000 products that a CISO can choose from as technology and those 4,000 products aren’t solving 4,000 problems – they are solving probably 10 classes of problems. …we are forgetting about the people and the process”

15:15 – “I Learn to Understand the Perspectives of the Individual I’m Working with – the Win-Win”

25:36 - "Am I in the game of profit protection or loss prevention? In my mind, I was internally looking at that."

29:41 - "CISOs are maybe 15 years old as a concept; 10 years old as an operating model and in last 3 years, see it morphing yet again."

42:39 - It Takes a Village!

"We have a village and a child and it takes a village to raise a child - cybersecurity is very much like this.... we have a common enemy - bad guys are trying to attack the entire villages, so we have to raise the child - have to get better and act differently."

LinkedIn: https://www.linkedin.com/in/szalewski/

Defense in Depth Podcast: https://cisoseries.com/defense-in-depth-cybersecurity-is-not-easy-to-get-into/

r/cybersecurity – Reddit: https://www.reddit.com/r/cybersecurity/comments/m1y256/ama_series_ask_a_ciso_anything/

29 episodes