Ryerson’s Joe Mariscal on Building a Resilient Cybersecurity Culture

In this episode of Ahead of the Breach, Casey speaks with Joe Mariscal, Director of Cybersecurity and Compliance at Ryerson. Joe brings his extensive experience in the cybersecurity field to discuss topics such as the critical issue of burnout among cybersecurity professionals. He emphasizes the importance of leadership in fostering a supportive work environment. 

Joe also highlights strategies for preventing burnout, such as establishing clear boundaries for off time and encouraging open communication. Additionally, Joe delves into navigating compliance frameworks and the emerging threats posed by OT, IoT, and IIoT in the manufacturing sector. Tune in for valuable insights on building resilient cybersecurity teams! 

Topics discussed:

• The importance of leadership in preventing burnout among cybersecurity teams and fostering a supportive work environment that prioritizes mental well-being.  
• Strategies for establishing clear boundaries between work and personal time, ensuring that team members can disconnect and recharge effectively.  
• The impact of constant on-call expectations on employee stress levels and overall team morale in high-pressure cybersecurity roles.  
• Navigating compliance frameworks, including the differences between prescriptive and advisory guidelines, and aligning them with organizational needs and risk profiles.  
• Emerging threats in the manufacturing sector, particularly related to operational technology (OT), the internet of things (IoT), and the industrial internet of things (IIoT).  
• The challenges of managing legacy systems within cybersecurity and the importance of maintaining an accurate asset inventory for effective defense.  
• The role of ongoing training and development in keeping cybersecurity teams sharp and prepared for evolving threats in the digital landscape.  
• Utilizing risk registers to prioritize vulnerabilities and communicate effectively with executive leadership about necessary remediation efforts.  
• The significance of proactive security measures in identifying and mitigating risks associated with remote support and third-party vendor access.  
• Building a resilient cybersecurity culture that encourages open communication, regular check-ins, and support for personal issues affecting team performance.