On this Episode of The New CISO, Steve Moore is joined by special guest Mark Ferguson, the CISO for a cyber security company Bombardier. They discuss roles of a CISO in cybersecurity and the strategies involved in dealing with breaches and building teams.    Moving to Canada Originally from Scotland but now residing in Montreal, Canada, Ferguson shares some background on where he has lived in the past and the process of moving to Canada. Ferguson expresses his excitement of experiencing Montreal when it becomes more open. He has been taking some French classes to become better acquainted with the language.    Travel Ferguson has been able to travel often and live in many places for his job. Opportunities to relocate have been present multiple times throughout his career. Ferguson advises taking opportunities to relocate for a career. He has moved to the United States, to Poland, and now to Canada. He enjoys the experiences of new places. Moore discusses how relocation may be less common in companies based out of the United States.   First CISO Role Ferguson reflects on the decision to become a CISO. He honestly admits that some days it can be exhausting and doubts can arise. There are good days and bad days in the role. At the end of the day, he knows he is capable of solving any problems that arise. The role brings a lot of diversity.    Getting to be a CISO/4 Pillars How did you get to the point of being a CISO, Moore asks? Ferguson says he had a great mentor and was able to help identify his assets. Getting things done and strategic planning are important as well. The four main pillars of strategy are.    1). Educational awareness 2). Strong Identity Management/Data Security 3). Strong basics of IT management and maintenance 4). Using agile technology   Building a program & Facing Challenges You have to know what players you need to make things work. Building strong relationships is important and will assist with the aspect of vulnerability management. It can be a challenge to identify where problems lie and explaining the problems can be a challenge as well. Ferguson notes these are things he still actively is working on.    Moore notes that the CISO position can be nearly impossible at times. However, others pulling their weight in the company is essential. IT systems are extremely complex and joining everything to work as one can be difficult. This is, realistically, not a simple problem to solve.   Breaches with assets could be a big detriment to the company. Holding people accountable and working together is one way to avoid these breaches. Running audits is time consuming, but important to keep everything in check.    Best parts of the job Ferguson shares some of the best parts of his job. One of his favorite things is building great teams. Finding great people to work with is very rewarding. These people don’t have to be perfect, but finding what makes them an asset to the team is great. Inevitably, these team members will come and go, but developing great teams is one of the best parts of the CISO role, says Ferguson.    Breach Response Plan One of the first lessons to learn is that a cyber breach is not a cyber security problem. Ferguson mentioned that they recently faced a breach, and there is a lot to learn from the situation. This occurred at a critical time. They assumed the breach would be coming from the bottom up, however it was at a more executive level. Their team learned about internal response from this.    A good response to a breach is having the right people involved in the situation. A business team to be involved in the response is important because it is a business problem. Quickly building out this team is very important. Making sure everyone knows what the problem and objective are is essential.    Once a breach occurs, there is a lot of responsibility involved. People often don’t understand the size of this responsibility until it occurs. With the right culture and leadership, response will occu