CSO:CYBER

This week's episode of CISO/Security Vendor Relationship Podcast I Want to, but... I Just Can't Trust Your Single Pane of Glass This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Joshua Scott, former CISO, Realtor.com . All three of us discussed: Is there a future for the integrated suite? For years, the selling point of the pane of glass was go with the integrated suite because it would cut down on time and cost of integration. But with the API first mentality, best of breed has become even easier to use making integration of disparate solutions into a single pane of glass very possible. This effectively eliminates the integrated suite's "pane of glass" advantage. Setting up security guardrails for developers. This is a prime spot for innovation. Many have discussed how can we create an environment where developers can stay within the confines of appropriate security while still having the freedom to inno...

This week's episode of Defense in Depth Calling Users Stupid This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our guest is Dustin Wilcox, CISO, Anthem. All three of us discussed: Security people have notoriously had a "better than them" attitude towards their users who they view as the ones causing all the problems and making their lives more difficult. Calling users stupid for making a "mistake of effort" even if it's behind their back does not foster a bond with the security team. It fosters the us vs. them attitude. Security professionals will have a lot more success if they understand why users do the things they do. Once there is that understanding, then cybersecurity will better be able to design systems that accommodate users. About a third of your users confidently believe they're following the right cybersecurity procedures. That discrepancy is not the fault of the users, it's the fault of cybe...

This week's episode of CISO/Security Vendor Relationship Podcast Enjoying My Blissful Ignorance of Cyber Vulnerabilities This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Dustin Wilcox, CISO, Anthem. All three of us discussed: Propagating and believing in InfoSec myths can be dangerous to your cyber health.Believing that you can spot a phishing scam and that you're safe just as long as you go to mainstream sites are both fallacies. Ever been tricked by a magician? Then guess what, you can be tricked by a phishing email. They're designed to look just like normal emails. And mainstream sites have modules of third parties that may not have such stringent security standards. Sell your company in your job description. A lazily written job description will speak poorly to your company's employer brand. Far too many job descriptions are an amalgamation of previous jobs, stolen from other job descriptions with poor to ...

LGPD | Não há uma área resposável por ela, mas sim toda a organização Por Rodrigo Magdalena Sempre que algo relacionado aos temas Privacidade de Dados ou Segurança da Informação se torna evidente, como a implementação de uma regulação (que é o caso da LGPD), muito se questiona sobre quem é, de fato, o responsável pela sua implementação e manutenção. Mas antes mesmo da disseminação da cultura de proteção de dados a área de Tecnologia da Informação sempre sofreu com este estigma quando qualquer aspecto que envolvesse tecnologia fosse necessário e, consequentemente, acabou por acumular funções que extrapolavam suas atribuições e, pior do que isso, colocou em risco as operações das organizações. pois pessoas sem a devida qualificação funcional operavam funções sensíveis. Um grande exemplo disso, e já misturando Tecnologia da Informação, Segurança da Informação e Privacidade de Dados são os poderes que um administrador de redes possuía há até pouco tempo atrás (senão até hoje em determinada...

This week's episode of Defense in Depth Is College Necessary for a Job in Cybersecurity? This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our guest is Dan Walsh, CISO, Rally Health. All three of us discussed: Years ago most would say a college degree is necessary, but it appears the ROI for exorbitant college education simply doesn't deliver like it used to. Tons of valuable online courseware can deliver a targeted education for individuals wanting to start a career in cybersecurity. If organizations believe these first two statements to be true, then why are they putting down a college degree as a requirement for jobs in cybersecurity? Is requiring a college degree a false and elitist narrative that doesn't drive better cybersecurity talent? With such a stringent requirement, it detracts many people, including women and minorities, who may not have college degrees to pursue cybersecurity roles. Most college courseware in comp...

Why CISOs Need Cloud to Secure the Network CISOs need a new way to secure networks.  Martha, a salesperson, prides herself on being an “always on the move” digital worker. She often accesses sensitive data on her managed device at airport lounges while she gears up for the next meeting. She also surfs the internet, checks her social media updates and updates her personal blog. This type of connected employee, while a boon to the organization, can be a nightmare to the chief information security officer (CISO). Martha is not only exposing critical data to unknown networks while using WiFi services in public spaces, she is also exposing her company’s network to possible threat exposures through external websites. In a modern cloud-centric digital business, the need to access information anywhere and everywhere is a top priority. Due to the recent shifts in the technology landscape, the adoption rate for SASE offerings is as low as 1% “Secure access service edge, or SASE, supports ...

This week's episode of CISO/Security Vendor Relationship Podcast Tell Me We're Secure So I Can Go Back to Ignoring Security This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Dan Walsh, CISO, Rally Health. All three of us discussed: The "are we secure" question is loaded with anxiety. Before addressing the literal nature of the question, "Are we secure?", try to understand why the question was asked. Diffuse the anxiety to see if they're concerned about a certain type of attack and then you can explain the types of protections and safeguards you have in place for that specific attack. Or, turn this into a discussion of risk and how a certain kind of attack would change the company's risk profile. A security force multiplier for DevOps. Educate key developers to be security champions and focus on automation and quality which are two efforts that ring true with DevOps engineers. It's simply...

Working in Cybersecurity, Steps to consider for Developing your Cyber Career Plan (Part 4 of 4)] I originally envisioned writing a series of pieces detailing some of the steps people would take if they were interested in a cybersecurity career. My goal was to develop a resource that would not only be used by people seeking entry-level positions but could also be used by seasoned professionals who needed to update their resume, search for a new job, or prepare for an interview. For those of you who may have missed the previous articles, they are as follows: 1. Writing a Cybersecurity Resume 2. Conducting a Cybersecurity Job Search 3. Preparing for Your Cybersecurity Job Interview The final chapter in this series is focused not on getting a job but building a career. It is my hope as you read these paragraphs, you have been selected for the job you interviewed for, and it's time for you to develop your career roadmap. I have spoken on numerous occasions about how I stu...

Nova edição da Intelligent CISO - Issue 29 A nova edição da Intelligent CISO foi publicada nesta semana e conta com alguns tópicos bem interessantes: Cyberthreat awareness Identity era Ransomware prevention Constructing a Cyber Strategy 2020s: The decade that tears down LANs, WANs, VPNs and Firewall Vendors unveil solutions to improve endpoint protection capabilities Read more: https://view.joomag.com/intelligent-ciso-issue-29/0126444001599150295?token=eyJ0eXAiOiJKV1QiLCJhbGciOiJIUzI1NiJ9.eyJpc3MiOiJqb29tYWciLCJpYXQiOjE1OTkyMDIyMDMsImV4cCI6MTkxNDczNTAwMywic3Vic2NyaWJlcklEIjo1MTgyNzYxLCJjcmVhdGVfZGF0ZSI6IjIwMjAtMDktMDQgMDY6NTA6MDMiLCJ1bmlxdWUiOiJpUUtmVWF0aUtIOEhLRXdRV0RadUh5Yk84VVQ4clhuYSIsInR5cGUiOjN9.SDmDnXLtDSR6me47VfMcNFJukkCZAxWQNaUafWnQbSY&ref=email Tags 🏷 #cybersecurity #cso #ciso #infosec #hacker #itriskmanagement #ciberseguranca #cyberattacks #threats #malware #cibercrime #exploit #hackers #hacker #breach #mitreatt&ck #pentesting #cloudsecurity #cyberwar #datasecurity...

This week's episode of Defense in Depth When Red Teams Breakdown This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac. All three of us discussed: Don't make the mistake of red teaming too early. If you don't have your fundamental security program in place, you'll be testing out non-existing defenses. If you're just starting to build up your security program, conduct a vulnerability scan and do some basic patch management. A red team exercise exists to discover risks you didn't even know about and couldn't have predicted in your threat model exercises. Have a plan of what you're going to do after the red team exercise. Just discovering you've got problems with no plan to remediate them will not only be a waste of money, but will also breed discontent. Don't red team just to fill out an audit report. You can do a vulnerability scan for that. Cons...

This week's episode of CISO/Security Vendor Relationship PodcastRequest a Demo of Our Inability to Post a Demo This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Ross Young, CISO, Caterpillar Financial Services Corporation. All three of us discussed: Lose the "Request a Demo" button and upload a demo video. It's an extremely high bar to get an interested buyer to simply click the "Request a Demo" button. But, it's an extremely low bar to get an interested buyer to watch a demo video of your product or an even more elaborate walk through where they can self-select options. If they like what they see, don't worry, the interested buyer will request a demo. CEOs expect CISOs to lead the entire company in security. It's their most-desired CISO need. At the bottom of the priority list is leadership training. CEO's would rather have CISOs getting the whole company on board with security firs...