CSO:CYBER

This week's episode of Defense in Depth Leaked Secrets in Code Repositories This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Jérémy Thomas, CEO, GitGuardian. All three of us discussed: Putting passwords and other credential information inside of code simply happens. It is done by developers for purposes of efficiency, laziness, or simply forgot to take it out. Given that exposing secrets is done by developers, these secrets appear in code everywhere, most notably in public code repositories like GitHub. Exposed credentials can appear in SIEMS as it's being exported from the developers' code. There is a shared responsibility model and cloud providers do have some ability to scan code, but ultimately code you put in your programs is your responsibility. Scanning public code repositories should be your first step. You don't want to be adding code that has known issues. Next step is to scan your own code...

This week's episode of CISO/Security Vendor Relationship Podcast Can a Robot Be Concerned About Your Privacy? This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our sponsored guest is Rebecca Weekly, senior director of hyperscale strategy and execution, senior principal engineer, Intel. All three of us discussed: Privacy as competitive advantage. For years, it seemed the corporate norm was to push users to relinquish their privacy for additional functionality. This would give the business more insight into user behavior to be able to sell more products. But now privacy is hip and something companies want to promote. For example, Apple is spending advertising dollars to promote their privacy controls. If you're creating an AI/ML engine, what information could be anonymized and/or thrown out after use? Lack of diversity didn't happen overnight. We're in this lack of diversity issue today because of years of ignoring it. That...

This week's episode of Defense in Depth Measuring the Success of Your Security Program This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our sponsored guest is Chad Boeckmann, CEO, TrustMAPP. All three of us discussed: The process is very systematic. Start with knowing your risks, how you're going to track them, and the controls you're going to put them in place to manage them. Simple to say, hard to do. Security risk is just one of a multitude risks a business faces. Data's whereabouts is a moving target. Having confidence in its location and protections is key to managing overall risk. Constantly be asking who has access to the data and what communications processes are you using to share that information between humans and machines. Discuss with leadership as to how you will judge success and what metrics you will use. C-suite will need to lead the discussion with security providing guidance as to what they can and can...

Privacy Is An Uphill Battle This week's episode of Defense in Depth This week's episode is hosted by me, David Spark, producer of CISO Series and Allan Alford. Our guest is Dave Bittner, host, The CyberWire Podcast. All three of us discussed: Marketers, the ones often collecting the data, have no incentive to not gather more. The only thing holding them back, barely, are newly growing privacy regulations. Security professionals are tasked with protecting privacy but they're not usually on the front lines of data collection and are often brought in after the data has been collected. The public has become numb to the abuse of their privacy. A little is being chipped away at the time that they either don't know they're being abused or it appears to be so slight they don't even care. They see the benefits of sharing far outweighing the negatives. GDPR is large and very difficult to comply with. And although it only affects site visitors from Europe, most site owner...

A new issue of Intelligent CISO Issue 30 publication has been published. - Secure automation - Experts discuss using automation technology securely for business - Rise in ransomware - Why creating a comprehensive cybersecurity and Disaster Recovery plan is a ‘Must have’ - Powering security - How to ensure score operations and manage risk in the energy supply chain - Remote Protection - Cyber trends - How to adapt to phishing trends and keep cybercriminals at bay - Infographic - 84% of businesses will likely increase WFH capacity beyond pandemic despite security concerns - Threats updates - Latest updates from across the globe, the UK and Europe - Editor’s question - What are the advantages for enterprises and how are such capabilities secure? - Predictive Intelligence - How to fight back against the rise of ransomware - Feature - Securing connections in the cloud and across IoT Devices Read more: https://view.joomag.com/intelligent-ciso-issue-30/0425437001601973540?token=eyJ0eXAiOiJKV...

O advisor em Segurança da Informação, Rangel Rodrigues, relata em seu artigo como é viver a terrível experiência de ter membros queridos da família infectados com COVID-19 e faz uma analogia de como empresas podem se proteger de um ciberataque mitigando riscos que estão dentro de casa Em meu último artigo, descrevi alguns pontos de como devemos nos armar para desmascarar o inimigo. Agora, no final de uma crise que vivenciei com o COVID-19 com a minha esposa e minhas filhas, achei interessante compartilhar como foi se proteger de uma contaminação mitigando o risco quando o inimigo está dentro de casa. Olhando para isso sob outra perspectiva, comecei a comparar como seria viver com o inimigo dentro do seu ambiente de trabalho, seja uma contaminação de um ransomware, uma botnet oculta em um servidor ou um vazamento de dados na cloud. A criatividade dos atacantes tem sido cada vez mais invasiva. No começo de setembro, me deparei com a minha esposa e minhas filhas com testes positivos do CO...

This week's episode of CISO/Security Vendor Relationship Podcast I Want to, but... I Just Can't Trust Your Single Pane of Glass This week's episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Joshua Scott, former CISO, Realtor.com . All three of us discussed: Is there a future for the integrated suite? For years, the selling point of the pane of glass was go with the integrated suite because it would cut down on time and cost of integration. But with the API first mentality, best of breed has become even easier to use making integration of disparate solutions into a single pane of glass very possible. This effectively eliminates the integrated suite's "pane of glass" advantage. Setting up security guardrails for developers. This is a prime spot for innovation. Many have discussed how can we create an environment where developers can stay within the confines of appropriate security while still having the freedom to inno...