[01-26-23] Join us tomorrow for “Hacking Cloud Forensics”

Join us tomorrow for “Hacking Cloud Forensics"

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [01-27-23], for "Hacking Cloud Forensics"

Hacking Cloud Forensics

Join us Friday, January 27, 2023, for “Hacking Cloud Forensics: An hour of critical thinking about conducting incident response in complex and transient data environments”

It all begins at 1 PM ET/10 AM PT on Friday, January 27, 2023 with guests James Campbell, CEO/co-founder, Cado Security and J.R. Tietsort, CISO, Aura. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Thanks to our Super Cyber Friday sponsor, Cado Security

Cado Security

Defense in Depth

What Can the Cyber Haves Do for the Cyber Have Nots?

What Can the Cyber Haves Do for the Cyber Have Nots?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. We welcome our sponsored guest, Jason Kikta, CISO, Automox. Please pipe up with your thoughts on this discussion of how to deal with those organizations that are below the security poverty line (tip of the hat to Wendy Nather for coining the term), and why it’s so critical for everyone’s security that we do something.Use your influence and leadership to make a change for smaller organizations and for everyone. The haves vs. have nots usually are cases of those who know security and those who don’t. Some organizations are trying, but working on the wrong things, wasting already tight budgets, noted Casey Cammilleri of Sprocket Security. They need guidance on priorities. For example, Jason Ozin of PIB Group suggested helping businesses turn on two-factor authentication. They may not realize it’s free or they’re scared to use it. Lastly, Andy Steingruebl, CSO of Pinterest, said, "For those with more influence, resources, and clout - use it to make sure that widely used tools, services, etc. are more secure by default and that those things that aren't default are easy to turn on and don't need experts.”Push vendors to provide solutions to less valuable customers that don’t deliver the same profit margins. Some vendors have become very successful only selling to larger organizations that can afford to always buy a minimum number of seats, noted Duane Gran of Converge Technology Solutions. Gran suggests pushing back a little on these vendors requiring them to have a certain number of exceptions each year to sell to smaller accounts. Some vendors, such as GitGuardian, offer a free tier of their solution. As Guillaume Charpiat noted, "Giving [our dev tool on a free tier] to upcoming innovative companies is actually in our best interest. It allows them to show they have some security controls in place when they try to sell their own solutions to their target customers, which allows them to grow so that in the end they can finally afford to pay for our solutions. Win-Win."Push back against bad security. We have so many ways to fight bad security behavior, and Haroon Meer of Thinkst Applied Research has been fighting this cause by exposing poor marketing by security companies. The most notorious bad security practice by vendors is charging customers to deploy single sign-on (SSO). TC Niedzialkowski, CISO, Nextdoor pointed to the SSO.tax wall of shame as exposing companies charging for what should be free by default. And Harrison Yager of Yagershots would like to see some type of visible third-party score, kind of like restaurants get a food safety score. That way people can vote with their wallets as to whether they want to give their money to a business that doesn’t protect their security and privacy.Volunteer to help cyber underprivileged businesses. Jessica B of Blue Cross and Blue Shield of Rhode Island would volunteer when she was attending a trade school. “This not only helps those below poverty security line but gives actual experiences to those who need it to be employable," she said. Also, be public about how you’re helping. Jorge G. Lopez of Peloton Interactive suggested an ‘adopt a highway’ for cybersecurity. It may entice others to get involved and it could help your brand image.You can listen to this week’s episode over on our blog where you can read the full transcript. If you aren’t already subscribed to Defense in Depth on your favorite podcast app, please go ahead and do that right now.

Thanks to our podcast sponsor, Automox

Automox

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series producer David Spark. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be  Kathleen Mullin, CISO, Cancer Treatment Centers of America.

Thanks to this week's headlines sponsor, SafeBase

SafeBase

Cyber chatter from around the web...

Jump in on these conversations  

"Do Threat Actors know when they are being hunted? (Enterprise)" (

)

"Do you think websites like Hack the Box and TryHackMe are good ways to learn cybersecurity topics?" (

)

"Who is responsible for resolving vulnerabilities" (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead we have:

  • [01-27-23] Hacking Cloud Forensics

  • [02-03-23] Hacking People and Process

  • [02-10-23] Hacking Your Security Program

  • [02-17-23] NO SHOW

  • [02-24-23] Hacking Vulnerability Remediation

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.