Super Cyber Fridays!
Join us TOMORROW, Friday [03-01-24], for "Super Cyber GAME SHOW Friday"

Join us Friday, March 01, 2024, for “Super Cyber GAME SHOW Friday”, one hour packed with cyber games. We'll be bringing our audience into the show to play some of our favorite games.

We've got the security team of FanDuel (Tyler Martin and Jodie Lash) up against the team from AssuredPartners (Hadas Cassorla, JD, MBA, CISSP and Jayakrishnan Krishnakumar).

It all begins at 1 PM ET/10 AM PT on Friday, March 01, 2024. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Defense in Depth
What Is Your SOC's Single Search of Truth?

The whole point of a single pane of glass is to make sense of your data. But when these dashboards are limited to a single platform, how useful are they? It seems like all they've led to is more browser tabs or more monitors crowding your analysts. We know we want to take action based on our data, so how do we get there?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Matt Eberhart, CEO, Query.

We all want answers from our data

No one builds infrastructure with the goal of vendor lock-in. We accept vendor lock-in when it allows us to achieve our goals. But this makes getting a single source of truth a larger challenge down the line. "My holy grail vision of ‘single pane of glass’ is connected workflows without vendor boundaries. In an API-first world, this isn’t hard to achieve at all. It is important for any vendor to realize that they don’t exist in isolation and to get a grasp of the customer’s solution ecosystem," said Rajaram Srinivasan. As Erkang Zheng of JupiterOne points out, we still want the goal of a single answer for our security questions, it’s just the vendor landscape hasn’t delivered it, saying, "The concept of a single pane of glass is sound, we all wanted one, but we've all been burned by promises to the point we don't want to hear that term any more.”

It’s not the SPOG (single pane of glass), it’s the journey

There’s definitely skepticism if a single pane of glass is even possible. But interestingly, the act of determining what a single source of truth for your organization would look like carries value in itself. "The single pane of glass is mostly unattainable. But the journey is worth the challenge if you are assessing your technology and cyber security processes and using the exercise to streamline adds further value," said Tony Gonzalez of Innervision Services LLC. For Duane Gran of Converge Technology Solutions Corp, this means determining what you don’t need immediate visibility into, saying, “In trying to produce visuals we do the important work of deciding what not to observe and measure. It reminds me of the adage that plans are useless, but planning is indispensable."

Consolidating views gets us closer

A problem for any single visibility solution into data is that organizations aren’t just asking one question. Any solution needs to account for an array of use cases. "I need tooling to communicate my security posture up-and-out in the context of business risk. I need to understand current active attacks (or potential attacks) to drive down-and-in response processes. And I need something that captures my annual security testing ‘campaign plan’ that incorporates the major threat vectors I’m concerned about," said Snehal Antani of Horizon3.ai. Within that framework, APIs can help, but don’t address the underlying complexity. "The best we are going to get is a series of consolidated views into our security program based on the telemetry, data type, or program focus. API's help consolidate data, but I've yet to see any vendor provide a one stop shop that is sufficient for security operations, special projects, and vendor risk management," said John C. Underwood of Big 5 Sporting Goods.

Tools for a changing landscape

The single pane of glass idea is all about providing visibility into the data that matters most. But we’re increasingly seeing that simple visibility isn’t enough without context. CISOs need tools that can connect this data to the business. "The key is to find tech solutions that do more than just bring information together. They need tools that really dig into that data, highlight the risks clearly, and help prioritize what to tackle first, all while keeping the business' main goals in sight," said Josh Basinger of Safe Security.

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Listen to the episode.

Thanks to our podcast sponsor, Query

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Russ Ayres, svp of cyber and deputy CISO, Equifax.

Thanks to our Cyber Security Headlines sponsor, Egress

OPEN AUDITION! Looking for Next Hosts on CISO Series

Your favorite hosts of CISO Series shows are not going anywhere.

BUT, we’re developing a new show and we’re looking for your NEXT favorite CISO Series hosts.

And we’re looking for a pair of them, possibly two pairs!

Submit a recording to be CISO Series hosts

• We’re looking for a two-person recording. You and a friend get on the microphone and explain something, anything in cyber.

• The recording should be 5-10 minutes in length. Audio only.

• Send your submissions via our contact form or via [email protected]. Label it “PODCAST AUDITION.”

• DEADLINE: THURSDAY March 7th, 2024

Go to the blog post on details on how to deliver the IDEAL submission.

Cyber chatter from around the web...
Jump in on these conversations

What are your thoughts about financial agreggators that store your bank passwords like Plaid and Teller.io? (More here)

"Developers regularly need to work in production environments. What do security teams need to remember when granting access?" (More here)

"What Zero-Trust solutions do you use?" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

• [03-01-24] Super Cyber GAME SHOW Friday

• [03-08-24] Hacking Breach Response

• [03-15-24] Hacking Security-Driven Sales

• [03-22-24] Hacking Effective Third-Party Risk Management

 Save your spot and register for them all now!

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.