View this email in your browser

CISO Series Podcast
A Threat Actor Just “Liked” My Dashboard Screenshot

Data leaks are hard enough to deal with when caused by threat actors. But organizations also must handle self-inflicted wounds. Recently a CISO got called out for posting a screenshot of their security dashboard online. Why do these types of incidents happen and how should an organization assess the risk it introduced? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jamil Farshchi, evp and CISO, Equifax.

Hunting for captivating

Communication remains central to cybersecurity, but being successful with it across the business is challenging. That’s why CISOs need to be “on the hunt for captivating” according to Jamil Farshschi. The concept cybersecurity professionals need to relay are complicated. Coaching them in storytelling and narrative can help educate without getting lost in technobabble. Ultimately, the rest of the business needs to understand the concept of security, not the technical underpinnings. 

Cybersecurity is a team sport

When it comes to partnerships, organizations know the benefits of industry-focused private partnerships. But we’re increasingly seeing the fruit of public-private partnerships as well. One of the key ways the US government has ramped up threat actor takedowns is working with private industry, as outlined by Christopher Burgess on CSO Online. These partnerships also benefit the wider industry because they include data sharing provisions, allowing lessons learned in one operation can spread to other organizations.

Getting on top of regulation

When it comes to understanding overall risk to cybersecurity, we often think of a talent shortage or the cyber arms race with threat actors. But regulations also represent significant risks, as outlined in the Bipartisan Policy Center’s recent Top Risks in Cybersecurity report. Given the patchwork of laws impacting privacy and data processing across the globe, keeping in compliance becomes increasingly challenging. Most countries will not cede sovereignty any time soon and the situation doesn’t look to get better in the foreseeable future. Given the fine frameworks outset in many laws like GDPR, organizations need to stay on top of compliance-based risks. 

A CISO’s dashboard confessional

How damaging is it to share a security dashboard on social media? And what are the optics when your CISO is doing it? This raised the ire of r/cybersecurity, with some claiming the post as asking for a free pentest. But with any security data, context is everything. Many dashboards would be innocuous for any direct threat. But what they can reveal is financial insights or other business information about an organization. This might not have a direct risk, but it could give insight that would feed into a social engineering campaign over time. 

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our contributor Aaron Stanley, VP of security for dbt Labs, for providing the What’s Worse scenario.

Listen to the episode.

Thanks to our podcast sponsor, Varonis

Why are CISOs Excluded from Executive Leadership?

"It’s really about does that leader enable your access to the senior executive, to the board when it’s appropriate. You can’t have everybody on the senior executive team. The CEO has only got so much bandwidth on who they manage, and they have to delegate that responsibility to other people as well." - Ben Sapiro, head of global cyber security services, Manulife

Listen to full episode of "Why are CISOs Excluded from Executive Leadership?"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Alexandra Landegger, executive director and CISO, Collins Aerospace.

Thanks to our Cyber Security Headlines sponsor, Vanta

Super Cyber Fridays!
How Should Security Be Involved With Sales?

We often talk about the need to security to be involved in different aspects of the business. This can involve communicating with IT or overall company leadership. But the case for sales is all about trust, says Ravneet Dhaliwal, security solutions lead, Vanta. Having security proactively engaged with this process helps enable sales by builder a deeper level of trust.

Check out this preview of our Super Cyber Friday event happening this Friday, March 15, 2024. Our topic will be “Hacking Security-Driven Sales: An hour of critical thinking about how to unlock revenue with your security program.”

REGISTER for 3-15-24 Super Cyber Friday Event

Joining me and Ravneet will be Steve Zalewski, co-host, Defense in Depth.

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we’ll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!

Thanks to our Super Cyber Friday sponsor, Vanta

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.