- CISO Series Newsletter
- Posts
- [04-23-24]--We’ll Invest in Resilience as Soon as the Ransom Payment Clears
[04-23-24]--We’ll Invest in Resilience as Soon as the Ransom Payment Clears
Aaron
April 23, 2024
Capture the CISO!
Capture the CISO! Season 2 Episode 1 Out Now!
Capture the CISO Season 2 is back! Listen to the first episode available now and see the contestant’s videos!
CISO Series Podcast
We’ll Invest in Resilience as Soon as the Ransom Payment Clears
We hear lots of commitments from organizations about not paying ransoms. But unlike cybersecurity, talk comes very cheap. It doesn’t mean much to make a guarantee like that when there isn’t an existential threat to your business. So why do so many organizations not do more to operationalize commitments to not pay ransoms?
This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Joining us is our guest, Thom Langford, CISO, Velonetic.
Resilience gives an organization options
No one goes into business operations with a plan to just pay a ransom outright. Everyone can talk a big game when nothing is on the line. But that situation changes during a ransomware attack. This brings very real pressure to get the business back to normal operations in a hurry. Suddenly the CEOs who are making ransomware pledges can’t back up their talk, noted Andy Runyan on LinkedIn. Without resilience across your infrastructure, many organizations have no choice but to pay a threat actor. Rather than gaining some temporary optics by making ransomware pledges, organizations need to do the hard work to make it possible to live up to those commitments.
How can we make space for neurodiverse candidates?
There is no shortage of career advice out there. Regardless of the industry, you’ll often find that candidates need to self-promote, network like crazy, and maintain eye-contact with in-person interviews. While not intentional, our listener Sandy Taggart recently emailed us to point out this kind of advice doesn’t help organizations recruit from the deep neurodiverse talent pool. These kinds of considerations need to start at the recruiting stages for organizations, giving neurodiverse candidates the space to engage on their terms with appropriate accommodation. Obviously, communications needs to open up, but it has to happier on the terms of neurodiverse candidates.
Invest to solve the talent shortage
How is the ongoing cybersecurity talent shortage impacting organizations? The scramble for talent is leading large organizations to price out smaller ones, according to World Economic Forum reports cited by Jamal Elmellas at Dark Reading. Increasingly we’re seeing job applicants lacking required technical skills. But these reports show that many organizations have underinvested in internal training programs. Organizations look to recruit for entry level positions with five years of experience, rather than try to grow your own unicorn internally. Investing in real internal training to onboard cybersecurity talent from IT and other departments can pay real dividends for organizations in need of talent.
Waving the CISO magic wand
What cybersecurity tools do you wish existed? Maybe an LLM to convert technical conversation into something the business can understand, or a web portal to show vendor pricing without a sales call? These ideas all came out of a recent post in the cybersecurity subreddit. For Andy Ellis, his work as a VC puts him in a unique position to fund the ideas he wants to see with actual capital to make it happen.
Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to our contributor Tyler Rogers of Plexicus for providing this week’s “What’s Worse?!” scenario.
Thanks to our podcast sponsor, CyberMaxx
Sponsored
Navigating AI Security and Planning with OpenText
Planning is key when it comes to minimizing risk with the latest AI tools. Without a plan you risk exposing your organization to biased training data, leaking private information, and just missing the productivity gains you want from these tools. In this video Greg Clark, director of product management, OpenText, details why organizations need to proactive head off these risks with proper planning.
HUGE thanks to our sponsor, OpenText
Biggest mistake I ever made in security…
"I sent out a questionnaire to find out how many personnel records there were in our organization as a consultancy. Amazing kick-ass spreadsheet. Of 300 questionnaires I sent out, I got maybe 18 responses, and that was when I learned that actually, I could have just asked five questions and got just enough of the answer rather than the perfect answer." - Thom Langford, CISO, Velonetic
Listen to full episode of "We’ll Invest in Resilience as Soon as the Ransom Payment Clears."
Managing Data Leaks Outside Your Perimeter
"These are the things that good tools need to have because secret sprawl is such a big problem. And if you’re in a five-person startup, maybe you haven’t experienced what it’s like to find a secret and have no idea what it gives access to. But it’s a scary problem to have when it does happen, and it will happen. Are you going to break production by rotating a secret that’s leaked out? These are problems that we all face regularly." - Mackenzie Jackson, developer advocate, GitGuardian
Listen to full episode of "Managing Data Leaks Outside Your Perimeter."
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
LIVE!
Cyber Security Headlines - Week in Review
Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Christina Shannon, CIO, KIK Consumer Products.
Thanks to our Cyber Security Headlines sponsor, Veracode
Super Cyber Fridays!
Join us this Friday [04-26-24], for “Hacking Your Cybersecurity Career”
Join us Friday, April 26th, 2024, for “Hacking Your Cyber Security Career: An hour of critical thinking of how to level up your professional development.”
It all begins at 1 PM ET/10 AM PT on Friday, April 26th, 2024 with guests Jerich Beason, CISO, WM and Jesse Whaley, CISO, Amtrak. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thank you!
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.