- CISO Series Newsletter
- Posts
- 04-28-20 - Cleaning Those Tough to Reach Digital Identity Stains
04-28-20 - Cleaning Those Tough to Reach Digital Identity Stains
Cleaning Those Tough to Reach Digital Identity Stains
This week's episode of CISO/Security Vendor Relationship Podcast
Our Top Tips for Cleaning Those Tough to Reach Digital Identity Stains
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. The three of us discussed:
Erasing digital identity is not a universal need or want.
Before one erases their digital identity or you offer up advice to help them, you must ask why first. Have they been unfairly and publicly maligned? Is there someone stalking them digitally? Or have they commit some crime or plan to do so and want to cover up any past history?
There's value in not being authentic.
As our guest Davi pointed out: "Inauthenticity can be good. Like a comedian sometimes you don't want people to have a real identity. You want to have an identity that speaks to you in your own language. And it's a form of protection for the person who is speaking."
Are you doing that to actually be secure or to convince others to think you're secure?
We're in a weird bind these days where we're being sold an evolving stream of "best practices" that's telling us how to secure our identities and access. For example, is having 12-character passwords with a special character designed to actually make you secure, or is that requirement there so you can show to an auditor that you're adhering to "good security practices?
Avoid tech jargon soup.
In our first round of our new game "What Is It and Why Do I Care?" our security leaders avoided pitches that were filled with tech buzzwords and keywords. They offered no structure or meaning and it just confused the contestants.
Special thanks to this week's podcast sponsor, Reciprocity.
ZenGRC by Reciprocity is a cloud-based GRC software that automates and simplifies compliance and risk management, solving critical problems at scale while customizing to your business needs. Adhering to the majority of regulations is a snap with pre-built templates and a unified system of record. Learn more at reciprocitylabs.com.
This FRIDAY [5-1-20] Hacking the Security Stack
Join us for “Hacking the Security Stack: An hour of critical thinking about what will disappear and what you’ll introduce in the security program of the future”.It’s happening this Friday, May 1st, 2020 at 10 AM Pacific/1 PM Eastern.REGISTERPlus, I'm giving out a prize for the best bad idea. On our first two shows Dutch Schwartz of AWS delivered two great bad ideas. I loved them because they stirred up a new conversation that required everyone to take the bad ideas seriously. Watch the video for highlights on bad ideas and how to prepare for this week's CISO Series Video Chat.
Next FRIDAY [5-8-20] Hacking the Speed of GRC
Join us for "Hacking GRC: An hour of critical thinking of how we can improve the governance, risk, and compliance process".It's happening at on Friday, May 8th, 2020 at 10 AM Pacific/1 PM Eastern.REGISTERThis live video chat will be led by CISO Series producer, David Spark, along with Scott McCormick, CISO, Reciprocity and Mike Wilkes, CISO, ASCAP.Special thanks to Reciprocity for sponsoring this video chat.Start thinking about:
There are so many stakeholders, so much information that needs to be gathered and transmitted. What are the opportunities to simplify this seemingly laborious process?
Do efforts to determine governance, risk, and compliance actions get held up because of lack of information from another? If so, what is it and how can we deal with it better?
Enter to play "What Is It and Why Do I Care?"
This is a brand new game for CISO/Security Vendor Relationship Podcast where we ask vendors to submit the best explanation of their category and what makes them unique. We’ll match companies in similar categories, and then I'll read the explanations (“What is it?”) and the differentiators (“Why do I care?”) to the CISOs all without revealing the names of the companies or the people who sent in the submissions. If the CISOs pick either response as their favorite, I'll then reveal the names of the winners, but not the losers.There's no risk to you to make your pitch. When have you ever heard that in cybersecurity?Go ahead and pitch and potentially you could get some kudos for your savvy skills explaining your technology.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.