[06-01-23] Join us tomorrow for “Hacking the Future of Risk Management”

Join us tomorrow for “Hacking the Future of Risk Management”

June 01, 2023

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [06-02-23], for "Hacking the Future of Risk Management"

Hacking the Future of Risk Management

Join us Friday, June 02, 2023, for “Hacking the Future of Risk Management: An hour of critical discussion on how we need to evolve our measurement and reduction of risk.”

It all begins at 1 PM ET/10 AM PT on Friday, June 02, 2023 with guests Meghan Maneval, director of technical product management, RiskOptics and Jo-Ann Smith, CISO, Long View Systems. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Thanks to our Super Cyber Friday sponsor, RiskOptics

RiskOptics

Defense in Depth

How Must Processes Change to Reduce Risk?

How Must Processes Change to Reduce Risk?

What do we need to do to fix our processes to truly reduce risk and vulnerabilities?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Amad Fida, CEO, Brinqa.

Here’s what we discussed on the show.

Cyber threats are just another business risk and should be treated that way. Elevate it to that level. “If the business views security as just another IT service, the conversation gets muted by operational challenges rather than the actual risks,” said John Scrimsher, CISO of Kontoor Brands. Get away from addressing vulnerabilities, advised Chris Holden, CISO of Crum & Forster. “Begin demonstrating the risk those vulnerabilities contribute to your system or application,” said Holden. “For this to be successful you will need at minimum a business impact analysis for each system as well as incorporating threat intelligence into your vulnerability management program."

Spend time understanding staff’s systems and operating procedures. “Not every risk or vulnerability has a CVE number, nor does it have a technical solution,” noted Jonathan Waldrop of Insight Global. "If you can meet people where they are, you can usually develop a good process or plan to reduce the risk to an acceptable level,” added Matt Black of Contentstack. Erik Bloch of Atlassian echoed the sentiment, "If you can put yourself in their shoes you'll make it a win-win."

Focus on specific issues with explanations rather than spouting out best practices. "People respond better when I talk with them in person, explain the risk, what bad things can happen, the liability involved, and finally make a very specific ask to fix the issue,” said Uri Fleyder-Kotler, CISO of Staircase AI, who has had a lot more success with that technique then just telling hist staff to apply standard technical controls. Try to show the reality as best as you can. "Eliminate subjective variables as much as possible,” said Andy Kim, CISO of CyberCatch.

Do whatever you can to make it simple, because the security department can’t fix all the problems on its own. Reduce overlapping services in your tech stack advised Andreas Schneider, Field CISO of Lacework, "One tool is better than three as every additional tool creates that friction and this will effectively slow down your MTTR (mean time to remediate)." It’s your job to lead others, said David Casey of Summit Health, "Leadership can set the pace, Security set the goal, but the employees will fight the battle."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Brinqa

Brinqa

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Howard Holton, CTO, GigaOm.

Thanks to our Cyber Security Headlines sponsor, Barricade Cyber Solutions

Barricade Cyber Solutions

Cyber chatter from around the web...

Jump in on these conversations 

"Best remediation steps for MFA session hijacking attacks?" (

)

"For anyone looking to break into Cybersecurity.." (

)

"How do I convince senior management that email spoofing does not mean we were hacked?!" (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

  • [06-02-23] Hacking the Future of Risk Management

  • [06-09-23] Hacking Data Loss

  • We're off rest of June and first three weeks of July

  • [07-21-23] Hacking 5G Security

and register for them all now!

Live show!

 CISO Series Podcast LIVE in Denver 6-7-23

Here's a preview video of the live audience recording of the CISO Series Podcast at the Rocky Mountain Information Security Conference (RMISC) in Denver. Joining me on stage will be Michelle Wilson, CISO, Movement Mortgage and Jay Wilson, CISO, Insurity.

WHEN: RMISC conference runs from June 7th to June 9th, 2023. We'll be kicking off the event on June 7th with our recording at 4:30pm MT. Right after our session will be a welcome reception and game night. Looking forward to that. They better have pinball!

WHERE: Colorado Convention Center, 700 14th St, Denver, CO 80202REGISTER at RMISC.HUGE thanks to our sponsor, Trend Micro

Trend Micro

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.