[06-08-23] Join us tomorrow for “Hacking Data Loss”

Join us tomorrow for “Hacking Data Loss”

June 08, 2023

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [06-09-23], for "Hacking Data Loss"

Hacking Data Loss

Join us Friday, June 09, 2023, for “Hacking Data Loss: An hour of critical thinking about improving the marriage between data security and cybersecurity.”

It all begins at 1 PM ET/10 AM PT on Friday, June 09, 2023 with guests Matt Radolec, sr. director incident response and cloud operations, Varonis and Mike Johnson, CISO, Rivian. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Thanks to our Super Cyber Friday sponsor, Varonis

Varonis

Defense in Depth

How Should We Trust Entry Level Employees?

How Should We Trust Entry Level Employees?

All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Our guest is Kemas Ohale, vp, global information security, Lippert.

This is what we discussed on the show.

Stop thinking about these roles as entry level, but rather experience appropriate. "We don’t have entry level jobs in security. We have roles that make sense for varying levels of institutional (and domain) knowledge and experience,” said Eric Staffin of BlueVoyant. “Create sufficient guard rails for these amazing people at all stages of their personal and professional journey.” There is a real concern of letting green people get access to sensitive information and applications. But that’s not where you should be focusing your concern, said Roy Keck of Happily Ever Life & Cyber, “Isn’t that more of a problem for the company culture, company security policies/structure, etiquette, and best practices, than the employee?"

Young professionals often take on more responsibility than their experience would suggest. We had Kendrea W., a former nurse and now director of operations at Horizon Nursing Services level our argument by rightfully mocking cybersecurity’s concern of letting green people access to such sensitive data. "The cyber world is weird with this gatekeeping nonsense. Skills can be learned, just like any other profession. Did I know everything as a new nurse? Nope. But I learned. I was thrown to the wolves after one month with patients going downhill every shift. Nobody wants to trust someone with no experience yet hundreds of nurses every year with no experience are trusted daily with human lives,” she said. “Make it make sense." Some were fortunate to get that trial by fire early on. Duane Gran of Converge Technology Solutions Corp. got root access to 60 Unix servers in his first security role. He realized he was giving an unreasonable level of authority, “but I was careful and it is part of what makes me who I am today."

Having a job in cybersecurity already comes with a level of responsibility. "Cybersecurity isn't a starter role. That's one of those roles that people hope you moved from somewhere else in tech, like help desk,” said Alex P. of Millennium Space Systems, A Boeing Company. On the flip side, you can work in this industry and not have any critical responsibilities yet can still be learning cyber. For example, Eric Silberman of USDA suggests tier I SOC analyst.

At some point you’re going to have to hire new talent who will get their first experience with your company. "It's better to start now so you have more people with the experience and give them more time to train,” said Drew Herrema of Rakuten Kobo Inc. At such early stages you’re looking for people who want to learn. Derek A.'s last three hires were a former intern, a service desk person, and a system admin with no security experience, "I hired them because they were people who wanted to learn, wanted to work hard, were highly motivated and accepted that no task was beneath them and they'd learn from everything they got to do."

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Normalyze

Normalyze

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Joshua Scott, head of security and IT, Postman.

Thanks to our Cyber Security Headlines sponsor, Trend Micro

Trend Micro

Cyber chatter from around the web...

Jump in on these conversations 

"Github ordered to identify user who leaked Twitter source code" (

)

"Is it reasonable for a new CISO to develop a multi-year security strategy or is it better to focus on a shorter-term plan due to limited context?'" (

)

"How long did it take you to learn/get decent at cybersecurity?" (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

  • [06-09-23] Hacking Data Loss

  • Then we take a long break until...

  • [07-21-23] Hacking 5G Security

and register for them all now!

Pay Per Use, Not Pay Per Seat

"The open source project (of OpenVPN) as good as it is, does not meet the needs of most businesses," said Rohit Kalbag, vp of product marketing, OpenVPN. Website administration, access control, and made it a complete business solution.

Since our early days, OpenVPN has been a strong supporter of the CISO Series. We're thrilled that they joined us for our live recording of

CISO Series Podcast

in NYC on 4-13-23. Before our recording I got a chance to talk with Rohit about how OpenVPN has evolved two key products, Access Server and CloudConnexa. What's really cool about their solutions is they're really targeting the SMB market with a pay as you use model, not a pay per seat model which can get very expensive if not everyone is using the product. Check out our interview and please check out our

for which OpenVPN was a sponsor.

HUGE thanks to our sponsor, OpenVPN

OpenVPN

Live show!

[06-19-23] CISO Series Podcast Live in Tel Aviv

Tel Aviv Live Show

We’ll be kicking off the CISO Summit TLV 2023, a six day event, with a live audience recording of CISO Series Podcast. This is a private invite-only event, but if you’re a CISO/security leader you can apply to be invited to the event. Huge thanks to our hosts, Team8, for bringing us out to Tel Aviv.

The full event happens from June 18-23 at the Sheraton, Tel Aviv. We’ll be doing our recording on June 19th, 2023.Joining me on stage will be Paul Branley, deputy CISO and director of strategy, innovation and testing, Lloyds Banking Group. And we’ll have a special guest (that means we’re still in booking mode.)

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.