View this email in your browser

Defense in Depth

How Should Security Better Engage with Application Owners?

Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. We welcome our sponsored guest Harold Byun, chief product officer, AppOmni.

Here’s what we discussed on the show.

“Many don't quite understand why this may be a problem, or how it creates risk for the organization,” said Dan Desko of Echelon Risk + Cyber. What’s needed, said Desko, is just sharing stories of how third party tools are often the cause of breach related issues. 

"Start by trying to understand their objectives, motivations, and challenges,” advised Ruben Velazquez of Replicant. "Ask questions to understand the gap they are trying to fill with shadow IT solutions. There's a business need that they are trying to solve. Understand it first,” said Nathaniel Morris of EQdigital. "Start with questions like ‘What’s your goal,’ ‘What is important to you,’ ‘What would keep you from reaching your goals,’” suggested Philippe Michiels, CISO of Cegeka. “Go from such questions to profiling the threats and risks. Eventually business that understands the why/how/where will be able to make balanced decisions." 

Follow the money to cut down on shadow IT. “Gain visibility into SaaS purchase activity and get ahead of it is sort of a ‘shift left’ in the SaaS security world,” said Alfredo Hickman of Obsidian Security. “If you cut the money then nothing can happen and everyone will come to you before starting a project that will not have any budget otherwise money is the key. Control it first,” said Azad Hozi of MYCISO-Online.

Make application owners want to operate securely. "You can’t motivate anyone to commit to something,” said Jovica Ilic of WIM Security. “Most changes in any organization are motivated by someone’s rational self interest." “Communicate the value and pieces of the picture they may not see," said Gabe S., CISO of PDC TECHNOLOGY, Inc. "People are most likely to do things if they understand why and how it matters to their objectives.”

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, AppOmni

Super Cyber Fridays!

Join us Friday [07-21-23], for "Hacking 5G Security"

Join us Friday, July 21, 2023, for “Hacking 5G Security: An hour of critical thinking about the looming explosion of IoT on 5G networks.”

It all begins at 1 PM ET/10 AM PT on Friday, July 21, 2023 with guests Kevin McNamee, security product manager, Nokia and Howard Holton, CTO and industry analyst, GigaOm. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Nokia

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Cassio Goldschmidt, CISO, ServiceTitan.

Thanks to our Cyber Security Headlines sponsor, AppOmni

Cyber chatter from around the web...

Jump in on these conversations 

"Burning Out. Any advice?" (

More here

)

"A third of organizations admit to covering up data breaches" (

More here

)

"Is there any point in sanitizing (stripping/encoding) user inputs when all output will be encoded by the app?" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [07-21-23] Hacking 5G Security

Save your spot

and register for them all now!

Where's My Highly Sensitive Data?

Among OpenText's cybersecurity solutions they have a product called Final Analysis Suite that allows you to light up your content store environment. Do discovery to see where you are holding sensitive information like financial, social security numbers, and health. As the data is discovered, risk scores that you set are automatically assigned.

In this video Geoff Bibby, svp, security marketing for OpenText explains in detail their portfolio and how it's working to find your highly sensitive data. Check out cyberres.com for additional information.

Watch the video

HUGE thanks to our sponsor, OpenText

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.