CISO Series Newsletter
Posts
07-23-20 - A Podcast on InfoSec Fatigue? Who Has the Time?

07-23-20 - A Podcast on InfoSec Fatigue? Who Has the Time?

A Podcast on InfoSec Fatigue? Who Has the Time?

July 23, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

InfoSec Fatigue

On this episode of Defense in Depth:

Co-host Allan Alford and Helen Patton, CISO, The Ohio State University, discussed:

Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught.
Are we able to prove risk reduction to show that our efforts are successful?
Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity.
Disagreement on how you lead a discussion. Should it be story-based or data-based?
Classic complaint about cybersecurity is success is measured by the absence of activity.
Preventative security is not easily quantifiable as reactive security.
CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, framework compliance, pen test results, and threat modeling.
FUD (fear, uncertainty, and doubt) may be effective in the short run, but it's exhausting. It never works in the long term.
Approach cybersecurity altruistically. If it benefits you and those around you, then it's worth doing.
Lean on security vendors to help you show the value of their product. The business impact will be on the CISO's shoulder, but the vendor should help build the case.

Thanks to this week's sponsor of Defense in Depth, Sonrai Security.

Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an

enterprise cloud security platform

that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.

Roy Eliyahu, CEO, Salt Security on zombie APIs

TOMORROW, Friday [7-24-20], Hacking Automation

Join us t

omorrow

for an hour of critical thinking on when and where to computerize with my guests Jimmy Sanders, head of InfoSec, Netflix DVD and Eoin Keary, CEO, Semperis.

As always We'll have an active chat room and we'll be playing our best bad idea game, "Department of YES". And it all starts at 10 AM PT/1 PM ET. And immediately after the video chat we'll have the CISO Series Meetup. Everyone will have 1-on-1 meetings with fellow cybersecurity professionals. Five 5-minute meetups Huge thanks to our sponsor, Edgescan.Register for our future Friday video chats.

Shawn Bowen, CISO, Restaurant Brands International on security theater

Best Moments from “Hacking Active Directory” Video Chat

Here are seven minutes of last week’s “Hacking Active Directory: An hour of critical thinking on the key business service that’s got serious vulnerability issues”.

Joining me in the discussion were

Chris Roberts, hacker in residence, Semperis
Norman Hunt, deputy CISO, GEICO

If you’d like to see the entire video, go

here

Thanks to our video chat sponsor, Semperis

Best Bad Idea from "Hacking Active Directory"

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.