CISO Series Newsletter
Posts
07-30-20 - I'll Secure the Perimeter When I Know Where It Is

07-30-20 - I'll Secure the Perimeter When I Know Where It Is

I'll Secure the Perimeter When I Know Where It Is

July 30, 2020

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Secure Access

On this episode of Defense in Depth:

Co-host Allan Alford and sponsored guest, Rohini Kasturi, chief product officer, Pulse Secure, discussed:

Multiple technologies, such as VPN, split-tunnel VPN, VDI, SASE, EDR, and secure management, are used in attempts to insure secure access. But given that secure access isn't just about managing endpoints, but users, you also have to look at IAM.
We look to conditional access to provide more support than just full VPN access.
Argument that we are moving away from endpoints to identity as that's the new perimeter.
SASE solution blocks by default, instead of allows by default, and requires permission for access. User is secured dynamically based on a combination of identity and device.
Would be great if secure access solutions were universal, but they vary country by country based on costs, availability, and regulations.
Secure access models must be user experience first. One possible play that works in this way is IAM + SASE + EDR + secure management.
Another factor that prevents the one-size fits all model for secure access is the complexity of stacks.

Thanks to this week's sponsor of Defense in Depth, Pulse Secure.

Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 24,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

John Meakin, CISO, Equiniti on API security

TOMORROW, Friday [7-31-20], Hacking AWS

Join us t

omorrow

for an hour of critical thinking on how to assess the risks of AWS configurations with my guests Trevor Hawthorn, managing partner, Stratum Security and Jon Ehret, vp of strategy & risk, RiskRecon

As always We'll have an active chat room and we'll be playing our best bad idea game, "Department of YES". And it all starts at 10 AM PT/1 PM ET. And immediately after the video chat we'll have the CISO Series Meetup. Everyone will have 1-on-1 meetings with fellow cybersecurity professionals. Five 5-minute meetups Huge thanks to our sponsor, RiskRecon.Register for and of our Friday video chats.

Mike Johnson on the need to lead by example

Best Moments from “Hacking Automation” Video Chat

Here are six and a half minutes of last week’s “Hacking Automation: An hour of critical thinking on when and where to computerize”. Check out the post for the best bad ideas and best quotes from the chat room.

Joining me in the discussion were

Eoin Keary, CEO, edgescan
Jimmy Sanders, head of information security, Netflix DVD

If you’d like to see the entire video, go

here

Thanks to our video chat sponsor, Edgescan

Best Bad Idea winner - Dutch Schwartz, AWS

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.