View this email in your browser

CISO Series Podcast

Cyber Advice So Generic, You’ll Assume It Came from ChatGPT

Shifting Left is so five years ago. Advice and best practices are great, but context is king. Is there a mixture of best practices AND doing what's right for your business that's practical? 

This week’s episode is hosted by me, David Spark, producer of CISO Series and Steve Zalewski. Joining us for the episode is our sponsored guest Gaurav Banga, CEO, Balbix.

Getting onboard with your communication. Create an environment where the board wants to trust the CISO. Reet Kaur, CISO of Portland Community College, shared five tips to make that happen: make the board feel secure, talk business instead of tech, use industry benchmarks, see the big picture, and quantify risks. The road to trust includes being honest about how you handle security along with telling a simple, compelling story about protecting your brand, people, and supply chain. 

Why are insurance prices spiking while actual coverage is shrinking? The insurance industry is reevaluating its profitability due to increased claims, leading to more conservative underwriting. A CISO’s primary focus should be on assessing the company's security practices and risk management. “​​If you are just looking at cyber insurance as a substitute for your poor cyber security posture, that’s not going to work anymore,” said Gaurav Banga. Cyber insurance is for the risk you can’t reduce.  

Be wary of automation promises that don’t show real business impact. It’s not that automation isn’t effective, but it needs to align with business objectives and contribute to a more coherent cybersecurity strategy. Automating a bad task, just gives you more problems faster and automation in itself doesn’t involve any magic. First isolate the task that provides value and then question how you’re going to automate it.

“Shift left” is so three years ago. Better application security comes from “shifting smart.” Utilize context in the development process to drive down risk effectively. “Shift smart” was coined by Jeff Williams of Contrast Security. It’s the key to strike a balance between best practices and contextual decision making in a way that doesn’t overly restrict the business. Reducing risk should be balanced with considering the cost and impact on the business. When your cost increases no longer reduce risk, it’s time to stop trying to reduce risk, noted Gaurav.

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, Balbix

Best advice I ever got in security...

"Never overestimate how little of what comes out of your mouth is actually understood by your CFO, your CEO, or your board." -  Gaurav Banga, CEO, Balbix

Listen to full episode of

"Cyber Advice So Generic, You’ll Assume It Came from ChatGPT"

Securing SaaS Applications...

"The challenge we kind of have now is there are so many SaaS applications that we’re dealing with, it is very difficult to consistently manage security across all of those because there’s no consistent API that they all have relative to security, safety, or privacy functions. What a lot of SSPMs and other – I think it’s like CSPM is the other acronym in the space – where security technology has taken us is now there is a variety of solutions, great solutions that will talk to all of those APIs for all your SaaS products and help you understand what your posture is across all of them, and I think that’s great." -  Geoff Belknap, CISO, LinkedIn

Listen to full episode of

"Securing SaaS Applications."

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jeff Hudesman, CISO, Pinwheel.

Thanks to our Cyber Security Headlines sponsor, Opal

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.