[08-15-24]--Join us tomorrow for “Hacking the Demo”

Author

Aaron
August 15, 2024

Super Cyber Fridays!
Join us TOMORROW, Friday [08-16-24], for "Hacking the Demo"

Hacking the Demo

Join us Friday, August 16, 2024, for “Hacking the Demo: An hour of critical thinking about how to be pitch perfect.”

It all begins at 1 PM ET/10 AM PT on Friday, August 16, 2024 with guests Howard Holton, CTO and industry analyst, GigaOm and Tom Hollingsworth, organizer and networking analyst, Tech Field Day. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Defense in Depth
Information Security vs. Cybersecurity

Information Security vs. Cybersecurity

CISO stands for Chief Information Security Officer. So why do we sometimes pigeonhole their duties under “just” cybersecurity?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView.

Marketing versus strategy

CISO may have “information security” in their title, but the role is externally viewed as cybersecurity-focused. "There is a huge push for cybersecurity and the term has been marketed so much that I’ve come across some clients who don’t know the difference between InfoSec and CyberSec. This greatly affected how they previously viewed their security program," said Gabe Silva of Manasec. But as Linda Rust of SecuriThink noted, that isn’t always a bad thing. She’s found CISOs can use how they are perceived as a communication tool, saying, "Information security is my focus but the vast majority of humans outside our area understand the label cybersecurity more quickly. When I communicate I aim to meet my audience where they are. Without that, there’s no hope of guiding anyone."

A distinction without a difference?

There is value in attention in any area of security. If leaning into calling it cyber gets people paying attention, that’s a win. "There’s a Venn diagram showing the overlap of the cyber, information, and physical security domains. But I also don’t see why most people outside of my team would need to know the difference. I use a lot of internal materials branded ‘cyber’ because that’s the sexy term that gets attention, but my remit is ‘security.’ A holistic approach is exactly right, but we also shouldn’t get caught up in the minutia of terminology, particularly when working in an international, multi-language environment," Lance McGrath, Danske Bank.

For a non-technical audience, insisting on dogmatic terminology will only lead to disengagement, as Robert Tang of PetSure said, "It's all semantics and people making things more complicated than it needs to be. Information security is what people called cybersecurity 15 years ago. The industry is already confusing to non-technical people as is, let's not make it even worse."

Terminology follows function

Within the security organization, it’s more important that responsibilities are understood rather than what they are called. " The highest-ranking security person in an organization with responsibility for the strategy, security risk management and who presents to the board/CEO is de facto acting as CISO, regardless of reporting lines or titles,” said Michalis Kamprianis of Hexagon Manufacturing Intelligence. Rowing against the tide of the language people want to use won’t make your job any easier. "When 'cyber security' became a thing I was not a fan but in today's world this phrase is easier for people to grasp and understand the concept at a high level and is used interchangeably in common language. As long as practitioners know the full scope of security, I say embrace the cyber," said Robert Turney of iSelect.

Security convergence 

Regardless of what you call a security program, don’t lose sight of the mission.  "On our best days our organization’s cyber security, information security, physical security, and personnel security programs must converge with network architectures and operations and must work together. Our most useless day is when we are not putting in our best effort doing all of them or failing at least one of them. We need to keep our eyes on the prize - doing what is needed in securing information and making the networks resilient enough to assure leaders and users that data and systems will be there when needed," said Bob Turner of The Cyber Hero vCISO Network,

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Scrut Automation

Scrut Automation

Subscribe
Subscribe to Defense in Depth podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "Defense in Depth" into your favorite podcast app.

LIVE!
Cyber Security Headlines - Week in Review

CSH Week in Review Edwin Covert, head of cyber risk engineering, Bowhead Specialty

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Edwin Covert, head of cyber risk engineering, Bowhead Specialty.

Thanks to our Cyber Security Headlines sponsor, ThreatLocker

ThreatLocker
Understanding AI Bias and Security with NetSPI

For all the intricacies and hype around AI and large language models, Nabil Hannan, Field CISO, NetSPI, reminds us that they lack any kind of true intelligence, it's all just math. Organizations must learn how to test and secure their AI models to avoid biases and vulnerabilities. There is an emerging understanding of model operations and edge cases that attackers might exploit that organizations need to be up to speed on to stay secure.

Huge thanks to our sponsor, NetSPI

NetSPI

Cyber chatter from around the web...
Jump in on these conversations

"Any ideas on how I can convince my boss to not require users to give us their passwords?" (More here)

"Hey cybersecurity peeps, what have you automated?" (More here)

"Apple’s iPhone Spyware Problem Is Getting Worse. Here’s What You Should Know" (More here)

Coming Up On Super Cyber Friday...
Coming up in the weeks ahead on Super Cyber Friday we have:

  • [08-16-24] Hacking the Demo

  • [08-23-24] Hacking the Future of Pentesting

 Save your spot and register for them all now!

LIVE!
Join CISO Series Podcast LIVE in Seattle (08-21-24)

Join CISO Series Podcast LIVE in Seattle (08-21-24)

We're going to Seattle!

It'll be our first time ever producing a live recording of CISO Series Podcast in that beautiful city.

We'll be the closing entertainment on the first day of the National Cybersecurity Alliance's Convene conference happening August 21-22nd, 2024 at the Rosehill Community Center in Mukilteo, WA, just outside of Seattle. Convene is a conference all about security awareness designed for security awareness professionals. And I believe this will be our fifth appearance at one of their events!

Joining me on stage for our recording will be Nicole Ford, svp and CISO for Nordstrom and Varsha Agrawal, head of information security for Prosper Marketplace.

Watch the video for a preview of our recording and the event.

If you work in the security awareness industry, this is a must attend conference. Be sure to register by going here and use our 15 percent discount code: Convene15.

HUGE thanks to our three sponsors, KnowBe4, Proofpoint, and Vanta

KnowBe4
Proofpoint
Vanta

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.