CISO Series Newsletter
Posts
09-05-19 - "Best" Excuses to Avoid Cybersecurity Spending

09-05-19 - "Best" Excuses to Avoid Cybersecurity Spending

"Best" Excuses to Avoid Cybersecurity Spending

September 05, 2019

View this email in your browser

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Cybersecurity Excuses

On this episode of Defense in Depth:

Co-host Allan Alford and our guest Gary Hayslip, CISO, Softbank Investment Advisers, discuss:

Security professionals must endure an endless string of excuses to not improve a security program. On this episode, the ones we saw fall into four categories: "What I've got is good enough", "Denial", "False safety net", "Costs too much time/money".
Never rest on what you've got today. Today's configuration is tomorrow's vulnerability. Security is a process, not an end state.
There are always issues because humans are involved.
Small companies may not have a huge payout, but their defenses are usually weaker making them an easy score. A bunch of small companies add up to a big one.
If you have not invested well in a good security program, you are already breached and don't know it.
As this show title explains, you can't rely on a single layer of defense (e.g., firewall) to protect you.
No CISO is complaining they're spending too much on security.
A great security partner is awesome, but you don't hand off your security to someone else. It's a shared responsibility.
Don't rely on cyber insurance in the same way you don't leave your front door unlocked even though you've got home insurance.

Special thanks to this week's Defense in Depth podcast sponsor, Anomali.

The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.

Rich Friedberg, CISO, Blackbaud on Resiliency

"Man on the Street" video from Black Hat

Worst Security Vendor Email Pitches

Whether it's persistent badgering or sending unwanted gifts, the security vendor landscape is awash with inappropriate and unwanted sales pitches.

At Black Hat 2019, I asked attendees

to tell personal tales of the worst vendor pitch they ever received. If you've done any of these, please, please stop.

Aanchal Gupta, head of security for Calibra, Facebook on how a vendor can survive a breach

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.