- CISO Series Newsletter
- Posts
- 09-08-20 - Tell Me We're Secure So I Can Go Back to Ignoring Security
09-08-20 - Tell Me We're Secure So I Can Go Back to Ignoring Security
Tell Me We're Secure So I Can Go Back to Ignoring Security
This week's episode of CISO/Security Vendor Relationship Podcast
Tell Me We're Secure So I Can Go Back to Ignoring Security
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Dan Walsh, CISO, Rally Health. All three of us discussed:
The "are we secure" question is loaded with anxiety.
Before addressing the literal nature of the question, "Are we secure?", try to understand why the question was asked. Diffuse the anxiety to see if they're concerned about a certain type of attack and then you can explain the types of protections and safeguards you have in place for that specific attack. Or, turn this into a discussion of risk and how a certain kind of attack would change the company's risk profile.
A security force multiplier for DevOps.
Educate key developers to be security champions and focus on automation and quality which are two efforts that ring true with DevOps engineers. It's simply not possible to maintain DevOps if security tries to insert themselves as a cog slowing down the machine.
How harsh is a response to aggressive sales tactics?
Some sales efforts by security vendors can be so overwhelming that the corporate response is to completely block the domain. Is that fair to the company? Could it have been one rogue employee? Should a decision to block be the job of the company or each individual?
How prepared should you be for your next job?
No one is ever 100 percent prepared for the new job. There's always an expectation that there will be some on the job learning. But, as a hiring manager, you'll need to make that determination as to what level of preparedness is necessary for that person to grow into the position.
Special thanks to this week's podcast sponsor, Capsule8.
is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is Remediant.
THIS Friday [9-11-20] We're Hacking the Human
Load up your bad ideas and join us this Friday, September 11th, 2020 at 10 AM Pacific/1 PM Eastern for
“Hacking the Human: An hour of critical thinking on the additional benefits of securing people”
.
I'll be leading this discussion with Robert O’Brien, CEO, MetaCompliance and Shawn Bowen, CISO, Restaurant Brands International.
.
Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.
Thanks to our sponsor MetaCompliance.
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
