- CISO Series Newsletter
- Posts
- 09-17-19 - Serious Hackers Wear TWO Black Hoodies
09-17-19 - Serious Hackers Wear TWO Black Hoodies
Serious Hackers Wear TWO Black Hoodies
This week's episode of CISO/Security Vendor Relationship Podcast
Serious Hackers Wear TWO Black Hoodies
On
, Mike Johnson and our sponsored guest, Bruce Potter, CISO, Expel, discussed:
One person cybersecurity shops need to democratize security.
There are many organizations, such as school districts, that at most have one dedicated cybersecurity professional. Focus your efforts to get others involved in overall protection so you're not spending all your time blocking and tackling.
Use the NIST cybersecurity framework to determine the maturity of your cybersecurity program.
Anyone, even one-person InfoSec shops, can benefit from just knowing where they stand as they're growing their cybersecurity program. Check out
.
It's very easy to tell someone where they're weak. It's far more difficult to tell them how to get stronger.
We don't need tales of new vulnerabilities, but rather creative new ways to defend ourselves. If you're presenting to the hacker community, offer up new defense techniques. They don't need more stories of vulnerabilities.
Get creative with the tools you already have.
While there are many companies offering asset management, you can actually figure that out because all those assets are probably being captured in one of your many existing log files.
Good ideas come from bad situations.
Conduct tabletop exercises every quarter to see how you would handle a bad situation. Expel offers an
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Expel.
is flipping today’s managed security model on its head (Ouch!) for on-prem and cloud, taking a technology-driven approach that lets analysts focus on what humans do best: exercise judgment and manage relationships. The company offers 24x7 monitoring through its security operations center-as-a-service, using the security tools customers already have.
REGISTER for Cybersecurity Sales Incentives Webinar (9/20/19)
This Friday I'll be hosting a round table webinar on the topic of sales incentives for cybersecurity professionals. I get the sense that a lot of the frustration of InfoSec sales stems from the incentive structure. Agree with me? Disagree with me? Got a better suggestion?Join us this Friday, September 20th, 2019, at 10 AM Pacific/1 PM Eastern for a video-based discussion with Carl Wright of AttackIQ, Manooch Hosseini of Optiv, and YOU! Yes, anyone with a microphone and webcam can join in the discussion. Watch this video of Mike Johnson and I discussing this very issue, and then go and REGISTER for this Friday's event.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.