- CISO Series Newsletter
- Posts
- 09-22-20 - Security Is Suffering From DevOps FOMO
09-22-20 - Security Is Suffering From DevOps FOMO
Security Is Suffering From DevOps FOMO
This week's episode of CISO/Security Vendor Relationship Podcast
Security Is Suffering From DevOps FOMO
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our sponsored guest is Dayo Adetoye, senior manager - security architecture and engineering, Mimecast. All three of us discussed:
Look at why DevOps is successful. Don't try to break it to fit your model.
The security-born philosophies of "shift left" and "DevSecOps" are an attempt by security to change an already existing and successful model. No surprise there's been pushback by DevOps. Understand their model first, and look for opportunities to fit into and be embraced by DevOps' existing structure.
Does threat modeling require formal training or a bottoms-up approach to understanding?
Yes. While we saw a little debate for one model over the other, the reality is threat modeling works best when those who will be facing the threats can actually articulate them while at the same time they receive some formal security education on how to build and manage those threat models.
Should you abandon all phish tests?
What is the goal of a phish test? Is it to see if your users don't click on a phish or better they report it? What happens when you get your rates down or up to where you want them? If you know and believe that anyone can fall for a very creative phishing attempt, then what would be the value of those numbers? How would your staff feel if security was constantly trying to trick them? It probably wouldn't endear them to the security team. Maybe just good education would be more valuable than harassing your staff with pointless emails for you to generate human security statistics that could be easily gamed if you wanted to.
Special thanks to this week's podcast sponsor, Capsule8.
is defining modern enterprise protection by providing detection and response for Linux infrastructure in any environment. Capsule8 provides host-based detection and investigatory data for incident response with on-going support. Unlike anyone else, Capsule8 mitigates the financial, scalability and reliability limitations of protecting your Linux infrastructure.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is Trusona.
THIS Friday [9-25-20] We're Hacking the Supply Chain
Please join us this Friday, September 25, 2020 at 10 AM PT/1 PM ET for “Hacking the Supply Chain: An hour of critical thinking on building resiliency with the digital supply chain.”
Participating in this discussion will be Marcia Peters, vp of third-party risk management, TransUnion and Kelly White, founder & CEO, RiskRecon.
.
Plus, immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to the CISO Series Friday Meetup. Each participant will be randomly matched up in impromptu 1-on-1 five-minute conversations with fellow cybersecurity professionals. Link to do that will be made available during the video chat.
Thanks to our sponsor RiskRecon.
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
