View this email in your browser

Super Cyber Fridays!

Join us TOMORROW, Friday [09-29-23] for "Hacking Bosses"

Join us Friday, September 29, 2023, for “Hacking Bosses: An hour of critical thinking about how to manage conflict and engage with higher ups to advance your career.”

It all begins at 1 PM ET/10 AM PT on Friday, September 29, 2023 with guests Rusty Waldron, chief business security officer, ADP and Steve Zalewski, co-host, Defense in Depth. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Defense in Depth

How to Manage Users' Desires for New Technology

Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether it's ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO at LinkedIn. Joining us on this episode is our guest, Carla Sweeney, svp, InfoSec at Red Ventures.

ChatGPT is a new tool, but not a new security challenge 

Generative AI could well prove a transformational technology, but from a security perspective, your objectives remain the same. "For an employee posting proprietary data, ChatGPT is one destination of millions. It’s notable but the exfiltration risk exists for any destination," said Jason Popp of GEICO. ChatGPT will certainly open up unforeseen attack vectors as attackers continue to push the tool’s limits. This makes it imperative to understand it better, not to ban it. 

There is a case for caution with new technology 

We’re seen lots of technology trends in recent years that turned out to be relative flash in the pans. "Our job is to rationally validate tech on its merits and not blindly accept every fad that comes along," said Timothy Shea of PlayStation. While it can be tempting to rush to integrate these tools for the sake of not falling behind, it’s no excuse for not understanding them before doing so. Anshuman Mishra of Netsurion reminds us that, “The only thing that is worse than bad implementation is ‘unprecedented’ implementation."

Security leaders need to meet users halfway 

Whether it's ChatGPT or another new technology, security leaders need to recognize when there is legitimate user demand. Once they’ve wrapped their head around it, start engaging with employees rather than waving the ban hammer. "I sent out a company-wide email warning people of the potential pitfalls and giving suggestions on how to use it safely,” said Steven Smith of Freshworks. As Ben Kingshott of LMNTRIX said, "Standard rules apply, don't disclose sensitive information to random sites on the interwebs." 

CISOs should take the lead with generative AI 

This doesn’t mean we shouldn’t focus on doing it securely, but security leaders should be a partner in this process. "It is up to us to work with the stakeholders using the tools to guide them to the appropriate path to meet a secure development,” said Todd Luther of Solu Technology Partners. If these tools become a new standard in business, it’s imperative to stay on top of them. As Mysti Williams of Express Employment International reminds,  "We may not get replaced with AI but we will get replaced with someone who knows how to use it!"

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Censys

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Andrew Storms, vp of security, Replicated.

Thanks to our Cyber Security Headlines sponsor, AppOmni

Cyber chatter from around the web...

Jump in on these conversations 

"What do you think is the future of cloud security?" (

More here

)

"To those of you with Top Secret clearance - how's life?" (

More here

)

"How to improve an organization's Application and Network security" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [09-29-23] Hacking Bosses

• [10-06-23] Hacking Container Security

• [10-13-23] Hacking the Risks and Rewards of AI

• [10-27-23] Hacking Third Party Risk in the Cloud

Save your spot

and register for them all now!

Sponsored Content!

Moving Compliance From Paperwork To Automation

Understanding the risk to your business requires human intuition. But that doesn't mean there aren't a lot of things along the path to understanding risk that can't be improved with automation. At Black Hat 2023, I spoke to Kayne McGladrey, field CISO, Hyperproof, about how having a security-focused company culture can help CISOs link their known risks to their controls in order to put their budget where it will have the most impact. This can allow organizations to operate within the reality that business risk and cyber risk are not separate things. With changing state regulations and rapidly advancing technology, staying on top of your risk in a simple and understandable way is more imperative than ever.

Huge thanks to our sponsor, Hyperproof

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.