View this email in your browser

CISO Series Podcast
Does Burying Your Head in the Sand Count as a Security Posture? (LIVE in Boca Raton, FL)

As security professionals, we understand the risk to our organizations. But this contradicts clear signs of cybersecurity hubris, whether it's cloud security audits or confidence in spotting deep fakes. When does confidence in your team turn into a willful blindspot?

This week’s episode is hosted by me, David Spark, producer of CISO Series and guest co-host Eduardo Ortiz, vp, global head of cybersecurity, Techtronic Industries. Joining us is Adam Fletcher, CSO, Blackstone.

Keeping our eyes on new risks

How well do we realize the growing threat of deepfakes and the risks posed by generative AI? According to a Bitdefender study cited by Eileen Yu in a ZDNet piece, 85% of security professionals feel confident their teams can spot deepfakes. That might sound grossly optimistic, but nearly all recognize the significant danger that AI tools present. Protecting against deepfakes is less about employees becoming experts and more about strengthening internal processes. With incidents on the rise, some companies see as many as 10 deepfakes a month, which will continue to grow. Implement verbal passwords within families and businesses to ensure authenticity in high-risk situations.

The hiring disconnect

Is the perceived cybersecurity talent shortage a myth perpetuated by companies simply unwilling to pay for skilled candidates? That rather conspiratorial idea came from a recent LinkedIn post by Mic Merritt. While some companies may be in that position, it’s extremely unlikely that companies post jobs they never intend to fill. Sometimes, hiring may be delayed due to specific job requirements, but talent is available. Another factor is the change in post-pandemic workplace culture, where working from home prevents some younger employees from learning the benefits of an office culture. 

Mental health in incident response

The psychological toll of ransomware attacks is often overlooked, but it’s critical to incident response planning. Research shows that stress from cyber incidents can lead to severe mental health issues like panic attacks, as cited by a study from the defense think tank RUSI. Organizations must build mental health support and structured rotations into their response plans to prevent burnout and over-reliance on individuals. While formal mental health provisions may not always be written into plans, there’s growing awareness among CISOs about the importance of managing stress and scheduling breaks during high-pressure incidents to maintain team resilience.

Moving on from CrowdStrike

With the CrowdStrike outage in the rearview mirror, we know many organizations unwittingly allow vendors like CrowdStrike to continue to operate as a single point of failure, underscoring the need for stronger disaster recovery (DR) and business continuity (BC) planning. While it's ideal to have robust plans, it’s also challenging to mitigate every potential risk when you rely heavily on core vendors like CrowdStrike, Microsoft, or AWS, noted Christopher Burgess in a recent CSO Online piece. Organizations that didn’t use CrowdStrike should take the opportunity to learn from the incident, reconsider BitLocker key management, and improve their change management processes. Communication with vendors and careful risk management are critical to minimizing future disruptions.

Listen to the full episode over on our blog or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Additional thanks for the witting and unwitting contributions from Rachel Bicknell of Dell, Brian Thompson of PNC, Troiano Frank of DarkTrace, Tim Krabec of Scripps Research, Stephen Dye of Uplift Cyber, Daniel Polimeni of Guidepoint Security, and John Helt, Accenture Federal Services for providing our “What’s Worse” scenario.

Listen to the full episode.

Thanks to our podcast sponsors, Fortra, Quadrant Information Security, and Savvy Security

Subscribe
Subscribe to CISO Series Podcast

Please subscribe via Apple Podcasts, Spotify, YouTube Music, Amazon Music, Pocket Casts, RSS, or just type "CISO Series Podcast" into your favorite podcast app.

When You Just Can't Take It Anymore in Cyber…

"I think part of burnout is realizing, again, you are a role, this is a function. The sun will set, the sun will rise, no matter what happens in cyber for your company. As a CISO, you have some responsibility to educate, to inform, to ensure everyone is aware of risks, aware of threats, aware of impact. At the end of the day, it’s not my risk to accept. And that’s, I think, where people feel like the CISO is supposed to accept and fix everything, and you can’t." - Patty Ryan, senior director, CISO, QuidelOrtho

Listen to full episode of "When You Just Can't Take It Anymore in Cyber"

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines Newsletter - Every weekday

LIVE!
Cyber Security Headlines - Week in Review

Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jason Shockey, CISO, Cenlar FSB.

Thanks to our Cyber Security Headlines sponsor, Vanta

LIVE!
PREVIEW: CISO Series Podcast LIVE at Stanford 10-17-24

CISO Series Podcast will be heading back to school for a live audience recording of our show at Stanford University as part of the Cybersecurity and Privacy Festival, or Cyberfest. Joining me on stage will be Amy Steagall, CISO at Stanford University, and Michael Tran Duff, Chief Information Security and data privacy officer at Harvard University. Here's everything you need to know:

WHERE: Frances C. Arrillaga Alumni Center (map)

WHEN: October 17, 2024 the event goes from 9 am to 4 pm. We'll be recording at 1:30 pm

It's free, but it's only for the broader higher education communities and Stanford schools and research centers.

REGISTER HERE

Huge thanks to our sponsors: Vorlon Security and Wiz

Super Cyber Fridays!
Join us, Friday [10-18-24], for "Hacking the Hype of Zero Trust"

Join us Friday, October 18, 2024, for “Hacking the Hype of Zero Trust: An hour of critical thinking about what are the identity and access functions that are helping us achieve this security nirvana.”

It all begins at 1 PM ET/10 AM PT on Friday, October 18th, 2024 with guests Rob Allen, chief product officer, ThreatLocker and Antony Symonds, Head of Group IT Operations, Westland Horticulture Ltd. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, ThreatLocker

Thank you!
Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.