10-31-19 - Our Users Don't Care About Security, So Why Should We?

Our Users Don't Care About Security, So Why Should We?

October 31, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Is Product Security Improving?

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest Michael Woodson, CISO, MBTA, discussed:

  • We focus our conversation mostly on consumer products, notably networking, which was the focus of the relevant study.

  • Some basic measurements of security, such as stack guards and buffer overflow protection, showed no noticeable improvement.

  • Margins are so slim on consumer products that manufacturers are in a bind. They can't overcharge and stay competitive, so they have to underdeliver, and often security protections are cut as a result.

  • People accept the failures of cybersecurity products by just accepting the end user license agreement (EULA).

  • Be very careful with these agreements. Often a vendor will make outrageous claims like saying they own the data.

  • When we have security incidents companies are not blamed or liable.

  • What type of pressure would need to be put on manufacturers to get them to improve security? Will it have to be standards, regulations, or government regulations?

Special thanks to this week's Defense in Depth podcast sponsor, Palo Alto Networks.

Palo Alto Networks

Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. 

Allan Alford on the Cyber Defense Matrix

CISO Series Video Chat TOMORROW! (Friday, 11/1/19 at 10 AM Pacific) Hacking the Boardroom Meeting: An hour of critical thinking about communicating with the C-suite

This is a super fun weekly event, so don't miss it.Joining me will be Gary Hayslip (@ghayslip), CISO, SoftBank Investment Advisers and cybersecurity consultant, Yael Nagler (@MavenYael).Hashtag for the event is #HackingVideoChat.And anyone else can join and be a part of the discussion. We want you to be a part of some serious out of the box thinking (and fun) on this subject.Go ahead and register. It all starts at 10 AM Pacific tomorrow.

How to Create the Most Attractive Entry Level Cybersecurity Jobs

Highlights from “How to Create the Most Attractive Entry Level Cybersecurity Jobs”

Here are 6 1/2 minutes of the best moments from our one hour video chat on the topic of attracting new cybersecurity professionals to the market. Special thanks to my two panelists Taylor Lehmann, vp, CISO, athenahealth, and Michael Piacente, managing partner, Hitch Partners, and all our participants.

Check out the entire video and web chat here.

Dena Bauckman, vp, product management, Zix on protecting the basics

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.