[11-02-23]--Join us tomorrow for “Hacking SOC 2”

Join us tomorrow for “Hacking SOC 2”

November 02, 2023

CISO Series

Super Cyber Fridays!

Join us TOMORROW, Friday [11-03-23], for "Hacking SOC 2"

Hacking SOC 2

Please join us on Friday November 3, 2023 for Super Cyber Friday.Our topic of discussion will be "Hacking SOC 2: An hour of critical thinking on trust, security, and compliance."Joining me, David Spark, producer of CISO Series for this discussion will be:

  • Kim Elias, senior compliance specialist, Vanta

  • Jared Mendenhall, head (CISO) of information security & infrastructure, Impossible Foods

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face.

Thanks to our Super Cyber Friday sponsor, Vanta

Vanta

Defense in Depth

People Are the Top Attack Vector (Not the Weakest Link)

People Are the Top Attack Vector (Not the Weakest Link)

In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vector, but are they actually the weak leak in your defenses? It’s not enough to just throw blame at the pesky humans. CISOs need to take a holistic view of security to account for humans as an attack vector, without thinking they are the sole issue in their security program.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is our guest, Christina Shannon, CIO, KIK Consumer Products.

Addressing the Human Element in Cybersecurity

As much as we can laud technical advancements, human factors remain important considerations in cybersecurity. "We all have our weaknesses and limitations and that is what malicious actors are attacking. Understanding human behavior in cybersecurity requires a comprehensive approach," said Calvin Nobles from Illinois Tech College of Computing. Bob Fabien from the U.S. Navy Reserve thinks organizations need to account for this, saying, "This is why security awareness training is crucial to help ‘patch’ the human." But we shouldn’t put this all on staff. Patrick Coomans of TrustHackers believes the spotlight should be on leadership, "I'm convinced the weakest link is top management, as they make or break a positive, learning cybersecurity culture."

Reframing the 'Weakest Link'

The narrative around human error and vulnerability in cybersecurity needs to be challenged. Lance Spitzner of the SANS Institute emphasizes this, saying, "'People are the weakest link' only blames the very people we are trying to help." It's also problematic to think cybersecurity issues wouldn’t exist if we eliminated human elements. "It's disingenuous to presume that cybersecurity would be perfect if not for users," said Josiah Dykstra from the National Security Agency.

Put User Experience at the Forefront

Security can’t afford to put user experience on the back burner. Tim Williams, former CISO at Docebo, makes no bones about it, saying, "Any security initiative that does not consider user experience is bound to fail. We must make security a seamless, integrated capability that isn't a roadblock but an enablement feature." As part of this, CISOs need to blend efficiency with usability. "Winning the hearts and minds means enabling the business to operate with peace of mind, always delivered with kindness and empathy," said Ulf Wollenweber from Deutsche Börse. User-centric isn’t a luxury, it’s essential.

Human Risk Management Must Go Beyond Technical Aspects

When talking about human risk management, we need to look outside the four walls. This includes the digital footprint of staff. "Managing human risk is incomplete without a focus on reducing the human attack surface beyond the firewall. Just as we scan and patch technical vulnerabilities, the same proactive approach can be applied to digital footprints that fuel attacks,” said Matt P. from Picnic Corporation. A holistic approach to security marries technological defenses with a keen awareness of human-centric vulnerabilities.Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now. 

Thanks to our podcast sponsor, SPHERE

SPHERE

LIVE!

 Cyber Security Headlines - Week in Review 

Week In Review Shawn Bowen

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Shawn Bowen, CISO, World Kinect Corporation.

Thanks to this week's headlines sponsor, Hunters

Hunters

Cyber chatter from around the web...

Jump in on these conversations 

"SOC analyst role hasn’t prepped me for the next step in my career" (

)

"When is OSINT really used by cyber criminals?" (

)

"How to become more knowlegable" (

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

  • [11-03-23] Hacking SOC 2

  • [11-17-23] Hacking US Data Privacy

  • [12-01-23] Hacking Trust Management

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.