View this email in your browser

Super Cyber Fridays!

Join us TOMORROW, Friday [11-17-23], for "Hacking U.S. Data Privacy"

Join us Friday, November 17, 2023, for “Hacking U.S. Data Privacy: An hour of critical thinking on dealing with ever changing patchwork of regulations.”

Joining me for this discussion will be:

• Matt Cooper, senior manager, privacy risk and compliance, Vanta

• Greg McCord, CISO, Lightcast

It all begins at 1 PM ET/10 AM PT on Friday. We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.

Register

Thanks to our Super Cyber Friday sponsor, Vanta

Defense in Depth

Building A Cyber Strategy For Unknown Unknowns

As security professionals, we know a lot of the things we lack visibility into that can cause security issues. That alone is enough to keep your team occupied. But what about the things you don't even know about in the first place?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, security researcher, Censys.

Preparing for the unknowns in cybersecurity

The very nature of cybersecurity is dealing with uncertainties and unpredictable challenges. So do unknown unknowns actually even exist? "Unknown unknowns are more of a conceptual space that represents, ‘We know we don’t know everything, so expect a little chaos from time to time,'” said Matt Holland from seedata.io. CISOs need practical ways of coping with the reality of not even knowing what might hurt the organization. "Dealing with the unknown unknowns comes down to resiliency. All you can do is prepare as best you can to survive in the face of a determined adversary," said Edwin Covert of Bowhead Specialty.

Fostering a collaborative security culture

A proactive security culture is a great defense against unknown unknowns. Jonathan Waldrop from Insight Global came up with a great metaphor, "If the security team is the firefighter, then the rest of your company needs to be Smokey The Bear and work to prevent fires." This is where a security culture needs to extend to the whole business, not just the security team. "Get everyone in the org to report things they don’t understand or don’t work as expected. Make sure the security team has the capacity and competence to follow up on all of the reports," said Jovica Ilic of WIM Security. 

Security needs to think as creatively as threat actors

The realm of cybersecurity is marked by dynamic threats and evolving challenges, often rendering a proactive approach as the best defense. "This is where you want human creativity to be encouraged and have dedicated time to think strategically. Successful strategies are about adding thoughtful perspective," said Rocky DeStefano from RiskOne. Cyber threats are constantly evolving, so you need to give your team a chance to be more than just reactive. "The challenge is to discover the unknown unknowns first and try to improve before they can be used against you," said Andrew Hendela of Karambit.AI. 

Preemptive approaches in cybersecurity

One way to think ahead of threat actors is to actively look at how your security controls can fail. "During a pre-mortem, we challenge ourselves to identify all the ways our proposed security control could fail. This gives us a list of concerns to address as part of our design," said Benjamin Purgason from LinkedIn. Jordan Wigley, Field CISO at SimSpace, advocated for the value of real-time simulations. He notes, "The ability to simulate your 'worst day in the office' before it actually happens helps to uncover gaps in playbooks. Then you can be prepared mentally and procedurally to remain calm when it counts most." 

Please listen to the full episode on your favorite podcast app, or over on our blog where you can read the full transcript. If you’re not already subscribed to the Defense in Depth podcast, please go ahead and subscribe now.

Thanks to our podcast sponsor, Censys

LIVE!

 Cyber Security Headlines - Week in Review 

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Jay Wilson, CISO, Insurity.

Thanks to our Cyber Security Headlines sponsor, Sysdig

Cyber chatter from around the web...

Jump in on these conversations 

"Why do we accept these dumb marketing catch phrases like “air-gapped”?" (

More here

)

"How to start classifying data at a company that has never classified data before" (

More here

)

"What is your process for creating and releasing new SIEM rules?" (

More here

)

Coming Up On Super Cyber Friday...

Coming up in the weeks ahead on Super Cyber Friday we have:

• [11-17-23] Hacking US Data Privacy

• [12-01-23] Hacking Trust Management

• [12-08-23] Hacking Resilience

Save your spot

and register for them all now!

Thank you!

Thank you for supporting CISO Series and all our programming  

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.