- CISO Series Newsletter
- Posts
- 11-17-20 - Networks Wobble But They Don't Fall Down
11-17-20 - Networks Wobble But They Don't Fall Down
Networks Wobble But They Don't Fall Down
This week's episode of CISO/Security Vendor Relationship Podcast
Networks Wobble But They Don't Fall Down
is hosted by me, David Spark, producer of CISO Series and Mike Johnson. Our guest is Steve Zalewski, deputy CISO, Levi Strauss. All three of us discussed:
Looking to get hired? Show a CISO how you handle issues.
We've mentioned on previous episodes that the best schooling for cybersecurity is to set up experimental network and show how you can manage attacks. Show how your application can keep running even when you need to patch core libraries used by, say, the logic layer. In addition, how are you handling incidents? How do you hand a loss of data integrity, a loss of network availability, a loss of OS integrity to isolate your application from causing further harm to the company?
There will be a winner and loser in the debate over backdoor decryption keys.
Another horrible tragedy and another debate on whether or not messaging companies like Signal and WhatsApp should be required to make decryption keys available to authorities. This is obviously a complicated and thorny issue. What's at play here are authorities being blocked from doing their job because of technology. There is the loss of human life. And there is the loss of democratized privacy. There aren't any no checks and balances that can provide some benefit to any side of this equation. One side will win and one side will lose.
Demand the right to audit your SaaS vendor.
We talked about negotiating SaaS contracts and the right to audit was the big issue that kept coming up. Some SaaS vendors balked at similar requirements like pentesting which would benefit the SaaS vendor and customers. The reason you want to audit the vendor is you want to make sure they're doing the thing they say they're doing.
Special thanks to this week's podcast sponsor, BitSight.
is the most widely used Security Ratings service with a mission to change the way the world addresses cyber risk. Learn how BitSight for Third-Party Risk Management helps you efficiently mitigate the growing risk across your vendor ecosystem by taking an automated, data-driven approach.
Cyber Security Headlines
This week's sponsor of
Cyber Security Headlines
is Dtex.
THIS Friday [11-20-20] We're Hacking Data Protection and Visibility
Please join us on Friday, November 13th, 2020 at 10 AM PT/1 PM ET for “Hacking Data Protection and Visibility: An hour of critical thinking on how to gain back control of your data wherever it travels”.I'll be leading this discussion with David Tyburski, CISO, Wynn Resorts and Elliot Lewis, CEO, Keyavi DataWatch the preview video.
STICK AROUND FOR THE CYBERSECURITY SPEED DATING!
Immediately after the video chat (11:00 AM PT/2:00 PM ET) we'll rollover to our meetup where we'll match everyone who shows up with another cybersecurity professional. And we'll do it five times in less than 30 minutes.
Thanks to our sponsor Keyavi Data
Subscribe to all our podcasts
Click any of the podcasts below to get access to the subscription feeds. If you're already a subscriber, thank you!
