- CISO Series Newsletter
- Posts
- 11-19-19 - What Security Advice Will Your Family Ignore?
11-19-19 - What Security Advice Will Your Family Ignore?
What Security Advice Will Your Family Ignore?
This week's episode of CISO/Security Vendor Relationship Podcast
What Security Advice Will Your Family Ignore?
On
, Mike Johnson and our guest Jeff Hudesman, head of information security, DailyPay. discussed:
Have one cybersecurity goal with your family over the holidays.
Most of us who work in tech and cybersecurity find ourselves turning into tech support when we're visiting the family. Focus on one big piece of advice. Will it be to employ a password manager, two-factor authentication, or will you just remind them to never rush a decision especially when a call or email seems threatening or imposes a time limit.
Get your security program up to snuff before you start red teaming.
Don't just start testing your defenses to see where you're at before you actually build a security program. It will just be a big loss, there will be lots of resentment, and you'll probably prove what you knew you had to do anyway.
Red teaming is to see if your controls and processes are working correctly.
When you're ready to red team, what you're looking to see is if your controls are working. Can it actually detect attacks? Plus, you want to see if your incident response tools and team are in place and know what they're doing.
While we recommend MFA, use it cautiously in your business.
Multi-factor authentication is a powerful security prevention measure, but if implemented incorrectly it could do damage to the usability to your product. Depending on the service you're offering and your business, question whether you want to enforce MFA or make it optional.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Tenable
Effective vulnerability prioritization helps you answer three questions: Where should we prioritize based on risk? Which vulnerabilities are likeliest to be exploited? What should we fix first? Tenable gives you the accurate and actionable data you need to answer these questions and better secure your business. Learn more: tenable.com/predictive-prioritization.
CISO Series Video Chat (Friday, 11/22/19 at 10 AM Pacific)
Hacking the Email Pitch:
An hour of critical thinking about security vendor’s very first outreach to a prospect
What is a vendor trying to convey with an email pitch? Are the incentives for getting a response generating the right behavior? What types of emails work well? Is the email pitch something that should be forgone altogether since so many CISOs flat out say they delete all their email pitches? If so, what should replace it?Joining me, in this discussion of vendor email pitches will be Olivia Rose, CISO, Mailchimp and John Prokap, CISO, HarperCollins, two very outspoken CISOs when it comes to vendor pitching.Anyone else can join and be a part of the discussion.Please REGISTER and be part of the event this Friday.
Hacking the CIS Top 20
from the 11-08-19 recording of our weekly CISO Series Video Chat.
We talked at great length about the CIS Top 20 checklist of controls.
Our panelists were Jeff Kohrman, CEO of eCISO, and Greg van der Gaast, head of information security at The University of Salford.
If you're not already participating in our weekly CISO Series Video Chats, start signing up. The next one is in the blue section just above this.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.