• CISO Series Newsletter
  • Posts
  • [11-28-23]--​​Ugh, Lawyers Take All the Fun Out of Surviving a Cyberattack (LIVE in Las Vegas)

[11-28-23]--​​Ugh, Lawyers Take All the Fun Out of Surviving a Cyberattack (LIVE in Las Vegas)

​​Ugh, Lawyers Take All the Fun Out of Surviving a Cyberattack (LIVE in Las Vegas)

CISO Series

CISO Series Podcast

Ugh, Lawyers Take All the Fun Out of Surviving a Cyberattack (LIVE in Las Vegas)

Ugh, Lawyers Take All the Fun Out of Surviving a Cyberattack (LIVE in Las Vegas)

A cyberattack is difficult enough to work through. But many CISOs might not be prepared for the legal surprises that can come in the aftermath. From working with insurance companies to notifying those impacted by data loss, there are a lot of issues to deal with. How does a security team work with legal beforehand to address these issues when drawing up incident response?

This week’s episode is hosted by me, David Spark, producer of CISO Series and sponsored co-host Jason Sabin, CTO, DigiCert. Joining us on stage was Alexandra Landegger, executive director of security, Collins Aerospace.

This episode was recorded in front of a live audience in Las Vegas as part of the DigiCert Trust Summit. 

Here come the lawyers

A discussion about cyberattacks often revolves around incident response. What is often left out of these discussions are the legal surprises that can await an organization after an incident. As outlined by Beth Burgin Waller in Dark Reading, this can include follow up investigations by cyber insurance companies, figuring out what regulatory bodies need to be notified, and potentially even clearing funds through OFAC if an organization pays a ransom. It’s not something you want to address when an incident is happening. Like all good incident response planning, know legal’s answers before so they don’t become a surprise when you do have an incident.

Career development after being a CISO

The road to being a CISO is almost always unique, so it’s hard to map out a career path to get there. But recently over on the cybersecurity subreddit, the question came up about how to keep developing your career after becoming a CISO. For someone that already has an advanced degree, like an MBA, are there any paths in academia or through certification that can open new doors? This question was asked of a CISO working at a small organization, hoping to move up to a much larger one.

Acceptable use policies (AUPs) in the spotlight

AUPs usually don’t get a lot of attention. But that’s changed of late with companies scrambling to update them to account for LLMs and other generative AI tools. Some organizations see AUPs as a way to limit user access to these tools. But this misses a key opportunity. Rather than use an AUP to create resentment, fear, or apathy from users, organizations should use them to inform and actually incentivize desirable behavior, argues Vawn Jimmelsbach in CSO Online. What better time to rethink these policies than with the advent of these new transformative tools?  

Preparing for post-quantum security

For the longest time, quantum computing seemed like Linux on the desktop It’s time is undeniably coming but still far ahead in the misty future. While your IT department won’t be adding a quantum computer to their expense report next year, we’re starting to see signs that the technology is a lot closer to practical reality. The security ecosystem is starting to prepare for this, with NIST releasing its post-quantum cryptography framework, something that we’re already seeing adopted by messaging apps like Signal. So if this technological promise is coming down the road sooner than later, CISOs need to start planning now to be ready.  

Listen to the full episode over on our blog, or your favorite podcast app where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.

Thanks to our podcast sponsor, DigiCert

DigiCert

Best advice I ever got in security...

"Cybersecurity is a team sport. You need to enlist every part of your organization to really achieve your mission. From legal to engineering, from privacy to digital, across the whole organization, you got to play together." - Alexandra Landegger, executive director of security, Collins Aerospace

Listen to full episode of

Subscribe to our newsletters on LinkedIn!

We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!

CISO Series Newsletter - Twice every week

Cyber Security Headlines - Week in Review

Make sure you 

 to join the LIVE "Week In Review" this Friday for 

Cyber Security Headlines 

with CISO Series reporter Richard Stroffolino. We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be Christina Shannon, CIO, KIK Consumer Products.

Thanks to our Cyber Security Headlines sponsor, SpyCloud

SpyCloud

Super Cyber Fridays!

What's the "No Questionnaire" Version of Building Vendor Trust?

Hacking Trust Management

Security is not based in getting the right answers to questionnaires, but rather what is the level of security you need from yourself and your vendors to satisfy your customers, explained Matt Cooper, senior manager, privacy risk and compliance of Vanta in this discussion that's a precursor to our Super Cyber Friday event that's happening this Friday, December 1, 2023. Our topic of discussion will be "Hacking Trust Management: An hour of critical thinking on how to prove you’re the company others want to work with." 

Also joining me and Matt will be Janet Heins, CISO, ChenMed.

It all starts at 1 PM Eastern/10 AM Pacific. At the end of the hour [2 PM Eastern/11 AM Pacific] we'll switch gears to our meetup where everyone will get a chance to chat face to face. Join us!

Thanks to our Super Cyber Friday sponsor, Vanta

Vanta

Ask Me Anything!

AMA: I’m a security professional leading a 1-3 person security team, Ask Me Anything...

Supporting hundreds if not thousands of people with a small security staff seems to be a daunting task, but these security professionals have done it (or are currently doing it).

This is an AMA that's running on the r/cybersecurity subreddit.

They’re all ready to answer your questions of pulling it off, dealing with the stress, and managing growth pains.

This AMA will run all week from 11-26-23 to 12-02-23.

Thank you!

Thank you for supporting CISO Series and all our programming

We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!

Everything is available at cisoseries.com.

Interested in sponsorship, contact me, David Spark.