- CISO Series Newsletter
- Posts
- We're Gonna Run These Pen Test Exercises Until You Turn Purple
We're Gonna Run These Pen Test Exercises Until You Turn Purple
We're Gonna Run These Pen Test Exercises Until You Turn Purple
This week's episode of CISO/Security Vendor Relationship Podcast
We're Gonna Run These Pen Test Exercises Until You Turn Purple
, Mike Johnson and our guest Matt Southworth, CISO of Priceline, discuss:
Get attackers and defenders in the same room.
Build up your security stamina faster by getting red and blue team participants together. Learn the basics of security issues with purple team exercises and then you can really give them the once over with formal red team exercises.
Know what you've got before you determine risk.
Our show chronically discusses the importance of risk management, but we also understand there's no point in beginning those exercises if you don't understand the breadth of what you've got to protect. Asset management must come first.
Go smaller if you want to move up.
An InfoSec director at a Fortune 100 company wants to move up to the role of CISO. That's probably going to require moving out to a smaller company that wants to benefit from the InfoSec director's security experience allowing them to mature their security program.
Think beyond just security awareness training.
While it's important to get everyone up to a bare minimum with security knowledge, there are some staff members who are open and eager to be challenged. Level up those non-security personnel with more rigorous training. Start with your developers.
Special thanks to this week's CISO/Security Vendor Relationship Podcast sponsor, Praetorian.
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
LIVE recording at the San Francisco CISO Executive Summit
Mike Johnson and I are very excited to record yet another live episode of the CISO/Security Vendor Relationship Podcast, but this time in a room full of CISOs. We'll be the closing keynote at Evanta's San Francisco CISO Executive Summit on May 15th, 2019. Join us if you can. Attendance is by invitation only. Registrants will be granted confirmation based upon qualifications and space availability. Check to see if you qualify.
Best Advice to Overcome Vulnerability Management Concerns
We've been concerning ourselves with vulnerability management lately. And so after publishing
and a post by Allan Alford, CISO of Mitel, I culled the best responses to make this video in response to a very thoughtful discussion.
Special thanks to the video's sponsor, Vulcan Cyber.
Vulcan’s vulnerability response automation platform allows enterprises to automate their TVM programs. Vulcan integrates to existing IT DevOps and security tools to fuse enterprise data with propriety intelligence which allows to accurately and subjectively priorities and remediate vulnerabilities – either using a patch workaround or compensating control.
Two-factor authentication, also called 2FA, is vital, and should be considered the default in online security, not a fancy option.In short, 2FA means that two separate identifiers are required to gain access to an account. These identifiers should come from: 1.) something only you know, like a complex password, and 2.) something physically separate that belongs to you like a phone that can receive SMS messages, a physical token, a time or location limited message, or something biometric, like a retinal scan or fingerprint.Currently the SMS message is the most popular “second factor,” but security analysts say this is still the weakest option. A better option is to use an approved app, or to partner with a cybersecurity company who can build one for you.
SUBSCRIBE TO BOTH PODCASTS
Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.
If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.