I’ll Show You My Risk Profile If You Show Me Yours

I’ll Show You My Risk Profile If You Show Me Yours

August 03, 2021

CISO Series

CISO/Security Vendor Relationship Podcast

I’ll Show You My Risk Profile If You Show Me Yours

I’ll Show You My Risk Profile If You Show Me Yours

Mike Johnson and I welcome sponsored guest Bruce Potter, CISO, Expel to discuss:

  • What's easier to manage, 3rd party risk profiles or exclusions?

  • Do you need a Git repository to apply for a job? What else?

  • What's in your happy-grab-bag for hybrid work environments?

  • Is there anything new to say about ransomware strategy?  

.

Thanks to our podcast sponsor, Expel

Thanks to our podcast sponsor, Expel

THURSDAY, August 5th, 2021 at Black Hat 2021 (virtually)

Reinventing Asset Inventory for Security

Reinventing Asset Inventory for Security

Right at the top of the CIS Top 20 is know your hardware, know your software, and know your data. In a nutshell, know your assets. And we've heard the line many times before: "You can't protect what you don't know you have."

Given that the problem of understanding your assets is so darn difficult, the discussion of asset inventory is entering a new phase: what is the security context of all these assets? Not all assets need to be protected equally and knowing about certain assets is far more important than others. 

I'm hosting this sponsored session on Thursday (August 5th, 2021) virtually at Black Hat 2021 from 11:20 AM to 11:40 AM PT. Joining me will be Qualys executives Ben Carr, CISO and Ed Rossi, vp product management. We will discuss the importance of security context for IT assets, which teams benefit from the information, and how to effectively implement a cybersecurity asset management practice.

This Black Hat session is sponsored by Qualys

Qualys

Overheard on CISO/Security Vendor Relationship Podcast 

“The biggest mistake that CISOs can make is imposing a security program that's pre-planned for any organization, before they really know the organization. We are hired to tailor fit a security program for the organization we're hired to protect and, just like any tailored suit, you've got to take a lot of measurements” - Jason Fruge, CISO, Rent-a-Center

Listen to full episode of "

"

Cyber Security Headlines 

Top headlines for Tuesday, August 3, 2021:

  • Phantom ships appearing on AIS

  • NSO spyware found on French journalists phones

  • PwnedPiper vulnerabilities impact 80% of major hospitals in North America

to this episode.

or subscribe to the daily newsletter.

Thanks to this week's headlines sponsor, PlexTrac

Thanks to this week's headlines sponsor, PlexTrac

No Video Chat this Friday, but join NEXT Friday [08-13-21] for "Hacking Cloud Infrastructure"

Hacking Cloud Infrastructure - August 13, 2021

There's no Video Chat this week, because we're off for Black Hat and DefCon. But we'll be back next week, and our discussion will be 

"Hacking Cloud Infrastructure: An hour of critical thinking about how identity is your front line of defense for your infrastructure.”

It all begins at 10 AM PT/1 PM ET on Friday, August 13, 2021 with guests Arick Goomanovsky, CBO & co-founder, Ermetic, and Travis McPeak, head of product security, Databricks. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our Icebreaker (AKA "cybersecurity speed dating").

Thanks to our video chat sponsor, Ermetic

Thanks to our video chat sponsor, Ermetic

Overheard on Defense in Depth 

“If your company does something else, where IT is considered a necessary evil, not foundational to the business, then reporting to the CIO is a difficult place to be. Because trying to get your message across, it gets buried under the larger bias of the company's perspective of IT.” - Steve Zalewski, co-host, Defense in Depth

Listen to full episode of "

."