We Look Under the Cushions for Unused Security Opportunities

We Look Under the Cushions for Unused Security Opportunities

June 06, 2019

CISO | Security Vendor Relationship Series

This week's episode of Defense in Depth

Amplifying Your Security Posture

Defense in Depth: Amplifying Your Security Posture

 On this episode of Defense in Depth:

Co-host Allan Alford and our guest Matt Southworth, CISO of Priceline, discuss the following:

  • When you manage too many people you get to a point of saturation. Are you doing security or are you managing people?

  • Core success comes from looking outside your immediate staff for security help. Most common programs are Security Champions and Security Prime. The first are just people outside of the InfoSec team who really want to learn about security, and the Prime players are actually implementing it.

  • Look for ways to reduce overheard in terms of paperwork, meetings, and unnecessary programs. If what you're doing is not helping, stop doing it.

  • Empower individuals to make their own decisions about security without the chain of command of approvals.

  • Avoid giving orders, because once you do you'll always be called into a meeting on that topic.

  • Use artificial intelligence (AI) to take work off of the security operations center (SOC) and incident response team.

  • The "lazy" sysadmin who automates all his tasks is a highly productive member.

  • Communicate to everyone that security requires the entire company's support, not just the security staff.

Special thanks to this week's Defense in Depth podcast sponsor, SecurityBridge.

SecurityBridge

Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation. 

Allan Alford on the burden of new tech on your staff

Participation and sponsorship opportunities with CISO Series

We've got lots of ways to get involved with the CISO Series.

  • Participation page with tips on segment ideas we love.

  • Record a question, comment, or even a "What's Worse?!" challenge.

  • Sponsor CISO/Security Vendor Relationship Podcast or Defense in Depth.

  • Sponsor one of our live recordings. We've got openings coming up in Las Vegas, New York City, Sydney, and Los Angeles.

  • Align your brand with a deluge of media all on one topic by sponsoring our "Topic Takeover" series. Here's an example of one we did on vulnerability management.

Got questions or requests about any of these programs? Just hit REPLY to this email or contact us via the site.

Al Ghous, head of cloud security, GE Digital on getting questioned by vendors

SUBSCRIBE TO BOTH PODCASTS

Go ahead and click on any of these links to subscribe to the podcast feed of your favorite podcast catcher.

If you're already a subscriber, THANK YOU! If you like either or both shows, please tell all your friends on social media and write a review on iTunes.