The Ostrich Approach To Vulnerability Management

The Ostrich Approach To Vulnerability Management

October 05, 2021

CISO Series

CISO/Security Vendor Relationship Podcast

The Ostrich Approach To Vulnerability Management

The Ostrich Approach To Vulnerability Management

Mike Johnson and I welcome guest, Sameer Sait, CISO, Amazon-Whole Foods, to discuss:

  • What if software developers used academic citations for code acquired from outside sources?

  • What if a reported security vulnerability doesn't get fixed? Where do you go next?

  • What if a 3rd party app developer needs access to a file/print share over the internet?

  • What if you receive a pitch that makes a grandiose statement like "no false positives?" Follow-up or hard pass?

.

Thanks to our podcast sponsor, Code42

Thanks to our podcast sponsor, Code42

Overheard on CISO/Security Vendor Relationship Podcast 

“Prioritization is everything in security. From the security strategy to inner price services you provide. It's critically important that the entire team understands the prioritization criteria if you want them to be the most effective.” - Branden Newman, svp, CISO, MGM Resorts

Listen to full episode of "

"

Cyber Security Headlines 

Top headlines for Tuesday, October 5, 2021:

  • Facebook’s apps suffer massive outage

  • Amazon creates amazing phishing tool just in time for Christmas

  • Major telco exchange company hacked

to this episode.

or subscribe to the daily newsletter.

Thanks to this week's headlines sponsor, Votiro

Thanks to our podcast sponsor, Votiro

Join us this Friday [10-08-21] for "Hacking Regulations"

Join us this Friday for "Hacking Regulations"

Our discussion will be 

"Hacking Regulations: An hour of critical thinking of moving regulators from operational to risk-based auditing."

It all begins at 10 AM PT/1 PM ET on Friday, October 8, 2021 with guests Tim Bowden, svp, vulnerability management, Truist, and Ed Bellis, CTO and co-founder, Kenna Security. We'll have fun conversation and games, plus at the end of the hour (11 AM PT/2 PM ET) we'll do our meetup.

Thanks to our video chat sponsor, Kenna Security

HUGE thanks to our sponsor Kenna Security

Overheard on Defense in Depth 

“There are lots of fields of practice [in cybersecurity], and the key is we can't afford to put 12 or 14 years in for everybody to be a security generalist and then specialize. It's the other way around.“ - Steve Zalewski, co-host, Defense in Depth

Listen to full episode of "

."