Security Made the Mess. They Should Clean It Up.

Security Made the Mess. They Should Clean It Up.

August 28, 2018

CISO | Security Vendor Relationship Series

This week's podcast episode

Security Made the Mess. They Should Clean It Up.

Security Made the Mess. They Should Clean It Up.

What you'll learn:

On this week's podcast, co-host Mike Johnson, CISO, Lyft, and guest Zane Lackey, co-founder and CSO, Signal Sciences, discuss the following:

  • InfoSec made the department of "no." It's their job to get it to the department of "yes." Instead of being seen as problem creators, security needs to work with the rest of the company to be seen as problem solvers. Actively make other departments more successful, and even faster - with security!

  • A security vulnerability is a bug. Developers want to write clean code, and that means secure code. If you want your applications to be more secure, meet developers where they are. Get into their pipeline of development and provide them with the tools and advice to let them know when code isn't perfect.

  • Security tooling needs to be universally digestible. The problem with traditional security tooling is it's been designed for only security professionals to understand and use. Modern security tooling needs to be usable by everyone.

  • When leaving your computer in your car is a dangerous security vulnerability: Some of us never leave our computer in our car, but if you do, what can you do to protect yourself besides just locking the doors? 

  • Stop calling WAFs magical boxes. Web application firewalls (WAFs) are not going to just stop every single attack. Heck, all firewalls can be penetrated. WAFs simply need to be more flexible to work with any type of application and API. They shouldn't be breaking apps. Rather, they should be providing visibility as to where data is coming and going from an app. 

    • A good customer wants to solve problems. Traditionally on the show we focus on what vendors can do better. On this episode we focused on what users can do to be better customers. Vendors don't want customers just gawking on their software. They want to know specifically about the customers' problems. That way they've got a target to address. 

    Special thanks to Signal Sciences for sponsoring this episode of the podcast. If you’re using WAFs, make sure you read “Three Ways Legacy WAFs Fail,” by their head of research, James Wickett.

    THANKS to newsletter sponsorCarbon Black is leveraging the power of big data and analytics to solve the challenges surrounding endpoint security. With the Cb Predictive Security Cloud platform, they are transforming cybersecurity to deliver a new generation of cloud-delivered security solutions designed to protect against the most advanced threats.

    CONTRIBUTE: The marketing value of industry goodwill

    Two weeks ago, I asked for stories about overcoming roadblocks, and got some great feedback, which went into the story you see below. I'm looking for more contributions. I'm eager to know your tales of how you've giving back to the security community and how that participation and goodwill has benefited your business.Please just reply to this email or connect with me on LinkedIn and tell me your story. 

    This week's article for the CISO/Security Vendor Relationship Series

    Four Stories of Security Vendors Overcoming Roadblocks

    Four Stories of Security Vendors Overcoming Roadblocks

    Nobody wants to be a roadblock, but sometimes we can't get out of our own way. Read the article for more on these tales of overcoming hurdles in security sales:

    • One person’s needs don’t necessarily speak for the whole company. If you know the company would benefit from your solution and your point of contact doesn't want to hear it, do an end-around to find a champion within the company. 

    • Brute force gets you… nowhere: Constantly hammering a prospect until they give up and respond is not a valid or effective sales tactic. Focus first on increasing awareness.

    • We’re the best at… oops! You may claim to be the best at something, but one day a "David" may take you down. Are you ready, and can you respond?

    • The roadblock of being young, inexperienced, and having no contacts: At one time we were all at this roadblock. How do you overcome it and get the respect you need to be successful?

    BE FEATURED IN ONE OF MY VIDEOS

    For those of you who remember the original articles in the CISO/Security Vendor Relationship Series, they were always followed up with a video where I would highlight my favorite comments. In fact, the video from last week's article will drop later this week.Leave a tip, opinion, or tell me your own story of overcoming a roadblock on the LinkedIn post. Best comments make it to the featured video.

    Sponsor the podcast or the series!

    This week I relaunched the CISO/Security Vendor Relationship Series. You'll see more articles, videos, an ebook, and a webinar. We've been extremely fortunate to have a number of vendors eager to sponsor the podcast and the series.

    If you'd like to sponsor the podcast or the full series please reply to this email or connect with me on LinkedIn.

    SUBSCRIBE TO THE PODCAST

    Got a podcast catcher? Search for "CISO" and chances are you'll find the CISO/Security Vendor Relationship Podcast. If it doesn't come up, go ahead and click on any of these links to subscribe to the feed.

    If you're already a subscriber, THANK YOU! If you like the show, please tell all your friends on social media and write a review on iTunes.