Cyber adversaries have mastered the art of staying one step ahead of our controls. As endpoint protections grow stronger, attackers have adapted by going further down the stack - targeting firmware, hardware and device-level vulnerabilities. Eclypsium’s John Loucaides discusses recent exploits, and the steps business security leaders should be taking to protect the foundations of the enterprise.
This segment is sponsored by Eclypsium. Visit https://securityweekly.com/eclypsium to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw187
In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw187
In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw186
Organizations need a highly skilled security chief to drive fundamental initiatives and align activities to address pressing enterprise needs. Proven CISOs (Chief Information Security Officers) are hard to find and essentially they could become challenging to retain and afford. Flexible Virtual CISO model is an excellent choice to achieve your enterprise goals in terms of security. Companies usually face diverse challenges in term of cost, retention, limited talent in a particular location, etc. The solution to achieve operational excellence and drive highly successful security programs at a fraction of the cost, is to hire a vCISO. A Virtual CISO will occupy the same place in the organization a full-time CISO would, but in a more cost-effective way. A vCISO will provide strategy, guidance, and oversight to achieve operational success in security. Operating with an independent voice, they often can escape the internal politics that plague some organizations.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw186
Ed Amoroso spent over 30 years with AT&T and was frustrated with the security research and advisory firms. We all have our stories, but Ed decided to do something about it. He created TAG Cyber to democratize world-class cyber security research and advisory services.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw185
In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw185
In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw184
Jeff Costlow, Deputy CISO at ExtraHop, will discuss the challenges of detecting and patching Ripple20. Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. There are two primary attack vectors: Internet Protocol and Domain Name Services. Jeff will discuss ExtraHop's approach to detecting these devices and provide a quick demo of the solution.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/ to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw184
A ground shaking exposé on the failure of popular cyber risk management methods. This book is the first of a series of spinoffs from Douglas Hubbard’s successful first book, How To Measure Anything: Finding the Value of “Intangibles” in Business.
Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw183
Global spending on cyber security totals over $100 billion per year, with no upper limit in sight as adversaries remain successful at compromising even well-resourced organizations. Why do adversaries remain successful despite advances in security technologies and risk frameworks? As it turns out, an often-overlooked architecture from 30 years ago is a common thread among many successful attacks. By re-thinking the ubiquitous web browser and its connection to the internet, CIOs and CISOs can nearly eliminate their internet risk surface, provide users the tools and access they need, and free up incident responders to focus on more advanced threats.
This segment is sponsored by Authentic8. Visit https://www.authentic8.com/bsw to learn more about them!
To download your copy of "The Billion Dollar Security Blanket" by Matt Ashburn, visit: https://www.authentic8.com/bsw
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw183
Marketing to today’s CISO is no easy task. CISOs have an unprecedented amount of work on their plates with constantly shifting technology, vast amounts of data in motion, regulatory requirements and new threats arising daily. We'll discuss the results of a Merritt Group Survey on Marketing and Selling to the CISO, 2020 Edition.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw182
Drew Cohen discusses the cybersecurity challenges that have risen with many businesses shifting to WFH environments during the pandemic. We'll review some of the top cybersecurity issues/threats, including home network security, document signing, industrial IoT, and 5G, that businesses should be aware for the second half of 2020.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/bsw182
In the Leadership and Communications section, CISOs undervalued, overworked, burning out, warns CIISec, The 10 Worst Cybersecurity Strategies, AppSec Becomes A Priority For New CISOs/CSOs, and more!
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://www.securityweekly.com/bsw for all the latest episodes!
The use of Application Control - commonly referred to as whitelisting or Zero Trust Execution - is considered to be a robust and essential Cloud Workload Protection strategy, largely due to the high predictability of cloud environments. But it does not prevent all cyber attacks. Attackers can exploit vulnerabilities in trusted applications or utilize whitelisted apps for malicious intent - referred to as Living off the Land (LotL). App Control also presents some operational headaches for cloud security teams, requiring strict and often unrealistic policies. We will discuss how to build a robust Application Control strategy for your workloads that is informed by these challenges. This segment is sponsored by Intezer.
Show Notes: https://wiki.securityweekly.com/bsw181
Visit https://securityweekly.com/intezer to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
In the Leadership and Communications section, I'm a CISO, what's next?, The Upside of Virtual Board Meetings, The new cybersecurity priorities of 2020, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode180
This week, it's our quarterly Security Money update of the Security Weekly 25 Index and the Nasdaq. At the close on July 10th, 2020: - SW25 Index is 1,437.23, which is an increase of 43.72% - NASDAQ Index is 10,617.44, which is an increase of 60.01% Both indexes closed at an all time high on July 10th, 2020
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode180
In the Leadership and Communications section, Profile of the Post-Pandemic CISO, Time to rethink business continuity and cyber security, Protecting Remote Workers’ Productivity and Performance, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode179
It's time to come out and say it: "response" means something different to every category in cybersecurity. Yet, it's broadly used with little industry definition. In endpoint detection and response (EDR) systems, "response" refers to a prescriptive set of actions that can be taken with little to no human intervention. For example, if suspicious activity occurs on a device, that device can be automatically quarantined by the EDR tool. In network detection and response, "response" is more broad. The network is too vast and interconnected for blunt responses and therefore requires more surgical precision and investigation.
To request a demo with ExtraHop, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode179
In the leadership and communications section, Why Cybersecurity Is Really A Business Problem, 6 Reasons Your Strategy Isn’t Working, 5 cities with the highest tech salaries, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode178
As part of our CISO interview series, we'll ask Graeme our standard questions, including: How did you get started in security?, What security problems do you face on a daily basis?, How have you solved your challenges?, Where do you report within the organization? And any other advice or recommendations for other CISOs.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode178
In the Leadership and Communications section, Five signs a virtual CISO makes sense for your organization, How to Negotiate — Virtually, Why Securing Endpoints Is The Future Of Cybersecurity, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
The recent pandemic has been a financial burden across the country while also forcing businesses to transition to a work from home environment where IT and security departments were tasked with making sure their security infrastructure were prepared. As the country slowly begins to reopen, organizations may not have the necessary funds to spend on areas of their business, including security. Knowing what security best practices to prioritize can help organizations reduce risks, while getting back to work, without breaking the bank.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO...
All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
Jen Ellis focuses on cybersecurity policy for Rapid7. Working with governments, manufacturers, and operators, Jen strategizes on policies and practices that will actually disrupt cybercrime at scale. By changing the behavior of attackers through complexity and costs, these strategies can truly disrupt cybercrime. We'll discuss some of the latest strategies, including CyberBOM, Hack Back, Vulnerability Disclosure, and other Secure by Design approaches to cybersecurity.
To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode175