As part of our CISO interview series, we'll ask Graeme our standard questions, including: How did you get started in security?, What security problems do you face on a daily basis?, How have you solved your challenges?, Where do you report within the organization? And any other advice or recommendations for other CISOs.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode178
In the Leadership and Communications section, Five signs a virtual CISO makes sense for your organization, How to Negotiate — Virtually, Why Securing Endpoints Is The Future Of Cybersecurity, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
The recent pandemic has been a financial burden across the country while also forcing businesses to transition to a work from home environment where IT and security departments were tasked with making sure their security infrastructure were prepared. As the country slowly begins to reopen, organizations may not have the necessary funds to spend on areas of their business, including security. Knowing what security best practices to prioritize can help organizations reduce risks, while getting back to work, without breaking the bank.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode177
In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO...
All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode176
Jen Ellis focuses on cybersecurity policy for Rapid7. Working with governments, manufacturers, and operators, Jen strategizes on policies and practices that will actually disrupt cybercrime at scale. By changing the behavior of attackers through complexity and costs, these strategies can truly disrupt cybercrime. We'll discuss some of the latest strategies, including CyberBOM, Hack Back, Vulnerability Disclosure, and other Secure by Design approaches to cybersecurity.
To learn more about Rapid7 or to request a demo, visit: https://securityweekly.com/rapid7
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode175
In the Leadership and Communications section, CISO vs. CEO: How executives rate their security posture, 3 Reasons Why Cybersecurity Is Not A Technical Problem, How to Be a Great Listener in Remote Meetings and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode175
In the leadership and communications section, Burnt out CISOs are a huge cyber risk, to build strategy, start with the future, 78% of Organizations Use More than 50 Cybersecurity Products to Address Security Issues, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
As many organizations look to their "new normal," remote work will likely be a large piece of that strategy. Adler will dive into the impact this has on the SOC and why EDR should be top-of-mind.
To learn more about RSA Security, visit: https://securityweekly.com/RSAsecurity
To check out the RSA NetWitness Platform (SIEM and integrated EDR), visit: https://www.rsa.com/en-us/products/threat-detection-response
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode174
In the leadership and communications section, Top 5 Tactical Steps for a New CISO, Good Leadership Is About Communicating “Why”, 5, ok maybe only 4, CISO Priorities During the COVID-19 Response, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode173
The coronavirus has focused the world’s attention on disease spread like never before. This discussion will draw out some of the parallels that can inform how we do our work in cybersecurity, and that are helpful in communicating with the people who pay the bills. All the new vocabulary around “social distancing”, “contact tracing”, and “flattening the curve” is useful for our discussions in cybersecurity.
To learn more about RedSeal, visit: https://securityweekly.com/redseal
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode173
In the leadership and communications section, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode172
During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as “the human error”.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode172
In the Leadership and Communications section, Executives and Boards, Avoid These Missteps in a Crisis, Strategizing a return to the office, How to Answer an Unanswerable Question, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode171
The concept of the CISO/Security Vendor Relationship Series started more than two years ago when relations between security vendors and practitioners appeared very strained. Since we started producing our podcasts more than a year and a half ago, anecdotally, we're seeing a lot of improvement. But, there are still plenty of issues like what we saw more than two years ago.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode171
In the leadership and communications section, Leaders, Do You Have a Clear Vision for the Post-Crisis Future?, 3 recession scenarios and their impact on tech spend, Supply chain transparency: Technology, partnership and progress, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode170
As the Co-Chair of the Leadership Board for InfoSec World Conference in Orlando, FL this June 2020, Summer will discuss how this is an excellent opportunity for Executive, Management, and Technical teams to attend a conference together to learn more about both the business of cyber security and the latest in technical capabilities.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode170
In the leadership and communications section, the 3 stages of adapting to a crisis, build a culture that aligns to people's values, stop, start, defer: how companies are navigating technology spend in a crisis, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode169
It's our Security Money show, where we'll review the Security Weekly 25 Index and all the financial updates for both the public and private security markets.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode169
In the leadership and communications section, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode168
This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days. Significant risks are still manageable, but what are the concrete steps that can be taken toward cyber resilience. In conversations with leading scientists, government officials, and corporate executives, the prevailing consensus is that we are capable of defending ourselves as individuals, as organizations, and as a nation, but that our cyber security remains contingent on the a consensus that it is worth prioritizing.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode168
In the leadership and communications section, Real Leaders: Abraham Lincoln and the Power of Emotional Discipline, Social Distancing: 15 Ideas for How to Stay Sane, Rethink Your Relationship with Your Vendors, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
How do you protect your assets commensurate with their value if you lack situational awareness of everything communicating on your network thanks to IoT, rogue cloud instances, and shadow IT? If we can agree that EDR doesn't give the full picture, what can the security industry do to combat this challenge both from a technological and a process/culture perspective? Jeff will discuss how asset and risk management is changing and open up a conversation around how the CIA Triad has and is evolving.
For more information, visit: https://securityweekly.com/extrahop
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode167
In the leadership and communications segment, Drowning in a Sea of Alerts, Boeing taps Qantas exec Susan Doniz as CIO, CIO interview: Ian Cohen, chief product and technology officer, at Addison Lee, and more.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://wiki.securityweekly.com/BSWEpisode166
What data compliance regulations apply to a Las Vegas hospital with California patients? One major compliance fine can lead to a big financial hit and a complete loss of customer trust, so understanding ‘where your data lives’ and how the law shifts based on the location of data collection, storage and transfer is paramount. With no overarching federal data law, each state can (and does) require different duties from organizations that collect and keep data. A big challenge for compliance teams is figuring out which state (or states) claim your data. Unfortunately, the legal world of intangible data property is complicated and sometimes even contradictory. I will also preview my InfoSec World 2020 session - Cyberlaw Year in Review. Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://wiki.securityweekly.com/BSWEpisode166