Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw271
In the leadership and communications section, 5 Cybersecurity Questions CFOs Should Ask CISOs, How Leaders Can Escape Their Echo Chambers, 10 Cybersecurity Compliance Statistics That Show Why You Must Up Your Cybersecurity Game, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw270
Most current security risk assessments are not effective. Doug Landoll joins BSW to explain how we can fIx this. Doug will share 5 Essential Elements of an Effective Security Risk Assessment, including: - Scoping, Scheduling, and Champions - Team Structure - Data and Measurements - Calculations and Analysis - Reporting, Presentation, and Tracking
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw270
In the leadership and communications section, How CISOs can prepare for new and unpredictable cyberthreats, 8 Leadership and Management Principles from Ex-Navy Seal, Practice Transparent Leadership, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw269
IIoT infrastructure protection requires immediate attention. Barracuda just released key findings from a report titled "The state of industrial security in 2022," that covers the following:
• The network breaches, ransomware attacks, and other security incidents businesses are facing
• The current challenges related to infrastructure protection, remote access security, and digital transformation
• The solutions and strategies decision makers are using to close security loopholes and boost the protection of IIoT infrastructure
This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw269
In the Leadership and Communications segment: How to build a cyber capable board, Who Is Legally Responsible for a Cyber Incident?, Building a security culture of 'Yes', and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw268
This edition of Security money is a 2 quarter update for both Q1 2022 and Q2 2022. That's what happens when you have a lot of interest and interviews. Although the SW25 Index is down, it's still outperforming the Nasdaq!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw268
There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.
Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).
Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw267
Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.
Segment Resources:
- Forgepoint’s new CISO security priorities model: https://forgepointcap.com/news/forgepoint-capital-builds-first-ever-ciso-security-priorities-model/
Recent exits that Forgepoint supported: - Forescout acquires Cysiv on June 6, 2022(release: https://www.cysiv.com/news/forescout-announces-intent-to-acquire-cysiv and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-partha-panda-ceo-of-cysiv/)
- SentinelOne acquires Attivo Networks on May 4, 2022 (release: https://www.sentinelone.com/press/sentinelone-completes-acquisition-of-attivo-networks/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/attivo-networks-why-we-invested/)
- LexisNexis Risk Solutions Acquires BehavioSec on May 3, 2022 (release: https://risk.lexisnexis.com/about-us/press-room/press-release/20220503-behaviosec and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-neil-costigan-of-behaviosec/ )
- Cloudflare acquires Area 1 Security on April 1, 2022 (release: https://www.cloudflare.com/press-releases/2022/cloudflare-completes-acquisition-of-area-1-security/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/area-1-security-why-we-invested/ )
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw267
In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw264
With recent proposed rule making from he SEC, there is increased focus on the Board's involvement in governing and managing cybersecurity. What is changing in how effective CISO's engage with their Board of Directors and what is over the horizon for cybersecurity leaders?
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw266
What does a CISO do all day? Do they eat bon-bons and read the WSJ? Do they read Threatpost or BleepingComputer or Twitter? Why does a company need a CISO, or better still, do they need one? All these questions and more will be answered in this weeks episode.
Segment Resources:
https://www.cbts.com/security/security-services/
https://www.cbts.com/blog/cloud-security-controls-mitigate-risk/
https://www.cbts.com/blog/weighing-risks-benefits-moving-to-the-cloud-part-1/
https://www.cbts.com/blog/what-is-cyber-insurance/
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw266
In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw265
Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).
This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!
Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.
Segment Resources:
https://fortifydata.com/request-an-assessment
This segment is sponsored by FortifyData. Visit https://securityweekly.com/fortifydata to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw265
Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.
This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw264
Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?
This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw263
In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw263
In the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw262
Land, sea, air, space, and–increasingly–cyber. These are the five domains where war is conducted. In March 2022, CISA and other international cyber agencies issued guidance urging private and public organizations alike to harden their security postures in preparation for cyber fallout. However, to date, the cyber fallout from the conflict has been minor, leaving some questioning the seriousness of the threat. ExtraHop VP of Sales Engineering, Mike Ernst, joins Business Security Weekly for a candid discussion about expected impact on private enterprises, and how business leaders and CISO can use this moment to scrutinize their security posture.
This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw262
In the Leadership and Communications section for this week: SolarWinds breach lawsuits: 6 takeaways for CISOs, Navy Seals’ 5 Leadership Principles That Will Transform Entrepreneurs Into Influential Leaders, More Powerful People Express Less Gratitude, & more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw261
Organizations spend a lot of money on security tools, but how do I know those investments are working? Dave Klein, Cybersecurity Evangelist at Cymulate joins Business Security Weekly to discuss the value of "Extended Security Posture Management". By continuously testing your security solutions with real-time, offensive simulations, organizations can validate their security investments and answer simple questions like "Are we vulnerable?".
This segment is sponsored by Cymulate. Visit https://securityweekly.com/cymulate to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw261
In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America’s Boardrooms, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw260
Security leaders are using their hard-won influence with senior leadership to take on challenges related to emerging threats and unrelenting attackers. Yet plenty of old problems remain and are piling up. In this session, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues.
Segment Resources:
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw260
In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw259
With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever. Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments.
This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Show Notes: https://securityweekly.com/bsw259