bsw195

Business Security Weekly Episode #195 – November 09, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cybersecurity Forecast: Cloudy With a Chance of Turbulence – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/redseal for more information!

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

All our networks are hybrid now. Some old security challenges were solved by cloud migration, but we’ve just swapped them for some new ways to get things wrong. What’s the best way forward?

This segment is sponsored by RedSeal.

Visit https://securityweekly.com/redseal to learn more about them!

Guest(s)

Mike Lloyd

Mike Lloyd –

CTO at RedSeal

Dr. Mike Lloyd has more than 25 years of experience in the modeling and control of fast-moving, complex systems. He has been granted 21 patents on security, network assessment, and dynamic network control. Before joining RedSeal, Mike Lloyd was Chief Technology Officer at RouteScience Technologies (acquired by Avaya), where he pioneered self-optimizing networks. Mike served as principal architect at Cisco on the technology used to overlay MPLS VPN services across service provider backbones. He joined Cisco through the acquisition of Netsys Technologies, where he was the senior network modeling engineer. Mike holds a degree in mathematics from Trinity College, Dublin, Ireland, and a PhD in stochastic epidemic modeling from Heriot-Watt University, Edinburgh, Scotland.

Hosts

JasonAlbuquerue

Jason Albuquerue –

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

2. 5 Mistakes, 5 Best Practices, & CEOs Focus for 2021 – 03:30 PM-04:00 PM

Announcements

  • Join Amit Bareket, Co-founder & CEO of Perimeter 81 & Paul Asadoorian for a technical deep-dive into the problems inherent in legacy VPN technology. Together they will explore solutions for the modern workforce & how momentum toward perimeter-less architecture is helping redefine the future of cybersecurity. Register Now by visiting https://securityweekly.com/perimeter81

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Description

In the Leadership and Communications section, How to Be a Visionary Leader and Still Have a Personal Life, 5 Mistakes CISOs Make in Their Board Presentations, What are CEOs focused on for next year?, and more!

Hosts

JasonAlbuquerue

Jason Albuquerue –

MattAlderman

Matt Alderman –

  1. How to Be a Visionary Leader and Still Have a Personal Life – The demands of an executive role can wreak havoc on the self and on personal relationships. Without thoughtful planning, leaders can experience both physical and mental-health issues as a result of their work, and their relationships with loved ones can deteriorate. Here are some tips:

    1. Visualize both professional and personal outcomes.
    2. Discuss your role with candor and care.
    3. Build in resilience.
    4. Apply a mindset of continual reinvention.

  2. Audit committee best practices for understanding and acting on cyber-threats – Cyber-security risk oversight is the area with the greatest increase in audit committee disclosures in proxy statements, according to the 2020 Audit Committee Transparency Barometer issued by the Center for Audit Quality and Audit Analytics. Companies of all sizes are dealing with increasing cyber-threats and new regulations over cyber-security and data management and reporting.

    Here are the best practices for companies and their boards and audit committees to address cyber-security risks:

    1. Set a tone from the top.
    2. Talk more about cyber-security.
    3. Understand cyber-risks.
    4. Embrace cyber-security by design.
    5. Get an independent assessment of cyber-risks.
    6. Have incident response protocols.

  3. Cybersecurity communication key to addressing risk – As security teams strengthen communication with the overall organization as well as with vendors, more positive cybersecurity cultures can be forged. Here re two areas of focus:

    1. CISO communication and collaboration – Communicating security goals and understanding the risk tolerance of various parts of an organization is key.
    2. Security teams and vendors – Building strong cybersecurity relationships and cultures based on communication, collaboration and partnerships shouldn’t just be limited to within an organization. It should extend to vendors as well.

  4. 5 Mistakes CISOs Make in Their Board Presentations – Security Boulevard – Here are 5 common errors in board reporting and how to avoid them.

    1. Not speaking the board’s language
    2. Not presenting an accurate picture of your risk
    3. Not being able to quantify your security posture
    4. Presenting too much information
    5. Not having an operational plan

  5. What are CEOs focused on for next year? – According to Gartner, CIOs can support CEOs and the business by:

    1. Scaling digital efforts mainstream, without pushing experimental initiatives
    2. Work with the CEO to understand whether the executive plans to restore or redesign the business, and determine where digital efforts fit in
    3. Support other C-suite executives to meet CEO demands; help COOs maintain employee productivity or help CFOs maintain cash on hand.

  6. 5 best practices for negotiating SaaS contracts for risk and security – Software-as-a-service providers often handle your sensitive data. Here’s how to hold them to a high standard for security:

    1. Create a master list of risks relevant to your organization
    2. Communicate what’s non-negotiable to stakeholders
    3. Negotiate additional protections
    4. Insist on early breach notification
    5. Pay special attention to contract termination conditions

PaulAssadorian

Paul Assadorian –