bsw197

Business Security Weekly Episode #197 – November 23, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Cybersecurity & Integrated Risk Management – Top 10 for Trend 2021 – 03:00 PM-03:30 PM

Announcements

  • Tomorrow is the big day! The virtual doors open for the first-ever Security Weekly Unlocked virtual event at 10:30am and the last round table should end around 9:30pm! We have an outstanding line-up of presenters, who will be answering questions LIVE in our Discord server during their presentations! Make sure you register for this FREE event before it’s too late! Visit https://securityweekly.com/unlocked to view the line-up and register!

Description

Key Points:
• Being Strategic is vital and relevant to a successful Cybersecurity Program
• Understanding Organization Status of controls in real-time is a competitive advantage
• Cybersecurity tools are tactical – Risk Management is strategic
• Connecting Cybersecurity to Risk Management ensures to business goals and objectives are maximized to achieve corporate success

Guest(s)

M. James Gomez

M. James Gomez –

CISO at Cybersec

Chief Information Security Officer with over 35 years of IT, Risk Management, Compliance experience. Industry experience in rocket science, aerospace, healthcare, banking, finance/accounting, automotive, and computer manufacturing. Experiences include CISO, Compliance Director, Project Manager, IT Auditor, Consultant, and Systems Engineer. Companies include Boeing, DaVita/HealthCare Partners, Corelogic, First American, Capital Group, Toyota, Honda, Hewlett-Packard, Wells Fargo, Watson Pharmaceuticals, Corinthian Colleges, EDS, USWeb/ CKS, and Nynex.

Hosts

JasonAlbuquerue

Jason Albuquerue –

CIO & CSO at Carousel Industries

PaulAssadorian

Paul Assadorian –

Founder/CIO at Security Weekly/CyberRisk Alliance

2. Creative Mindsets, Reaching Goals, & Encouraging Accountability – 03:30 PM-04:00 PM

Announcements

  • Do you always end up missing our live streams? Need somewhere to flag Security Weekly podcasts that you want to listen to? Subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server to stay in the loop on all things Security Weekly! Visit: https://securityweekly.com/subscribe

  • We have officially wrapped up all of the recordings for our 2020 webcasts & technical trainings! Stay tuned as we build out our schedule for next year! Visit https://securityweekly.com/ondemand to view all of our 2020 webcasts & trainings!

Description

In the Leadership and Communications segment, we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks, and more!

Hosts

JasonAlbuquerue

Jason Albuquerue –

  1. The Creative Mindset
  2. Five Strategies To Unlock Your Inner Innovator
  3. If Pandemic Productivity Is Up, Why Is Innovation Slowing Down?
PaulAssadorian

Paul Assadorian –

  1. CMMC Challenges – Thinking you are secure or compliant is but one thing: “According to Tier 1 Cyber research, many DoD contractors have a false sense of their cybersecurity preparedness. To make matters worse, only 12% trust their vendors to handle cybersecurity effectively.”
  2. The Role of Access Control in Information Security – This article is a deep dive into IAM, good stuff such as: “Every organization needs a good discretionary access control model, only granting permission to subjects with a business need to access various objects. By itself, this single simple access control could limit the damage from a ransomware attack or protect an organization from huge potential liabilities.”
  3. Now’s the Time to Revisit WFH Cybersecurity – Security Boulevard – “Avoid mixing work and leisure activities on the same device to reduce risk. Work activities should be confined to work devices, while personal activities and social media belong on personal devices. Ensure that devices have updated anti-virus protection, along with the latest operating system and application updates, since new viruses and malicious sites continue to appear as this crisis continues. Use strong Wi-Fi encryption and a strong, unique password for access, and be sure to change the Wi-Fi router admin password from the default. Put a backup strategy in place and follow it, and make sure your backup plans cover all servers and workstations. Educate everyone on the danger of phishing scams and how to recognize them, so they don’t succumb to their virus-related scare tactics.” – Yes, these are things, but things you should be doing anyhow. The questions are how and why? Few will do work on only one device, many will not get patches, no one changes their home WiFi password, and 50% of you users will succumb to an email phishing attack. So now what?
  4. ‘Do the hard things first’: What Capital One prioritized in its cloud migration – I like this advice: “As you go on this journey, you’re going to find a lot of paths that don’t get you to where you want to go,” said Perkel. “But you’re going to learn from them. Know that that’s okay. You’re never going to get it right the first time, and what you thought was true at one point, was. But it’s not true anymore.”
  5. How an Unintentional New Morning Routine Changed My Day – This was a great take-away: “Rushing around in the morning causes stress and anxiety. If you’re not someone who sets everything out the night before, then the extra time in the morning is key to starting your day on the right foot. You’ll become more intentional about tasks and have time to breathe.”
  6. How to actually reach your goals – Time-based learning vs. Goal-based learning, interesting (FYI, I would allow myself more time for the toilet, much to my wife’s chagrin).
  7. Can Music Increase Your Productivity? – YES! I use music, and really awesome audio gear, to get me in the right mood, help me focus. The choice is key as it can be too distracting. I like the suggestion of trial and error.
  8. Fix bottlenecks before tackling business process automation – I am doing this right now, and it’s fascinating: “The power of the VSM lies in its ability to track work from when it is identified to the point when it is completed,” says Anand. “By running collaborative workshops, stakeholders can gain a better appreciation of the work that goes on in other teams or departments.”
  9. How to Actually Encourage Employee Accountability – The best two questions are here: “When I first started as CEO, and they showed me the forms to fill out about my team’s performance, and they wanted me to put numbers in boxes, I thought, Why would anyone do this? I decided to simply ask people, “How do you feel things went?” — and they would often be harder on themselves than I would have. I would ask, “What do you need from me?” — and they would tell me. It seemed like a much more human approach to holding people accountable.”