bsw206

Business Security Weekly Episode #206 – February 22, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Cloud’s Influence on the Evolving Culture of Security – 03:00 PM-03:30 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, and join our Discord Server!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Dutch Schwartz, Cloud Security Strategist at AWS, discusses cloud’s influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security.

Guest(s)

Dutch Schwartz

Dutch Schwartz –

Cloud Security Strategist at Amazon Web Services

Dutch Schwartz has 25 years of experience in technology from startups to five Fortune 500 companies. He’s recognized as a thought leader in cybersecurity and his LinkedIN content had over 130k views in 2020. A sought-after speaker, he’s a frequent panelist and podcast guest on topics including the benefits of cloud security, how to create a culture of security, and how to break into cybersecurity. Having worked with more than 50 CISOs of Fortune 500 companies to create cybersecurity solutions, he understands the evolution of CISO responsibilities and the challenges which security teams face. Dutch holds a Master’s of Business Administration in Global Management and was a strategy and planning officer in the US Army. He melds his formal training with his practical experience in cybersecurity to develop cloud security strategies for customers of Amazon Web Services.

Hosts

JasonAlbuquerque

Jason Albuquerque –

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly

2. Risk, Security Initiatives, Business Outcomes, & Aligning Budgets – 03:30 PM-04:00 PM

Announcements

  • If you missed Security Weekly Unlocked, you can now access all of the content on-demand, whether you registered before the live event or not, by visiting https://securityweekly.com/unlocked and clicking either the button to register or the button to login!

  • Our next live webcast will be on March 18th at 11am ET where you will learn how to Prepare Linux Hosts for Unexpected Threats! Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque –

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman –

Executive Director at CyberRisk Alliance

  1. Are businesses underinvesting in cybersecurity? – Even as cybersecurity trends and attack vectors have changed, many organizations continue to rely on — and invest in — the same tools and systems they’ve used for years. While companies may look to increase their cybersecurity budgets, they are actually underinvesting in the solutions needed to meet today’s threat landscape.
  2. Security needs to be embedded in every stage of the business cycle – Vishal Salvi, chief information security officer (CISO) and Head, Cyber Security Practice, Infosys, tells Sudhir Chowdhary that more than technology itself, nurturing a culture that recognises cybersecurity as top priority is critical to establishing digital trust and resiliency in these evolving times.
  3. 4 tips to help CISOs get more C-suite cybersecurity buy-in – Even though cybersecurity is becoming more prominent in the boardroom, many CISOs continue to struggle with executive buy-in and comprehension — some board members often have differing perspectives on what cybersecurity is about and its relation to privacy, data protection and regulatory risk. How do you position your cybersecurity strategy and program with the board?

    1. Tell a cohesive story and narrative around cybersecurity
    2. Focus on existential security risks first
    3. Lead with CARE: Are security controls consistent, adequate, reasonable and effective?
    4. Connect the dots between security initiatives and business outcomes.

  4. Cybersecurity 2021: Asking the Right Question – Security Boulevard – No one is spending time to ask the right question. While a security analyst is busy deciphering 600-page reports and a CISO negotiates an increase in the year’s cybersecurity budget, the board only wants to know if their organization is secure.

    What question should we be asking? “How likely are you to get hacked, today?” And the answer to that is based on two other unanswered questions:

    1. How current, or real-time is your information?
    2. Are you quantifying your cyber risk?

  5. The view from the top: IT spending could get better – Out of the 100 CIOs surveyed, 41 expect to increase their 2021 budgets compared to 2020. An additional 40 have a smaller budget this year, but 33 of those 40 said that they plan to revise their budgets if the economy improves by the end of the 2021.

    Security remains a top enterprise priority in 2021 and cloud conversions, whether pandemic driven or not, are also driving spending.

  6. New CISO Priorities of 2021 – Security Boulevard – Drastic shifts to the way we work will continue in 2021 as CISO priorities continue to adapt in this new work-from-home era; we have seen a drastic shift in direction amongst security professionals. Here are the latest trends:

    1. Protecting Assets with Least Privilege
    2. Shifting Identity Management
    3. Integrating DevSecOps
    4. Continuous Auditing and Reporting
    5. Moving to Proactive vs. Reactive
    6. Staying Vigilant and Continuing Education

PaulAsadoorian

Paul Asadoorian –

Founder at Security Weekly