bsw216

Business Security Weekly Episode #216 – May 10, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Lost Year: The Impact of the Pandemic on Web App Security – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/netsparker for more information!

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2021 All Access Pass! RSA Conference will be a fully virtual experience from May 17th-20th, 2021. Security Weekly will be live streaming Monday-Thursday in the virtual broadcast alley, interviewing some of the top sponsors and speakers for the event. To register using our discount code, please visit https://securityweekly.com/rsac2021 [securityweekly.com] and use the code 5U1CYBER! We hope to “see” you there!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabillties that can negatively impact your business.

Segment Resources:
The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report
https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/

This segment is sponsored by Netsparker.

Visit https://securityweekly.com/netsparker to learn more about them!

Guest(s)

Ryan Bergquist

Ryan Bergquist – Enterprise Solutions Engineer at Invicti Security

Part of the Solutions Engineering Team at Invicti Security, Ryan graduated in Information Systems and Security as well as Computer Forensics and Security. Ryan has been working in the Cyber Security industry for 4 years through various roles in Security Engineering and Product Management. He is passionate about Cyber Security and technology in general.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. 6 Ways to Engage, 5 Key Qualities of CISOs, & 4 Actions Leader Take – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • In our next technical training webcast on May 13th at 11am ET, see how attackers gain access to endpoints, and learn how to use defensive strategies to protect against those attacks! In our May 27th webcast at 11am ET, we’ll explore the latest attacks against DNS and the latest techniques that make it possible to discover and disrupt attacks. Then join our webcast on June 3 to learn about pen testing tools and why every organization should be using them regularly. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section, 6 ways to spur cybersecurity board engagement, 5 key qualities of successful CISOs, and how to develop them, 4 Actions Transformational Leaders Take, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. The Security Industry is Protecting the Wrong Thing – Security Boulevard – When the security industry talks about a data breach, often the first question asked involves the state of the victim’s network security – not the breach of data. Why is this? It’s because organizations have their security priorities backward, and that needs to change.
  2. Cyber security is in denial, that’s why it needs the Lean Six Sigma approach – Some of the world’s biggest businesses use this approach to increase efficiency in their company. But its principles are rarely applied to cyber security. With cyber security teams increasingly stretched and attacks increasing, it’s time for that to change.

    1. It’s time to truly understand cyber risk
    2. Risk mitigation becomes the focus

    The key elements of Lean Six Sigma: Define, Measure, Analyze, Improve, and Control.

  3. 6 ways to spur cybersecurity board engagement – Corporate boards’ subpar cybersecurity literacy and security leaders’ lack of business acumen have resulted in missed opportunities to align security and business objectives, leaving enterprises open to potentially catastrophic cyberthreats. ESG offered six recommendations for advancing cybersecurity’s standing in the C-suite and boardroom and throughout the enterprise.

    1. Educate boards
    2. Adopt a CISO-to-CEO reporting structure
    3. Foster a cybersecurity culture
    4. Formalize the cybersecurity program
    5. Prioritize critical assets and initiatives
    6. Hire BISOs

  4. CISO Challenge: Check Your Cybersecurity Skills On This New Competition Site – So, what can security leaders do to make sure they’re prepared and hone their skills ahead of the next inevitable threat? Now, they can test themselves and their knowledge at a new website, ‘The CISO Challenge’ (https://ciso-challenge.com/?utm_source=thn).
  5. 5 key qualities of successful CISOs, and how to develop them – Today, business success is directly intertwined with the success of information security. Therefore, the modern CISO needs a unique set of qualities to align effective data security strategy, process, and practice with various business needs and requirements.

    1. A modern CISO speaks the language of the business
    2. A modern CISO is a collaborator
    3. A modern CISO is emotionally intelligent
    4. A modern CISO has strategic focus
    5. A modern CISO is tenacious

  6. 4 Actions Transformational Leaders Take – In a changed, post-pandemic environment, employees, customers, and investors have high expectations for the companies they work with. They expect companies to play a more prominent role in tackling systemic issues like climate change and social inequality, and they expect leaders to be effective, authentic, and compassionate. Leaders who want their organizations to meet this moment and succeed long-term need to move away from the status quo and change their approach to how they’ll lead the necessary transformations.

    The following four strategies, based on our collective experience in leading transformations over the last 25 years, will help leaders increase their chances of success.

    1. Practice New Mental Models
    2. Work the Edges of the Organization
    3. Share Leadership More Systematically
    4. Make Empowerment Live Up to Its Promise

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly