bsw218

Business Security Weekly Episode #218 – May 24, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Simplify & Accelerate Patch Management – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/tanium for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Join us for our June 3 webcast at 11am ET, where you will learn about pen testing tools and why every organization should be using them regularly. Then join us on June 10 at 11am ET for our technical training on insider risk to learn how to quickly mitigate data exposure risks. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn’t still in their network?

Segment Resources:
https://site.tanium.com/rs/790-QFJ-925/images/Tanium_SolutionPaper_DistributedWorkforce_FINAL.pdf
https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf

This segment is sponsored by Tanium.

Visit https://securityweekly.com/tanium to learn more about them!

Guest(s)

Chris Hallenbeck

Chris Hallenbeck – CISO, Americas at Tanium

Chris Hallenbeck is CISO for the Americas at Tanium. Chris provides security leadership and operational insight gained from over 20 years in both public and private sector. Chris came to Tanium after almost 7 years of government service at the U.S. Computer Emergency Readiness Team (US-CERT). At US-CERT he designed and built their incident response capabilities, and restructured the team’s focus toward strategic remediation with a goal of building more resilient organizations. Chris believes that breaking the incident response “Groundhog Day” cycle requires an emphasis on IT hygiene. Prior to joining US-CERT, Chris worked for RSA Security as a security engineer and with AOL/Time Warner on their global incident response team. He started his career as a Unix sys-admin at Binghamton University. When not chasing electrons he prefers to be 20-30 meters under the sea.

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly

2. CISOs Struggle to Cope, Cybersecurity Metrics, & Security by Design – 03:30 PM-04:00 PM

Announcements

  • Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

CIO & CSO at Carousel Industries

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. CISOs Struggle to Cope with Mounting Job Stress – The CISOs aren’t OK.

    A new survey showed the pandemic has ratcheted up job pressure to “extreme stress” levels among chief information security officers (CISOs), and it’s left them grappling for coping mechanisms ranging from workouts to narcotics.

  2. 8 things CISOs should be thinking about, but probably aren’t – CISOs need to cover all the security bases. The problem is, some of the bases are easy to overlook. Here’s a rundown of eight often-overlooked areas that CISOs should immediately address:

    1. Ensuring that third-party partners maintain strong security
    2. Investigating innovation opportunities
    3. Understanding their enterprise’s data footprint
    4. Strengthening security team support and focus
    5. Thinking ahead
    6. Maintaining return on existing security investments
    7. Finding ways to build enterprise management unity
    8. Developing a truly effective method to sharpen threat awareness

  3. Corporate Compliance Strategies to Protect Data – Companies that bring teams together and form an operational strategy are more likely to protect data than the best-intentioned silo approach.
  4. Cybersecurity Metrics That Matter – Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings, including:

    1. Best Practices that Improve Security Outcomes: 1) Proactive Technology Refresh and 2) Integrated Technology Stacks
    2. Compliance in name only is not enough
    3. Metrics that Matter are tied to Outcomes and Capabilities of each Organization

  5. Security by Design: A New Model for Cloud, Cyber – An integrated approach can help build business and technology resilience, which can act as a differentiator for companies focused on building consumer trust. This security-by-design approach can lead to several benefits, including:

    – Providing leading-edge, innovative security approaches such as intelligent threat detection
    – Reducing risk related to technology, insider threats, and supply chain
    – Supporting developers and engineers while enabling the business with development, security, and operations (DevSecOps)
    – Establishing a cyber-forward approach that reinforces and enhances business objectives, including security and trust
    – Identifying potential cyber incident and breach scenarios during cloud migration that help build stronger cyber and business resilience.

  6. 4 ways to handle the cybersecurity skills shortage in 2021 – Four suggestions for CISOs, executives, and boards to address the negative effects of the cybersecurity skills shortage:

    1. Incentivize employees
    2. Invest in training
    3. Recruit via professional networks
    4. Get HR on board

PaulAsadoorian

Paul Asadoorian

@securityweekly

Founder at Security Weekly