bsw224

Business Security Weekly Episode #224 – July 19, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Aligning Cyber Risk to Business Risk Through Automation – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/cybersaint for more information!

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Description

In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O’Reilly, Co-Founder and CPO of CyberSaint discusses what he’s learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it’s CyberStrong platform.

Segment Resources:

CyberSaint website: www.cybersaint.io

Gartner Cool vendor report: https://www.cybersaint.io/gartner-cool-vendor-in-cyber-it-risk-management-download

This segment is sponsored by CyberSaint.

Visit https://securityweekly.com/cybersaint to learn more about them!

Guest(s)

Padraic O'Reilly

Padraic O’Reilly – Chief Product Officer & Co-Founder at CyberSaint

Padraic O’Reilly is Chief Product Officer and Co-Founder at CyberSaint, where he leads product innovation and development. His experience as a Harvard-trained economist, IT risk and compliance consultant, and his rapid exposure to Cybersecurity led him to seek out CISOs, CIOs, and Boards of Directors at global organizations to pursue the answer to the question – how can cyber be managed, measured, and understood like any other business function? Padraic’s current activity spans working directly with organizations from public agencies to private companies across the globe to understand how to measure cyber risk, especially amidst the global pandemic which is fueling massive digital transformation projects around the world. Padraic was a key member of the group providing feedback on the NIST Cybersecurity Framework during its development, and is an expert in regulatory standards both in security and privacy, including the NIST Risk Management and NIST Privacy Frameworks. An expert in Artificial Intelligence (AI) and economic modeling, Padraic works with members of the Global 500 to research and deploy risk quantification, risk intelligence gathering, and risk reporting and communication strategies. Padraic also holds a patent entitled, “System And Method for Monitoring And Grading A Cybersecurity Framework” which has inspired much of his work on cohesive IT and cyber risk management approaches.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

 LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

 MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Know Cybersecurity & Drive Innovation Through Operational Excellence – 03:30 PM-04:00 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This week in the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance
LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory
MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance
  1. How much does a CEO or business leader need to know about cybersecurity? – As a business leader or a CEO of your company, you play a key role in influencing the right work culture. Creating a work culture and norm that aligns with cybersecurity goals is crucial and possibly the best defense against cybercrime adversaries, to begin with.
  2. To Prevent Future Attacks, C-Suites Should Learn Cybersecurity – As cyber attacks grow in frequency and cost, chief executives are becoming greater targets for hackers for the expansive access the executives have. To mitigate future attacks, cybersecurity can’t just involve the CISO.
  3. How businesses can drive innovation while delivering operational excellence – Here are a few best practices and principles that strategic CIOs can apply to drive innovation and deliver operational excellence at the same time with minimal, incremental increases in investment.

    1. Invest once to solve multiple challenges
    2. Embrace automation around targeted processes
    3. Take advantage of market shifts or disruptions to invest in IT

  4. The Evolving Role of the CISO – Cybersecurity is a highly dynamic field. The need for rapid, experiential decision making, organized thinking and the ability to strategically communicate to a non-security audience are almost second nature to many CISOs.

    In order to truly succeed as a CISO in today’s digital world, here are some top qualities that all CISOs need to possess to excel:

    1. Matchmakers
    2. Relationship Builders
    3. Servant Leadership
    4. Advocates

  5. 6 resume mistakes CISOs still make – The top security job has evolved from a technology-focused role into an executive position. Does your resume reflect that shift?

    Recruiters and executive advisors agree: Candidates for CISO positions must design their resumes to showcase their leadership capabilities, not their technical credentials.Here are the top 6 mistakes:

    1. Failing to show executive abilities
    2. Leaving out achievements
    3. Getting too techie
    4. Leaving out experience with breaches and hacks
    5. Making too little (or too much) of industry connections
    6. Poor formatting, rookie mistakes and unintended misrepresentations

  6. 14 Easy Interview Body Language Hacks To Land Your Next Job – Everyone gets a little nervous about job interviews. What should you do to prepare? Practice? Script answers to the interviewer’s potential questions? All good, but the most important thing you can do is prep your body language. Here are a few tips to give you the extra body language edge to get the job:

    1. Don’t Block
    2. Don’t Self-Touch
    3. Relax With Your Hands On The Table
    4. Have One Bag
    5. Don’t Forget the Back of Your Shoes!
    6. Smile Right
    7. Don’t Contract, Don’t Expand
    8. Start in The Parking Lot
    9. Wear Clothes that Fit Perfectly
    10. The Mirror Nod
    11. Don’t Sweat Like Nixon
    12. Don’t Wait Around
    13. Your Social Glue