bsw225

Business Security Weekly Episode #225 – July 26, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Security Money – The Index Hits Another All Time High – 03:00 PM-03:30 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot.

The current companies in the Security Weekly 25 Index:

SCWX
PANW
CHKP
SPLK
NLOK
FTNT
AKAM
FFIV
ZS
PFPT
FEYE
QLYS
VRNT
CYBR
TENB
SAIL
MIME
NET
CRWD
NTCT
VRNS
RPD
SUMO
RDWR
PING

Segment Gallery





Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Security Is a Barrier & Incentive, Theatrical Meetings, & Cybersecurity Salaries – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Big, Theatrical Meetings Are a Waste of Time – Too often, business review meetings — in which executives and stakeholders hear project or performance updates from managers and staff — are run like theater productions. Enormous amounts of time and effort go into creating the impression that all is well and that any problems are well on their way to being overcome. But these anodyne meetings leave little chance that serious problems and gaps will be discussed and addressed. To keep initiatives on track and solving the actual problems that organizations and their customers face, leaders need to update their approach to review meetings in three ways:

    1) Create their agendas to be about the future, not a review of the past;
    2) Create a culture of safety around bringing up challenging ideas and problems, and
    3) Rigorously review each review meeting in order to improve the next one.

  2. Two Strategies for Disconnecting From Work – Setting boundaries around work seems tougher than ever. Here’s how to do it as part of your healthy self-care

    1. Personal Devices and Work Don’t Mix
    2. Start, Mid, and End of Day Events Every Day

  3. In modernization, security is a barrier and an incentive – Dive Brief:

    Three-quarters of government IT decision-makers cite migrating and managing data from legacy systems to the cloud as a challenge, but 60% think it is important to modernize IT infrastructure to improve efficiency and security, according to an IBM survey released Friday.

    Half of respondents cited performance issues as a barrier to cloud migration, 38% said training users on new systems slowed modernization and 26% blamed bandwidth costs as a concern. Morning Consult collected responses from more than 500 government IT decision-makers on behalf of IBM.

    “Jumping in without a plan, without an understanding [of] how they want to go about it, leads to failures, which leads to folks not wanting to modernize,” Sanjay Sardar, Senior Vice President, Digital Transformation and IT Modernization at SAIC and a former federal CIO, told CIO Dive.

  4. Has the criticality of cyber attacks reached upper management? – CyberTalk – Niels Zimmer Poulsen discusses whether or not the criticality of cyber attacks has reached upper management. He also shares his top three CISO communication tips, and provides insights into how concerted effort from all parties can lead to much improved decision making.
  5. Federal CISO DeRusha Maps FISMA Reform Priorities – Federal Chief Information Security Officer (CISO) Chris DeRusha offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May:

    1. testing and validating security arrangements, rather than relying on “self-attestation” by agencies.
    2. increasing security automation.
    3. Federal agencies to move to cloud services

  6. Engineers need cybersecurity training, too – Companies will undergo a shift in cyber culture, eventually combining the data engineers and network security professionals use to search for vulnerabilities.
  7. Cybersecurity salaries: What 8 top security jobs pay – IT security is of major concern to all organizations, and they’re willing to pay to get top talent. Are you being paid what you are worth?

    Information security analyst
    Average salary: $99,101
    Salary range: $61k – $160k

    Information security specialist
    Average salary: $96,586
    Salary range: $59k – $157k

    Security consultant
    Average salary: $97,488
    Salary range: $60k – $158k

    Information security engineer
    Average salary: $105,927
    Salary range: $74K – $152K

    Information security manager
    Average salary: $131,725
    Salary range: $88K – $196K

    IT security architect
    Average salary: $106,078
    Salary range: $70K – $160K

    Information security director
    Average salary: $170,981
    Range: $123K – $237K

    CISO
    Average salary: $188,260
    Salary range: $105K – $264K