1. Security Money – The Index Hits Another All Time High – 03:00 PM-03:30 PM
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!
We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!
2. Security Is a Barrier & Incentive, Theatrical Meetings, & Cybersecurity Salaries – 03:30 PM-04:00 PM
Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!
In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more!
Senior Research Engineer at CyberRisk Alliance
Chief Operating Officer at Envision Technologies
Executive Director at CyberRisk Alliance
Big, Theatrical Meetings Are a Waste of Time – Too often, business review meetings — in which executives and stakeholders hear project or performance updates from managers and staff — are run like theater productions. Enormous amounts of time and effort go into creating the impression that all is well and that any problems are well on their way to being overcome. But these anodyne meetings leave little chance that serious problems and gaps will be discussed and addressed. To keep initiatives on track and solving the actual problems that organizations and their customers face, leaders need to update their approach to review meetings in three ways:
1) Create their agendas to be about the future, not a review of the past;
2) Create a culture of safety around bringing up challenging ideas and problems, and
3) Rigorously review each review meeting in order to improve the next one.
Three-quarters of government IT decision-makers cite migrating and managing data from legacy systems to the cloud as a challenge, but 60% think it is important to modernize IT infrastructure to improve efficiency and security, according to an IBM survey released Friday.
Half of respondents cited performance issues as a barrier to cloud migration, 38% said training users on new systems slowed modernization and 26% blamed bandwidth costs as a concern. Morning Consult collected responses from more than 500 government IT decision-makers on behalf of IBM.
“Jumping in without a plan, without an understanding [of] how they want to go about it, leads to failures, which leads to folks not wanting to modernize,” Sanjay Sardar, Senior Vice President, Digital Transformation and IT Modernization at SAIC and a former federal CIO, told CIO Dive.
Federal CISO DeRusha Maps FISMA Reform Priorities – Federal Chief Information Security Officer (CISO) Chris DeRusha offered an expansive set of ideas for how Congress may undertake reform of the Federal Information Security Modernization Act (FISMA) of 2014 to bring the existing law up to speed with the fast-moving security improvement work underway throughout the Federal government following the release of President Biden’s cybersecurity executive order in May:
1. testing and validating security arrangements, rather than relying on “self-attestation” by agencies.
2. increasing security automation.
3. Federal agencies to move to cloud services