bsw227

Business Security Weekly Episode #227 – August 09, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The 3 Mistakes All First Time CISOs Make That No One Tells You – 03:00 PM-03:30 PM

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • SC Media debuts its all-new SC digital experience, fully integrated with Security Weekly podcast content and more. The new site increases the scope and scale of original content resources from editorial staff, contributors, and the far-reaching CyberRisk Alliance network. Visit www.scmagazine.com to check out the new look!

Description

Listen in for a discussion with Jim Routh, former CISO at Aetna, CVS Healthcare, and Mass Mutual, to discuss the 3 mistakes all first time CISOs make. Jim will share the lessons he learned throughout his career and how CISOs can avoid these 3 mistakes, including:

1. Setting Expectations
2. Hiring Talent
3. Retaining Employess

Guest(s)

Jim Routh

Jim Routh – Former CSO, Board member, Advisor at Virsec

Jim Routh is currently on the Boards of Supply Wisdom, GrammaTech, ZeroNorth, Acceptto and the Global Resiliency Federation. He is the former Board Chair for the Health Information Sharing & Analysis Center (H-ISAC) where he served for five years and former Board member for the Financial Services Information Sharing & Analysis Center (FS-ISAC). He has presented to Boards and Board Committees (Technology & Governance, Audit Committees) for many public and private companies as the CISO or CSO, providing cyber security updates and education designed for board members over the past twenty years. Jim brings to the boards a vast business and technology background and is considered a digital and cyber security industry expert and thought leader. He has prepared and delivered several customized education sessions to Board members for the National Association of Corporate Directors (NACD) based on leading cyber security practices. Jim is currently an advisor for Wiz, Devo, Agari, Securiti, Gurucul, Data Theorem, Cloudknox, Cleer Security, Picnic, Tala and Virsec. He serves in an advisory capacity and investor for cyber specific venture funds including: ClearSky, Syn Ventures, CyberStarts, Security Leadership Capital and Rain Capital.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. New Fines Making Business Case for Security, & Improving Security as a Team – 03:30 PM-04:00 PM

Announcements

  • Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

In the Leadership and Communications section for this week, A Chief Executive Officer’s Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what’s in your company’s products?, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. A Chief Executive Officer’s Guide to Cybersecurity – The CEO should make sure a risk management committee is constituted at the board level where IT and information security threats, risks, and mitigation plans can be discussed.
  2. Zoom Settlement: An $85M Business Case for Security Investment – Ransomware isn’t the only way lax security can cost a business eight figures in damage. Zoom just lost an $85 million class-action lawsuit this week for its cybersecurity missteps, proving that even the most essential and relied-upon brands can be tripped up by inadequate security. More importantly, Zoom’s journey is an object lesson showing that cybersecurity matters to the bottom line.
  3. Amazon GDPR fine signals expansion of regulatory focus – Amazon’s $887 million GDPR fine likely stems from consumer consent and may indicate the EU is moving beyond data breaches and zeroing in on data practices.
  4. CISOs: Do you know what’s in your company’s products? – CISOs need to take a more direct role in the operations side of the business to help build security in by design. When product design takes place, and third-party firmware or software is identified to be a part of the product, who conducts the security review? The vendor, the CISO’s team or operations?

    All of the above.

  5. Organizations Still Struggle to Hire & Retain Infosec Employees: Report – Is the cybersecurity skills shortage overstated? No, according to a recent survey of Information Systems Security Association (ISSA) members. The majority of respondents report the skills shortage is a significant problem that is hurting organizations.

    ISSA, along with industry analyst firm Enterprise Strategy Group (ESG), surveyed 489 cybersecurity professionals and found 57% of organizations have been affected by the skills shortage. Most (95% of) respondents think the cybersecurity skills shortage and its associated effects have not improved over the past few years, and 44% say the problem has gotten worse. Only 5% say the shortage has improved.

  6. Improving Cybersecurity as a Team – Using trusted sources, such as the CIS Controls and CIS Benchmarks from the Center for Internet Security, can help get your team on board with assessing:

    – the current state of your organization’s cybersecurity
    – how you stack up with other frameworks you may need to comply with
    – how to monitor everything over time