Ben Carr – CISO at Qualys

Ben Carr, is the Chief Information Security Officer at Qualys. Ben is an information security and risk executive and thought leader with more than 25 years of results driven experience in developing and executing long-term security strategies. He is focused on solving security issues that address current business objectives while balancing today’s operational risks. Ben has demonstrated global leadership and experience, through executive leadership roles of advanced technology, high risk, and rapid growth initiatives at companies such as Aristocrat, Tenable, Visa and Nokia. While at Aristocrat Ben built a world class global Cybersecurity program from the ground up as part of a digital transformation. As a senior Cybersecurity executive at Visa, Ben was responsible for developing and leading Visa’s global Attack Surface Management team and capability. Prior to his role at Visa he led all security programs for Nokia corporate IT as the Global Head of IT Security. He has a strong technical background, product development experience, and operational awareness centered around a data centric and risk based approach. Ben is on the Board of Director for IT-ISAC, and has served on Advisory boards for Mimecast, Qualys, Accuvant, and Sentinel One. Ben has also served on philanthropic advisory boards for PKU support and awareness.

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Lee Neely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

Matt Alderman

Executive Director at CyberRisk Alliance

Adrian Sanabria

Senior Research Engineer at CyberRisk Alliance

Lee Neely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

Matt Alderman

Executive Director at CyberRisk Alliance

1. 10 years later, software really did eat the world – Ten years after the publication of the oft-quoted Marc Andreessen op-ed “Why software is eating the world,” lines of code are still revamping industry dynamics and generating fresh revenue streams. Disruption has even accelerated given wider cloud adoption and the influence of AI.
2. Cyber security and crossword puzzles, problem solving for professionals – In the intense and fast-moving world of cyber security, problem solving capabilities are key. New trends and new organizational conundrums crop up on a daily basis, meaning that businesses need to be able to innovate on the fly and launch new cyber security campaigns quickly. As the CISO of Delta Airlines says, “To excel in this field, you have to be a good problem solver, not necessarily a strong programmer.”
3. Let Your Top Performers Move Around the Company – As a manager, it’s human nature to want to hang on to the superstars in your group, department, or division. But ultimately, that’s detrimental to the organization and to the individuals involved. Multiple studies on talent mobility show that actively moving employees into different roles is one of the most underutilized, yet most effective, development and cultural enhancement techniques in companies today. In fact, research has shown that high-performance organizations are twice as likely to emphasize talent mobility versus low-performance companies. Building a culture of mobility is a trait of very healthy organizations, and the benefits are clear. Cross-functional collaboration increases, departmental cooperation is enhanced, innovation improves, and companies begin working more as one cohesive team instead of separate fiefdoms.
4. CISOs’ 15 top strategic priorities for 2021 – According to CISOs, analysts and security leaders, the typical CISO priority list today has many or most of these 15 items:

   1. A focus on fundamentals
   2. Identifying, mitigating third-party risk
   3. Assuring security within enterprise code
   4. Defending against ransomware attacks
   5. Getting board-level support
   6. Support for transformation and strategic goals
   7. Increasing agility
   8. Upskilling teams
   9. Addressing IoT security
   10. Security by design
   11. More automation
   12. Strengthening remote work security
   13. Securing the cloud
   14. Keeping up with emerging, evolving privacy laws
   15. Building continuity plans to account for global events

5. CISA Release Guidelines to Prevent Ransomware Attacks – The Cybersecurity and Infrastructure Security Agency (CISA) recently released a security fact sheet to safeguard critical corporate data from various exfiltration attempts. The fact sheet helps individuals and organizations understand the severity of the ransomware threat landscape and how to defend against it. CISA highly recommended businesses to adopt the guidelines, which include:

   – Maintaining offline, encrypted backups of data and regularly testing backups
   – Creating, maintaining, and exercising a basic cyber incident response plan, resiliency plan, and associated communications plan
   – Mitigating internet-facing vulnerabilities and misconfigurations to reduce the risk of hackers exploiting this attack surface
   – Employing best practices for the use of Remote Desktop Protocol (RDP) and other remote desktop services
   – Conducting regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices
   – Updating software, including operating systems, applications, and firmware, regularly
   – Disabling or blocking inbound and outbound Server Message Block (SMB) Protocol and remove or disable outdated versions of SMB
   – Reducing the risk of phishing emails from reaching end users by enabling strong spam filters and implementing a cybersecurity user awareness and training program

6. 7 steps to protect against ransomware-related lawsuits – How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue. Here are seven actions CISOs can take to protect their enterprise against ransomware-related legal actions.

   1. Assess the risk
   2. Adopt ransomware prevention best practices
   3. Build a recovery plan
   4. Practice good security hygiene
   5. Encourage top-down management support
   6. Support transparency
   7. Consider insurance coverage

7. How to Build Rock-Solid Self-Esteem in 8 Weeks (or less!) – Building self-esteem takes time, so don’t be hard on yourself about getting it all done fast. Let’s take it week by week. Follow this framework, and you’ll be on your way to a lifetime of high self-esteem:

   Week 1: Do a Social Media Cleanse
   Week 2: Cut Out Toxic Friends
   Week 3: Clean Your Environment
   Week 4: Create Micro Wins
   Week 5: Develop Your Mission Statement
   Week 6: Do Something Uncomfortable
   Week 7: Build Your Social System
   Week 8: Quit Negative Self-Talk

   Read more at: https://www.scienceofpeople.com/self-esteem/