bsw229

Business Security Weekly Episode #229 – August 23, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. What Type of CISO Are You & Does It Align to Your Company’s Needs? – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/ for more information!

Announcements

  • CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our first round of speakers: Lesley Carhart, David Kennedy, Alyssa Miller, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, and Justin Kohler!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

Ben Carr, Qualys CISO, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company’s needs.

This segment is sponsored by Qualys.

Visit https://securityweekly.com/ to learn more about them!

Guest(s)

Ben Carr

Ben Carr – CISO at Qualys

Ben Carr, is the Chief Information Security Officer at Qualys. Ben is an information security and risk executive and thought leader with more than 25 years of results driven experience in developing and executing long-term security strategies. He is focused on solving security issues that address current business objectives while balancing today’s operational risks. Ben has demonstrated global leadership and experience, through executive leadership roles of advanced technology, high risk, and rapid growth initiatives at companies such as Aristocrat, Tenable, Visa and Nokia. While at Aristocrat Ben built a world class global Cybersecurity program from the ground up as part of a digital transformation. As a senior Cybersecurity executive at Visa, Ben was responsible for developing and leading Visa’s global Attack Surface Management team and capability. Prior to his role at Visa he led all security programs for Nokia corporate IT as the Global Head of IT Security. He has a strong technical background, product development experience, and operational awareness centered around a data centric and risk based approach. Ben is on the Board of Director for IT-ISAC, and has served on Advisory boards for Mimecast, Qualys, Accuvant, and Sentinel One. Ben has also served on philanthropic advisory boards for PKU support and awareness.

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. 10 Years Later… 15 Priorities, 8 Weeks, & 7 Steps – 03:30 PM-04:00 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s in-person event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on world pass and main conference registration! Visit https://securityweekly.com/isw2021 to register now!

  • Join us August 26th at 11am eastern to learn how to implement cloud security that actually works. Visit https://securityweekly.com/webcasts to register now! If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!

Hosts

AdrianSanabria

Adrian Sanabria

@sawaba

Senior Research Engineer at CyberRisk Alliance

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. 10 years later, software really did eat the world – Ten years after the publication of the oft-quoted Marc Andreessen op-ed “Why software is eating the world,” lines of code are still revamping industry dynamics and generating fresh revenue streams. Disruption has even accelerated given wider cloud adoption and the influence of AI.
  2. Cyber security and crossword puzzles, problem solving for professionals – In the intense and fast-moving world of cyber security, problem solving capabilities are key. New trends and new organizational conundrums crop up on a daily basis, meaning that businesses need to be able to innovate on the fly and launch new cyber security campaigns quickly. As the CISO of Delta Airlines says, “To excel in this field, you have to be a good problem solver, not necessarily a strong programmer.”
  3. Let Your Top Performers Move Around the Company – As a manager, it’s human nature to want to hang on to the superstars in your group, department, or division. But ultimately, that’s detrimental to the organization and to the individuals involved. Multiple studies on talent mobility show that actively moving employees into different roles is one of the most underutilized, yet most effective, development and cultural enhancement techniques in companies today. In fact, research has shown that high-performance organizations are twice as likely to emphasize talent mobility versus low-performance companies. Building a culture of mobility is a trait of very healthy organizations, and the benefits are clear. Cross-functional collaboration increases, departmental cooperation is enhanced, innovation improves, and companies begin working more as one cohesive team instead of separate fiefdoms.
  4. CISOs’ 15 top strategic priorities for 2021 – According to CISOs, analysts and security leaders, the typical CISO priority list today has many or most of these 15 items:

    1. A focus on fundamentals
    2. Identifying, mitigating third-party risk
    3. Assuring security within enterprise code
    4. Defending against ransomware attacks
    5. Getting board-level support
    6. Support for transformation and strategic goals
    7. Increasing agility
    8. Upskilling teams
    9. Addressing IoT security
    10. Security by design
    11. More automation
    12. Strengthening remote work security
    13. Securing the cloud
    14. Keeping up with emerging, evolving privacy laws
    15. Building continuity plans to account for global events

  5. CISA Release Guidelines to Prevent Ransomware Attacks – The Cybersecurity and Infrastructure Security Agency (CISA) recently released a security fact sheet to safeguard critical corporate data from various exfiltration attempts. The fact sheet helps individuals and organizations understand the severity of the ransomware threat landscape and how to defend against it. CISA highly recommended businesses to adopt the guidelines, which include:

    – Maintaining offline, encrypted backups of data and regularly testing backups
    – Creating, maintaining, and exercising a basic cyber incident response plan, resiliency plan, and associated communications plan
    – Mitigating internet-facing vulnerabilities and misconfigurations to reduce the risk of hackers exploiting this attack surface
    – Employing best practices for the use of Remote Desktop Protocol (RDP) and other remote desktop services
    – Conducting regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices
    – Updating software, including operating systems, applications, and firmware, regularly
    – Disabling or blocking inbound and outbound Server Message Block (SMB) Protocol and remove or disable outdated versions of SMB
    – Reducing the risk of phishing emails from reaching end users by enabling strong spam filters and implementing a cybersecurity user awareness and training program

  6. 7 steps to protect against ransomware-related lawsuits – How a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue. Here are seven actions CISOs can take to protect their enterprise against ransomware-related legal actions.

    1. Assess the risk
    2. Adopt ransomware prevention best practices
    3. Build a recovery plan
    4. Practice good security hygiene
    5. Encourage top-down management support
    6. Support transparency
    7. Consider insurance coverage

  7. How to Build Rock-Solid Self-Esteem in 8 Weeks (or less!) – Building self-esteem takes time, so don’t be hard on yourself about getting it all done fast. Let’s take it week by week. Follow this framework, and you’ll be on your way to a lifetime of high self-esteem:

    Week 1: Do a Social Media Cleanse
    Week 2: Cut Out Toxic Friends
    Week 3: Clean Your Environment
    Week 4: Create Micro Wins
    Week 5: Develop Your Mission Statement
    Week 6: Do Something Uncomfortable
    Week 7: Build Your Social System
    Week 8: Quit Negative Self-Talk

    Read more at: https://www.scienceofpeople.com/self-esteem/