bsw232

Business Security Weekly Episode #232 – September 20, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Accelerate 0-Trust Adoption W/ End2End Visibility & Increased Collaboration – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    We are excited to announce our speakers: Lesley Carhart, John Strand, Alyssa Miller, Dave Kennedy, O’Shea Bowens, Marina Ciavatta, Patrick Coble, Chris Eng, Eric Escobar, Nick Leghorn, Michael Schladt, Kevin Johnson, Justin Kohler, Jay Beale, Trenton Ivey & Ryan Cobb!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

It’s no surprise that Zero Trust initiatives are increasing in importance in both the public and private sectors. New cybersecurity mandates and a boom in remote work due to COVID-19 are just two of the most common factors driving this demand. While the need for adopting Zero Trust is evident, the path to success is not.

In this episode, we discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment––more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases.

Segment Resources:

Learn more about implementing Zero Trust:
https://www.extrahop.com/solutions/security/zero-trust/?uniqueid=CC07532818&utm_source=security-weekly&utm_medium=podcast&utm_campaign=2021-q3-zero-trust-backlink&utm_content=webpage&utm_term=no-term&utm_region=global&utm_product=security&utm_funnelstage=top&utm_version=no-version

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

Tom Roeh

Tom Roeh – Director of Systems Engineering at ExtraHop

Tom currently leads the Public Sector technical team at ExtraHop Networks as Director of Systems Engineering. He has spent most of his 20-year career looking at networks, protocols, and packets in one way or another. Tom has a passion for utilizing data-driven techniques to solve the complex problems faced by modern IT practitioners. When he’s not working with ExtraHop’s expansive customer base, he is deeply involved in developing and defining automated techniques for threat detection, and currently holds two patents related to passive network detection techniques. Tom was an early responder to Wannacry and wrote the award-winning Ransomware Module for ExtraHop. Tom resides in Houston, TX along with his wife and three daughters. He remains actively involved with his alma mater Texas A&M (Electrical Engineering), and can be found most weekends cheering his Aggies on to victory.

Hosts

BenCarr

Ben Carr

CISO at Qualys

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Boards Rethink Incident Response, CISOs & CIOs Share, & Stay True to Ethics – 03:30 PM-04:00 PM

Announcements

  • Do you want to stay in the loop on all things Security Weekly? Visit https://securityweekly.com/subscribe to subscribe on your favorite podcast catcher or our Youtube channel, sign up for our mailing list, join our Discord Server, and follow us on our newest live-streaming platform, Twitch!

  • If you missed any of our previously recorded webcasts or technical trainings, they are available for your viewing pleasure at https://securityweekly.com/ondemand

Description

This Week, in the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Building a Modern Cybersecurity Partnership, & more!

Hosts

BenCarr

Ben Carr

CISO at Qualys

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Boards rethink incident response playbook as ransomware surges – Corporate boards are no longer rubber-stamping assurances from CIOs or CISOs but are bringing in outside experts, asking more questions and preparing for the risk of personal liability.
  2. How CISOs and CIOs should share cybersecurity ownership – CISOs and CIOs weigh in on how their cybersecurity responsibilities are evolving with changes in the business environment and threat landscape.
  3. 5 ways Digital Transformation Officers can make cybersecurity top priority – The Digital Transformation Officer (DTO) plays the key role in managing the strategic approach necessary to successfully undertake such transformations. Part of that success means managing cyber-risk. We recommend DTOs consider the following trends:

    1. Securing digital assets
    2. Cloud security
    3. Developing skills to operate novel technologies securely
    4. New approaches to cyber-incident management
    5. Outsourcing cybersecurity tasks

  4. How to Be a Leader Who Stays True to Their Ethics – Honest conversations are a crucial tool in helping leaders and their organizations successfully act on their ethical ambitions. If you aspire to lead ethically and with high purpose, first turn inwards. Take the time to have an honest conversation with yourself to help figure out what matters to you, and where your ethics lie. Next, align your senior team. Third, be prepared to be derailed. Unfortunately, at some point, pressure to meet shareholder expectations will derail your aspiration to lead with a higher purpose and values. And finally, don’t wait for the whistle to blow.
  5. How CISOs are Building a Modern Cybersecurity Partnership – There has been an ongoing dialogue regarding the benefit of cybersecurity partnerships, with chief information security officers at the forefront of the conversations. Here are five things CISOs should focus on when it comes to securing the much-anticipated cybersecurity partnership.

    1. Cybersecurity should be a boardroom agenda
    2. Invest in establishing a solid cloud security architecture
    3. Construct a borderless security system
    4. Upgrade your enterprise security architecture
    5. Invest in innovations

  6. 8 pitfalls that undermine security program success – Here, security leaders warn of eight easy-to-overlook pitfalls that can undermine an otherwise successful security strategy:

    1. Talking about security risk, rather than business risk
    2. Overemphasizing compliance
    3. Failing to move fast (enough)
    4. Always focusing on the urgent
    5. Focusing too much on tools and technologies instead of stakeholders and their needs
    6. Keeping security within the security department
    7. Overlooking your own security workers
    8. Falling for the new stuff

  7. 10 Action Steps to Become a Good Friend – Here’s how to become a better friend:

    1. Redesign
    2. Remember the Dates
    3. Utilize The Mere-Exposure Effect
    4. Make Mondays Fun
    5. Ask Dopamine-Boosting Questions
    6. Reach Out
    7. Be Courageous
    8. Say “Friend!”
    9. Find Their Love Language
    10. Celebrate With Them

    Read more at: https://www.scienceofpeople.com/good-friend/