bsw235

Business Security Weekly Episode #235 – October 11, 2021

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Human Element of Security Awareness – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/proofpoint for more information!

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join us in our next live webcast, on October 21, to learn why zero-knowledge encryption matters! Visit https://securityweekly.com/webcasts to save your seat! Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand

Description

It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the way.

Brian Reed, Cybersecurity Evangelist from Proofpoint, joins Business Security Weekly to discuss the security awareness journey and how the human elements can help motivate us. Brian will discuss how personalized content and gamification can help achieve better outcomes for organizations and the individual.

This segment is sponsored by Proofpoint.

Visit https://securityweekly.com/proofpoint to learn more about them!

Guest(s)

Brian Reed

Brian Reed – Cybersecurity Evangelist at Proofpoint

Brian Reed is our Cybersecurity Evangelist at Proofpoint. He comes to Proofpoint from Gartner where he focused on a wide variety of topics – cloud security, data security, incident response, insider threats and security awareness.

Since 2015, he published over 50 thought-leading research notes at Gartner, including Cool Vendors reports, Market Guides for Digital Forensics and Incident Response Services and Security Awareness Training, Risk Management research, as well as the last two Gartner Magic Quadrants for Enterprise DLP.??

Previous to Gartner, he spent over 15 years in a variety of business development, product management, sales and system engineering roles, at companies including Sourcefire (acquired by Cisco), HP, McAfee and Internet Security Systems (acquired by IBM). He is well known in the information security industry and has spoken at numerous Gartner events, as well as other industry events globally. Brian also serves as an advisory board member and holds a BA degree from The University of Georgia and an MBA from Kennesaw State University.

Hosts

BenCarr

Ben Carr

CISO at Qualys

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Top Cybersecurity Statistics/Trends/Facts, Zero Trust, & Hiring Strategies – 03:30 PM-04:00 PM

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Security Weekly Unlocked will be held IN PERSON this December 5-7 at the Hilton Lake Buena Vista!

    Keynotes from Alyssa Miller, John Strand, Lesley Carhart, & Dave Kennedy!

    Visit https://securityweekly.com/unlocked to register and check out our rockstar lineup!

Description

In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team, & more!

Hosts

BenCarr

Ben Carr

CISO at Qualys

LeeNeely

Lee Neely

@lelandneely

Senior Cyber Analyst at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Top cybersecurity statistics, trends, and facts – Survey data from the past year paints a picture for what your threat landscape will potentially look like in the coming months, including:

    – Phishing
    – Botnets
    – Cloud Security
    – Open-source and trhird party risks
    – Cyber Fraud
    – DDoS
    – Ransomware
    – Defensive preparation and response
    – Cybersecurity hiring/staffing

  2. What’s Next for the Federal Government and Zero Trust? – OMB’s draft memo on zero trust instructs agencies to achieve specific cybersecurity goals by the end of fiscal year 2024. The memo says agencies are required to make progress in the following five areas:

    1. Identity
    2.Devices
    3. Networks
    4. Applications
    5. Data

  3. 5 steps toward real zero trust security – Looking to advance in your zero trust journey? These steps will keep your strategy on track:

    1. Know what zero trust really means
    2. Identify what you want to protect
    3. Design the network from the inside out
    4. Log all traffic
    5. Commit to the long run, but take those first steps

  4. 4 Cybersecurity Strategies for Small and Midsize Businesses – Small and midsize businesses aren’t immune to cyber threats. They must research and prepare for attacks just as large enterprises would. Unfortunately, smaller companies typically have fewer resources and less talent available to help fortify against attacks. They should employ the following strategies for how to effectively respond:

    1. Monitor and Target
    2. Always Expect a Breach
    3. Create a Culture of Security
    4. Scrutinize Your Supply Chain

  5. Seven strategies for building a great security team – The dangers of a dysfunctional security team are easy to imagine, ranging from difficulty attracting and retaining talent to putting your organization at risk. These seven steps can make a world of difference:

    1. Accelerate career advancement
    2. Create a supporting cast
    3. Create teams that better reflect the overall population
    4. Hire for, and cultivate, nontechnical skills
    5. Build strong, resilient team players
    6. Show your team the mission
    7. Let your team members know what’s in it for them

  6. 3 Strategies to Rethink Hiring Cybersecurity Talent – Despite the ever-growing need to secure the public sector, hiring and retaining cyber professionals in state and local government has never been harder. Here are three tactics that may help:

    1. Redesign your hiring practices and pay scale for cybersecurity professionals
    2. Change what you are looking for and develop talent in house
    3. Partner more with the private sector

  7. How to survive and thrive in a meeting – How much will it cost if you take the hourly rate of everyone multiply by the length of the meeting? Make sure the meeting takes up the right amount in our working lives, no less-no more, but following these tips:

    1. Guard against your time
    2. Outline the outcome upfront
    3. Be cautious with your time
    4. All-in or leave
    5. Size matters
    6. The recurring is laziness
    7. Deliberately join the meeting