bsw247

Business Security Weekly Episode #247 – January 24, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Securing the Digital Value Chain – 03:00 PM-03:30 PM

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Join us February 16th to learn about validation techniques within applications. Then join us March 2nd to learn five things you can do to catch more bad guys! To register for these webcasts visit https://securityweekly.com/webcasts. Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.

Description

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO’s think about how to apply cyber to enterprise resiliency?

Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities.

If you want learn more or sign-up and try Galaxy for free, please visit securityweekly.com/galaxy.

Guest(s)

Mark Fernandes

Mark Fernandes – Global Chief Technology Officer (CTO) at CyberRes, a Micro Focus Line of Business

In his role as Global Chief Technologist, Mark drives our acceleration through a business-centric approach to engaging with CISO’s, CIO’s, the board and other executives.

Mark comes with over 30 years in cyber, 26 of which were in cyber consulting. As a consultant, he has worked with many of our top priority global accounts, prospects and has built strong relationships with Global System Integrators that will help drive our market adoption and go-to-market. In his role at Deloitte and Accenture he served on the Global Leadership Team and helped drive the organizational cyber go to market strategy, business growth strategy and market acceleration.

Mark has partnered with Micro Focus for over seventeen years and is one ArcSight’s earliest adopters globally. He formed the first strategic (SI) alliance with ArcSight in 2003 and built one of the biggest consulting practices in cyber operations at Deloitte.

Hosts

BenCarr

Ben Carr

CISO at Cradlepoint

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. Mastering Art and Science, Stakeholder Trust, and Trustworthy Computing – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • CRA’s Business Intelligence Unit has launched its next survey on Zero Trust! What are Your Barriers to Zero Trust Implementation? Take our survey and enter to win a $500 Tango card by visiting https://securityweekly.com/zerotrust. Report results will be released at our upcoming Zero Trust E-Summit in March!

Description

In the leadership and communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more!

Hosts

BenCarr

Ben Carr

CISO at Cradlepoint

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Cybersecurity Will Become the Top Agenda in Boardroom Discussions – Three reasons why cybersecurity will Become the top agenda in boardroom discussions:

    1. Ransomware threats will continue to evolve.
    2. Cybersecurity enters the boardroom.
    3. Heightened scrutiny by cyber insurance companies on organizations’ cyber hygiene.

  2. Mastering Art and Science Is Imperative for CISOs to Be Successful – Here are five key attributes that make a CISO or other technology executive a strong and effective leader – one who will help the company earn the trust that stakeholders seek:

    1. Create value.
    2. Influence.
    3. Willingly collaborate.
    4. Top off your tech skills.
    5. Become immersed in the business.

  3. Seven Ways to Ensure Successful Cross-Team Security Initiatives – After making some observations and doing some thinking, I believe that I have identified several important factors. While there are surely others, here are seven ways to ensure successful cross-team security initiatives:

    1. Executive support
    2. Clear priorities
    3. Responsible party
    4. Adequate resources
    5. Trust
    6. Attainable milestones
    7. Regular touchpoints

  4. The Successful CISO: How to Build Stakeholder Trust – As growing security concerns boost the visibility of Chief Information Security Officers, how should CISOs best navigate today’s challenges to earn shareholder trust?

    1. Use your Personal Brand for Good
    2. Always Work Through the Lens of Trust
    3. Choose your Platform
    4. Set your Own Boundaries
    5. You Can’t Fake It
    6. Seek Expert Help

  5. 2 Key Cybersecurity Lawmakers Will Not Seek Reelection – Cyber-Focused Reps. Jim Langevin, John Katko Announce Congressional Retirement
  6. Research: Why Employees Violate Cybersecurity Policies – In the face of increasingly common (and costly) cyberattacks, many organizations have focused their security investments largely on technological solutions. However, in many cases, attacks rely not on an outsider’s ability to crack an organization’s technical defenses, but rather on an internal employee knowingly or unknowingly letting a bad actor in. But what motivates these employees’ actions? A recent study suggests that the vast majority of intentional policy breaches stem not from some malicious desire to cause harm, but rather, from the perception that following the rules would impede employees’ ability to get their work done effectively. The study further found that employees were more likely to violate policy on days when they were more stressed out, suggesting that high stress levels can reduce people’s tolerance for following rules that seem to get in the way of doing their jobs. In light of these findings, the authors suggest several ways in which organizations should rethink their approach to cybersecurity and implement policies that address the real, underlying factors creating vulnerabilities.
  7. 20 years after Gates’ call for trustworthy computing, we’re still not there – Then-Microsoft CEO Bill Gates spelled out what his company needed to do to build in better security two decades ago. And yet….

    Gates closed out his memo with this: “Going forward, we must develop technologies and policies that help businesses better manage ever larger networks of PCs, servers and other intelligent devices, knowing that their critical business systems are safe from harm. Systems will have to become self-managing and inherently resilient. We need to prepare now for the kind of software that will make this happen, and we must be the kind of company that people can rely on to deliver it.”