bsw253

Business Security Weekly Episode #253 – March 07, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Solving the Security Paradox – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/extrahop for more information!

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Description

Something is seriously wrong with our current approach to cybersecurity––the more we spend, the worse the situation becomes. In an industry plagued by a chronic talent shortage, one thing is clear: simply throwing another tool in the mix isn’t the path to better security. If we’re going to solve the security paradox, we’re going to need a cross-functional, in-depth analysis of the problem and a structured approach to fixing it. Michael McPherson joins Business Security Weekly to share tactical questions that security leaders can ask themselves and their teams in order to build a better overall approach to defense. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Guest(s)

Michael McPherson

Michael McPherson – Product Marketer at ExtraHop

Michael McPherson leads managed threat detection and IR services marketing at ExtraHop. He has over 20 years in cloud, security and network product marketing on both the product and services delivery sides. Michael is passionate about developing and growing solutions that solve real problems and impact the lives of users.

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. 7 Questions, 7 Mistakes, and a CISO Checklist – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don’t forget to check out our library of on-demand webcasts & technical trainings at https://securityweekly.com/ondemand.

Description

In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let’s see if those align), CISO Checklist for Offboarding Security Staff, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. 7 Pressing Cybersecurity Questions Boards Need to Ask – Boards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster.

    In this article we offer 7 questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.

  2. 7 mistakes CISOs make when presenting to the board – Talking to the board about cybersecurity in a way that is productive can be a significant challenge, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organization. Here are some common mistakes that CISOs make when speaking to the board:

    1. Using over-technical security language
    2. Focusing on the wrong threat impacts
    3. Relying on out-of-box cyber risk reporting
    4. Failing to prepare for potential questions
    5. Oversharing and security scaremongering
    6. Presenting cybersecurity as a cost center
    7. Not investing in relationships outside the boardroom

  3. Time to Deal with Cyber Security Strategically, and from the Top Down – This is no longer just about tech — if it ever was. This is about protecting the business against cyber-attacks which have now become a matter of “when, not if”. This is no longer something you can push down in the organisation.

    If the board does not see the need — or does not feel qualified — to step in, nothing will never change for good around cyber security because it has simply become too complex and too transversal in large organisations. Bottom-up approaches will continue to pour cash down the drain and CISOs will continue to leave every other year out of frustration. And breaches will continue to happen.

  4. How to Create a Cybersecurity Disaster Recovery Plan – ReadWrite – Your recovery plan will detail the steps your organization needs to take to stop losses, end the threat, and move on without jeopardizing the future of the business. These are some of the biggest goals you’ll need to achieve with any plan you develop.

    1. Business continuity.
    2. Data protection.
    3. Loss minimization.
    4. Communication.
    5. Restoration.
    6. Improvements.

  5. CISO Checklist for Offboarding Security Staff – This article assumes that you have already taken the routine measures. If you haven’t, fix the basics first. We’ll focus only on the extra steps necessary to offboarding security staff, based on the advice of many CISOs and other security professionals.

    1. Time the Parting Well
    2. Prepare for the Great Boomerang
    3. Enlist Help from Your Security Team
    4. Do the Insider Threat Checks
    5. Do a Last-Day Audit
    6. Check the Silos
    7. Notify Other Affected Parties
    8. Kill the BYOD Network Permissions and Wipe Devices
    9. Disable/Deny Physical Access Permissions
    10. Transfer Data Ownership
    11. Check All Codes
    12. Shut the Backdoor
    13. Secure Security Systems
    14. Find and Save Configurations
    15. Check Incident and Log Data
    16. Look Again

  6. Importance of soft skills in Technology – Let’s look at some examples that illustrate the value of soft skills:

    1. Career growth and promotion
    2. Adapting to the modern workplace
    3. Improves customer service

TylerRobinson

Tyler Robinson

@tyler_robinson

Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element