bsw264

Business Security Weekly Episode #264 – May 23, 2022

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. The Data Dilemma: Securing All Data at Scale – 03:00 PM-03:30 PM

Sponsored By

sponsor
Visit https://securityweekly.com/imperva for more information!

Announcements

  • Don’t miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

  • Don’t forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Description

Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare.

With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments.

The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

Guest(s)

Dan Neault

Dan Neault – SVP and GM, Data Security at Imperva

Dan Neault is an accomplished technology executive with over 20 years of experience. He helped build and grow some of the most recognizable technology companies in the world as a senior leader at Microsoft, AWS, NetApp, and Samsung, and later as founding CEO of Stellus Technologies.

At Imperva, Dan helps customers solve complex data security challenges, bringing new data-centric security products and solutions to market for protecting, managing, and using data.

Dan holds a B.S. in Electrical Engineering with Liberal Arts Honors from Gonzaga University, and a M.B.A. in Finance and Marketing from The University of Chicago Booth School of Business.

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

LeeNeely

Lee Neely

@lelandneely

Information Assurance APL at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

2. The 3 Ts (Truth, Transparence, Trust), 4 Leadership Strategies, & 5 Best Predictors – 03:30 PM-04:00 PM

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Description

In the Leadership and Communications section, Uber CISO’s trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!

Hosts

JasonAlbuquerque

Jason Albuquerque

@Jay_Albuquerque

Chief Operating Officer at Envision Technologies

LeeNeely

Lee Neely

@lelandneely

Information Assurance APL at Lawrence Livermore National Laboratory

MattAlderman

Matt Alderman

@maldermania

Executive Director at CyberRisk Alliance

  1. Uber CISO’s trial underscores the importance of truth, transparency, and trust – Truth, transparency and trust are the three T’s that all CISOs and CSOs should embrace as they march through their daily grind of keeping their enterprise and the data safe and secure. Failure to adhere to the three T’s can have serious consequences.

    Case in point: A federal judge recently ordered Uber Technologies to work with its former CSO, Joseph Sullivan (who held the position from April 2015 to November 2017), and review a plethora of Uber documents that Sullivan has requested in unredacted form for use in his defense in the upcoming criminal trial.

  2. How the CIO can become a board ally – CIOs should embrace this attitude and enable the enterprise to treat risk as a business opportunity. Create a board proposal that demonstrates how digital technology can meaningfully improve business performance in the context of the top risks perceived by the board of directors. This may include:

    – Long-term economic uncertainty: Demonstrate the possibilities of technology to reinvent business strategy, business capabilities and value streams, such as by developing a real-options strategy to hedge against changing business conditions.
    – Digital disruption: Suggest increasing the enterprise’s business composability or implementing an agile business system, which will enable the enterprise to change strategies more easily.
    – Loss of markets due to shifts in customer behavior: Focus on improving the digital customer experience or recommend bolder steps, such as embracing machine customers and the programmable economy.
    – Cybersecurity threats: Highlight the need to treat cybersecurity as a business risk and the importance of designing cybersecurity into products and systems from the beginning.

  3. 8 Ways to Avoid CISO Burnout – Where can we start?

    1. Be aware of your stress level
    2. Identification and communication
    3. Eat, move, and sleep
    4. Establishing boundaries
    5. Alternatives to recruitment
    6. Foster a security-first culture
    7. Invest in the right tools
    8. Set reasonable expectations

  4. 4 Leadership Strategies to Help Women Advance in the Tech Industry – While there are no quick fixes, these steps will expand the roster of female leaders in tech:

    1. Being aware of inequities imposed by a hybrid economy
    2. Sharpening the saw for professional advancement
    3. Bridging the confidence gap
    4. Pursuing the benefits of mentorship

  5. Cybersecurity Onboarding of New Suppliers – Most often, once in the position to set security requirements for providers, the challenge is to choose what to ask for. Options are mind boggling, as you can easily devise a single question, or several hundreds of questions to ask. Here are a few approaches:

    Option 1: Liability
    Option 2: Shared responsibility
    Option 3: Certification

  6. Stop Rambling in Meetings — and Start Getting Your Message Across – While it’s important to share your point of view in meetings, it’s critical to know when and how. You don’t want to monopolize the conversation. In this piece, the author offers practical tips for sharing the floor so that you can get your message across more effectively. First, take time to reflect after meetings. If you feel like you have been sharing too much, look back and consider who else contributed. Ask yourself honestly: “Did I talk over people?” Estimate how much of the meeting you were speaking. Also consider using other communication channels to share your ideas. For example, can you keep a running list of your brilliant insights on your computer so you’re better prepared to share them in the next meeting? Or, can you share ideas in a non-meeting setting — for example, in a follow-up email or an internal chat platform? It’s also helpful to give yourself a signal to pause and to practice compressing your thoughts. A trusted colleague or advisor can also provide insights into how you’re meeting your goal of talking less and listening more.
  7. 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them – Here are the five biggest predictors of employee turnover during the Great Resignation, according to SMR, and how much more important they are than compensation:

    1. Toxic corporate culture (10.4 times more important than compensation in predicting turnover). A toxic corporate culture — meaning “failure to promote diversity, equity, and inclusion; workers feeling disrespected; and unethical behavior” — is the leading driver of employee exits.
    2. Job insecurity and reorganization (3.5x). When companies face bleak prospects, they often lay off and reorganize employees. Employees in such companies — expecting either being managed out or, if not, being required to take on a heavier workload — are more likely to jump ship.
    3. High levels of innovation (3.2x). The most surprising finding of this research is that the more employees talked positively about innovation, the more likely they were to quit. The reason could be that with innovation comes longer hours, a faster work pace, and poor work-life balance.
    4. Failure to recognize performance (2.9x). High-performing employees are the most likely to resent a lack of recognition for their results. Companies that fail to recognize — informally and financially — their higher productivity suffer from higher turnover.
    5. Poor response to Covid-19 (1.8x). Employees who mentioned Covid-19 more frequently or described negatively their company’s response to the pandemic were more likely to quit.