Leadership Articles – BSW #155



In-depth protection is a matter of basic hygiene, 4 strategies to find time for yourself, Enterprises muddled over cloud security responsibilities, and Screw Productivity Hacks: My morning routine is getting up late!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Full Episode Show Notes

To learn more about our sponsors visit: The Security Weekly Sponsor’s Page

Leadership Articles

  1. Security Think Tank: In-depth protection is a matter of basic hygiene – Defining “The Basics” is one thing, understanding what level of protection it gives you is another:Start with the basics:
    1. The IT estate is up to date with software and firmware patches.
    2. All default passwords have been changed.
    3. IT administrators and technicians have two accounts, one for day-to-day (email, report writing, and so on) and one for working on the IT estate.
    4. Only IT administrators and technicians have administrator privileges in the live network (users must not be given administrator access, even to their own company-provided PC).
    5. Good password policies are enforced, together with user access privileges and function (for example, sales should not be able to access HR files and people who only need to read files are restricted to read only).
    6. Unused accounts are regularly decommissioned or removed from the access control system.
    7. The IT estate as a whole is regularly backed up and there are easy-to-access policies, standards, procedures and work guides which are maintained and used.
  2. To Build a Strong Culture, Create Rules That Are Unique to Your Company – Could be unique to your team, provided it is aligned with the company goals and culture: Horowitz’s argument is as simple as it is powerful: You can’t create something unique and compelling in the marketplace unless you first create something unique and compelling in the workplace. Truly great organizations work as distinctively as they hope to compete.
  3. Is Air Gapping Really a Solution?
  4. Cyber security: How to avoid a disastrous PICNIC
  5. Why Working Alone Is Smart: 4 Strategies to Find Time for Yourself
  6. What isn’t ‘as a Service’ in enterprise technology? – Failure to adopt to the trend will come at a price, according to the tech leaders, who fear lagging adoption will bring about higher costs of maintenance (41%), office space (33%) and power (31%). It will also make their companies more susceptible to cyberattacks in the future, 35% of respondents said. – Remember, those percentages are not 100%, the “as a Service” decision is a case-by-case basis.
  7. the 3 lists you should be making – I liked one of the graphics here, it suggests a matrix for urgent/not urgent and important / not important. Delegate the tasks that are urgent, but not important. Great ;TLDR: Short-term priorities (break into errands/actual priorities): Don’t focus 100% of your time on these — make sure you’re prioritizing them and working on items that came from list #2 as well. Long-term priorities (things that will move the needle but aren’t necessarily urgent): Break these down into short-term priorities so you will get them done. Things you’ve done: Reflect on these and figure out if you’re spending your time on the appropriate things.
  8. 100 Customers hit by Ransomware Attack MSP – Sometimes saving some $$ upfront is not the best decision. Look at the long term and host with a reputable provider that can grow with you and offer more, and better, services to accommodate growth and more importantly stability and security.
  9. Enterprises muddled over cloud security responsibilities – We talked about this last week, what really got me the second time was how many companies believe they are “cloud-first” or “Already all in the cloud”. What does that really mean? Does it matter?
  10. Screw Productivity Hacks: My Morning Routine Is Getting up Late – I love this article: I am not an early riser. I don’t find mornings invigorating, I don’t do yoga with the sun coming up, I don’t read the paper in a quiet corner or sip on hot coffee as I check my email. I hate that shit.


Jason Albuquerque
Jason Albuquerque – CIO & CSO
Paul Asadoorian
Paul Asadoorian – Founder & CTO



  • We have exciting news about the Security Weekly webcast program: We are now partnered with (ISC)2 as an official CPE provider! If you attend any of our webcasts, you will be receiving 1 CPE credit per webcast! Register for one of our upcoming webcast with Zane Lackey of Signal Sciences, Ian McShane from Endgame, or Stephen Smith and Jeff Braucher of LogRhythm (or all 3!) by going to securityweekly.com/webcasts If you have missed any of our previously recorded webcasts, you can find our on-demand library at securityweekly.com/ondemand