This podcast focuses on many non-technical aspects of cyber risk, cyber security and information security at the intersection of technology and managing to business expectations. Guests include CIO's, CEO's and CISO's discussing the many facets of the information security industry, what matters, w…
As a CISO, could you be hemorrhaging cash without even knowing? Tune in to our discussion with Eric Olden, CEO of Strata, as we cast a spotlight on the potential costs of not tightening your cybersecurity, especially during cloud migration. We expose the financial pitfalls of operating outdated software, managing infrastructure, and rewriting applications. Plus, we offer you a secret weapon - identity orchestration, a smart solution that can save you money and elevate your security.Seize this chance to explore a realistic method to measure the cost of neglecting your cybersecurity and discover how you can strategize for expenses related to cloud transition. Benefit from Eric's insights about the power of third-party research in generating a Total Economic Impact report for informed strategic decisions. Be ready for a paradigm shift as we tackle the issue of demonstrating ROI and fostering customer adoption of identity orchestration. This episode promises to shake up your understanding of cloud security and identity orchestration, inspiring fresh strategies for a safer, more cost-effective businessHost: Josh Bruyning
Dive deep with us into the fascinating world of storytelling as it intersects with cybersecurity. We're debunking common myths and shedding light on the transformative power of organizational archetypes. Jeff Weatman leads the discussion, challenging the stereotypical portrayal of the CISO as the central hero of cybersecurity.In a captivating twist, Jeff Weatman proposes that the CISO, instead of being the typical hero, plays the role of the wise old sage, a vital yet supporting character. He intriguingly identifies the actual heroes as the CEO, CFO, Board Members, Customers, and Partners. Get ready to rethink cybersecurity dynamics and recognize the true champions of this digital battlefield.A strategic thought leader with extensive expertise in security and cyber risk management, Jeffrey Wheatman is regarded as a foremost expert in guiding public sector clients and Fortune 500 companies in connection with their cybersecurity and risk management programs. Jeffrey's history of working with clients to plan, grow, and transform their cyber risk management programs has been instrumental in ensuring organizations' continued viability and health as they define short- and long-term expansion plans. Under Jeffrey's guidance, board and C-level leaders are fortified with the best practice solutions to realize exceptional performance outcomes.In his current capacity as SVP, Cyber Risk Evangelist at Black Kite, Jeffrey has been tasked with raising awareness of the enterprise-wide risk impacts of third-party risk, both in the digital and traditional supply chain and supporting the strategic vision of the executive leadership team and investors.Most recently, Jeffrey acted as a VP, Advisor with Gartner, the global strategic advisory firm, where he worked with clients to build and improve their security programs, assess risk, focus on reporting on program status, metrics, performance management, stakeholder engagement, executive communication, and bridging the connection between technology and security risk.
Nick Means has been leading software engineering teams for more than a decade in the healthtech and devtools spaces. His focus is on building distributed organizations defined by their cultures of high trust and autonomy. He's also an international keynote speaker, having shared his unique brand of storytelling with audiences around the world. He works remotely from Austin, TX, and spends his spare time going on adventures with his wife and kids, running very slowly, and trying tobrew the perfect cup of coffee.
In this episode, we have a very special guest joining us to discuss the essentials of building a cybersecurity program from scratch.Allan Alford, the founder of Allan Alford Consulting, brings a wealth of experience and a unique perspective to the table. Since launching his boutique cybersecurity consulting practice at the end of 2019, Allan has been dedicated to helping organizations efficiently implement and manage security programs and projects. With a focus on long-term relationships and custom solutions, Allan's approach ensures that each client's unique needs are met with the highest level of expertise.But that's not all! Allan Alford Consulting also offers coaching services for aspiring and new CISOs, helping them navigate the ever-changing landscape of cybersecurity leadership.In today's episode, Allan will share his insights on the fundamentals of building a robust cybersecurity program, the importance of understanding an organization's unique needs, and how to forge strong partnerships with business leaders.Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)
The Center for Internet Security, Inc. (CIS®) makes the connected world a safer place for people, businesses, and governments through our core competencies of collaboration and innovation.Join us as we discuss the impact that CIS Controls can have on your small to medium business. We dive into the mission of the Center for Infromation Security, membership, CIS Critical Controls, CIS Implementation Groups and much more!Hosts:Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)
Marcus Bartram is a General Partner at Telstra Ventures, a San Francisco-based VC firm that invests in mid-stage tech companies. He's on the founding team and has led investments in cybersecurity companies like CrowdStrike, Auth0, Anomali, Cequence, CloudKnox, Cofense, CyberGRX, Elastica, vArmour, and Zimperium.Hosts:Josh Bruyning, Sr. Solutions Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)
In this episode of The Business of Security, we discuss Dr. Robinson's upcoming book, Mind the Tech Gap, and how to manage the problem of low to non-existent collaboration between IT and Security teams. This conversation covers tools and techniques for creating a rich, collaborative environment for organizations in order to achieve security goals. Guest:Dr. Nikki Robinson, Security Architect at IBM, Adjunct Professor at Capital Technology University Hosts:Josh Bruyning, Solution Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)Mind the Tech Gap: Robinson, Nikki: 9781032206165: Amazon.com: Books
Top Tips for getting into the security industry and future proofing your strategy. This podcast will focus on Quentyn's long career in cyber security and how working for the same company for a long period of time years has enabled him to build resilience and always think years ahead when executing a strategy. Quentyn has a wealth of knowledge experience in both the IT and information security arenas and has driven Canon's strategy to highlight the importance of document security and help business customers to minimize their security risk. HostJosh Bruyning, Solution Engineer @TrustMAPPGuest:Quentyn Taylor, Senior Director, Information Security and Global Response @Canon Europe Sponsored by:TrustMAPP
In this episode, guest John Checco, Resident CISO at Proofpoint, makes a compelling case for CISO succession planning. As John takes us through his journey as a CISO, we learn how companies factor skills, background, and strengths into their short to long-term succession plans. The average estimated tenure of a CISO is only 26 months. 85% of surveyed CISOs say they are now looking for another role or would consider an opportunity if presented. Unless you take aggressive retention action, it is only a matter of time before you are recruiting again. We discuss the tenets of succession planning, how to find a successor, and what transferring ownership entails. John gives us deep insight into relationship handoffs, which often involve organizations and personnel, both internal and external. We identify a successor's essential qualities, including leadership skills, organization ability, knowledge and experience, and cultural fit. In addition to primary skills, we discuss secondary skills such as project management, administrative competence, and background diversity.Guest:John Checco, Resident CISO @Proofpoint Hosts:Josh Bruyning, Solution Engineer @TrustMAPP and Chad Boeckmann, Founder/CEO @TrustMAPPSponsor:TrustMAPP (https://trustmapp.com)
In this episode, guest Bill Nelson, CEO of the Global Resiliency Federation (GRF), talks about the GRF’s mission to help organizations in myriad industries share critical security threat information so they can all better defend themselves. Bill lays out the history of GRF – how it emerged from the work he did at FS-ISAC, where he grew membership from 170 banks to 7,000. Bill led a team that was tasked with helping other industries set up their own security information sharing programs, based on what FS-ISAC was doing, leading to the creation of ISACs and ISAOs for legal, oil & gas, retail, energy, and healthcare. You’ll also learn how the Uniform Commercial Code, article 4, in its description of “commercially reasonable” security, and who’s financially liable after a breach, drove banks to take security controls like anomaly detection, MFA, and DDoS prevention a lot more seriously. GRF’s newest security information exchange, K12SIX, aims to protect K-12 schools, which have become the newest targets for ransomware, with attacks ballooning from 10 per year just a few years ago to more than 400 in 2020, and ransoms increasing from $20k to an astonishing $40M.Guest:Bill Nelson, CEO of Global Resilience Federation (GRF)Host:Chad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
Join Chad and special co-host Allan Alford for an enlightening conversation with Wil Klusovsky, Global Cybersecurity Strategy, Governance, Risk & Compliance (SGRC) Offering Lead at Avanade.The three of them take on the sometimes confusing realm of CISOs, Deputy CISOs, Business ISOs, and virtual CISOs. In this episode, hear about:How responsibilities vary from one job title to the next.Why the BISO makes sense in large organizations with disparate business units.How the Deputy CISO roll emerged in the government space but has moved out to commercial enterprises.Why every organization needs a CISO, and why vCISOs are critical to making that happen.Guest:Wil Klusovsky, Global Cybersecurity Strategy, Governance, Risk & Compliance (SGRC) Offering Lead at AvanadeHosts:Allan Alford, CTO & CISO, TrustMAPPChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
Join Chad and Malcolm as they chat with Gus Thompson, Consulting Managing Director at TruDoss, about business resilience. In this episode, hear about:How one breach of a company he previously worked for led to them to learn and develop new principles of resiliency.How those principles and play book helped them when they were hit with another breach, and how much better and faster their response was.Learn why Gus distinguishes between cyber security (protects the data), and cyber resilience (protects the business).Discover why Gus defines resiliency as Cope and Recover, and how organization can learn to do better and faster the next time.Guest:Gus Thompson, Consulting Managing Director at TruDoss Hosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode, guest Ben johnson, co-founder and CTO of Obsidian Security, discusses how he got into cybersecurity (after seeing the movie "Enemy of the State"), got into US intelligence, got tired of the polygraphs, and ultimately ended up co-founding Carbon Black. It's a fascinating journey!Today, Ben is focused on continuous security monitoring of SaaS environments, and figuring out how a security team can protect their organization's SaaS accounts that they don't even have access to!Guest:Ben Johnson, Co-Founder and CTO, Obsidian Security Hosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode, guest Drew Spaniel walks us through the new law passed in late 2020, The IoT Cybersecurity Improvement Act of 2020 (HR 1668), and how if will affect not just US federal government procurement, but IoT device manufacturers, and consumers as well.The Act calls for IoT devices to be secured by manufacturers based on NIST guidance and cybersecurity best practices. From the Congessional Budget Office: "Under H.R. 1668, NIST also would publish standards for federal agencies, contractors, and vendors to systematically report and resolve security vulnerabilities for IoT devices. Each agency’s chief information officer would be required to ensure compliance. OMB would establish federal standards for that coordinated reporting process that are consistent with NIST’s standards and guidelines."Guest:Drew Spaniel, Lead Researcher, ICIT (Institute for Critical Infrastructure Technology)Hosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode, guest John Prokap discusses the cyber security needs of small and mid-sized businesses, and if and when they need to hire a CISO. His discussion with hosts Malcolm and Chad covers:Why SMBs absolutely need a security programHow and when to hire a vCISO, and when it's time to hire a full-time CISOHow industry associations can help their SMB membersThe headwinds of change that a CISO will encounter, including "Technical Ego"Why SMBs need to think about "Extinction Events" in their security planningRecoil in horror as John, Malcolm, and Chad share stories from their pasts, including: users with one-character passwords, RSA auth tokens zip-tied to forklifts, and how one company had more domain admins that IT staff.Guest:John Prokap, former CISO at HarperCollinsHosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode, we feature our guest Miguel El Lakkis. Miguel recently transitioned from News Corp to Cantor Fitzgerald and in this process he describes the method commonly used by CISO's to properly transition a security program to a successor. We discuss the various aspects of a security program that may change over time and how to address constants to avoid duplication of efforts. The CISO responsibilities should be managed like a relay race not a marathon to make for a smoother transition now and into the future. Malcolm offers up another approach where the focus is on talent management and always identifying a successor for each role within the security program. I guarantee you will learn something new in this episode!Guests:Miguel El Lakkis, CISO, Cantor FitzgeraldHosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode we discuss the process of recruiting, identifying culture fit and managing trust with a remote workforce and how these components impact the security profile of a company. The discussion begins with identifying an appropriate recruiting process for a remote workforce and measuring the appropriate candidates to hire in a remote workforce scenario. We also dive into how this remote work environment has opened up a potentially broader skillset that previously may not have been available for open opportunities. Lucinda defines for us Trust in the Workforce: Capability, Reliability, Intent and answers the question of which of these three criteria is coachable.Malcolm discusses the security implications and and how these things have not changed a whole lot while determining where specific controls may have failed and the importance of continually managing expectations for security and applying awareness while reinforcing training. Further the discussion dovetails into how effective security performance management provides the transparency of these controls. Guests:Lucinda DuToit, VP of Human Resources, DigineerHosts:Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, Founder/CEO, TrustMAPPSponsor: TrustMAPP (https://trustmapp.com)
In this episode we invite special guests Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure Technology (https://icitech.org), James Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip Technology (https://www.microchip.com) and Paul Phillips, Principal Embedded Solution Engineer, Microchip Technology. We also hear from privacy expert Kirk Nahra, Partner and Co-Chair of Privacy and Cybersecurity Practice at WilmerHale. This second episode in a multi-part series is packed full of information and trends related to IoT cybersecurity regulation and emerging practices. We hear from experts on the Europe and UK regulations as well as garner perspective from Kirk Nahra who lends insight from a legal and privacy standpoint on consumer best practices for IoT cybersecurity regulation. Topics covered include:Emerging regulatory requirements for IoT cybersecurity in United KingdomRelevant guidance from NIST in the U.S.Impact of IoT cybersecurity regulatory requirements for both manufacturers and retailersHow companies can integrate IoT cybersecurity in the real worldFuture looking trends and considerationsGuests:Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure TechnologyJames Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip TechnologyPaul Phillips, Principal Embedded Solution Engineer, Microchip TechnologySpecial Commentary by:Kirk Nahra, Partner and Co-Chair of Privacy and Cybersecurity Practice at WilmerHale. Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic(https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP(https://www.linkedin.com/in/chadboeckmann/)Sponsor: TrustMAPP (https://trustmapp.com)
In this episode we invite special guests Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure Technology (https://icitech.org) and James Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip Technology (https://www.microchip.com). In this episode we dive into the unique aspects of IoT Security and how the culture of security is so critical across engineering teams who previously designed and built systems that were not connected to internet services. With a new shift and massive influx in IoT devices, specifically concentrated in the industrial IoT market, understanding the culture of security - specifically IoT security is more important now than ever. This episode covers:Where to begin to start measuring IoT SecurityQuantifying Impact on business with regard to IoT cyber hygieneIoT Rise of DisruptionCommitment versus ComplianceBridging intracompany communication breakdownsGuests:Drew Spaniel, Lead Researcher, Institute for Critical Infrastructure TechnologyJames Russell, Worldwide Group Leader, Wireless Connectivity Specialists and IoT Security Team, Microchip TechnologyHosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic (https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP (https://www.linkedin.com/in/chadboeckmann/)Sponsor: TrustMAPP (https://trustmapp.com)
On this episode of the podcast Benny Lakunishok, Co-Founder of Zero Networks, join Malcolm Harkins and Chad Boeckmann to explore the industry's continuous adoption and adaption of prevention -> detection -> prevention technologies. The group dives into the maturity of machine learning and where the industry is overall as well as how adoption of new technologies is imperative to maintain adequate risk posture over time while serving the best interests of business.Guest: Benny Lakunishok, Zero Networks (LinkedIn)Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic (https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP (https://www.linkedin.com/in/chadboeckmann/)
In this episode, Malcolm Harkins and Chad Boeckmann speak with John Brennan, Partner at YL Ventures. This episode provides a perspective of how venture capital firms are reacting to and supporting their cybersecurity portfolio companies during an unprecedented pandemic in our modern time. In this episode we discuss trends of security teams and John discusses advice their firm is providing to other cybersecurity startups. Further in the discussion Malcolm and John discuss the context of business risk with regard to pandemic response and how this type of risk can take different forms but also shape varying perspectives. The is the first time our podcast has gained perspective directly from a venture capital firm and the episode is information packed with guidance for both the buyers and vendors in managing the business of security. Guest: John Brennan, YL Ventures (https://www.ylventures.com/people/john-brennan/)Hosts:Malcolm Harkins, Chief Security and Trust Officer, Cymatic (https://www.linkedin.com/in/malcolmharkins/)Chad Boeckmann, Founder/CEO, TrustMAPP (https://www.linkedin.com/in/chadboeckmann/)
Overloaded Security Leader? In this episode Michael Lines joins Chad Boeckmann and Malcolm Harkins in a discussion about tactically prioritizing security efforts and what it means to get real traction. This episode explores supplier risk versus third-party risk and how this relates to overall business objectives and outcomes. Further discussion evolves into the problematic challenge of a new CISO where results must be achieved now and how to set-up a "trading" system internally to curtail budget and achieve progress without unnecessary investments in more tools that can at times cause more complications than benefit. In summary this episode explores how to overcome the overloaded mindset as a security leader. Listen now!Guest: Michael Lines, CISO (https://heuristicsecurity.com/about-heuristic-security/)Hosts: Malcolm Harkins, Chief Security and Trust Officer, CymaticChad Boeckmann, CEO TrustMAPP (d.b.a Secure Digital Solutions)Sponsored by TrustMAPP (https://trustmapp.com)
In this episode co-hosts Malcolm Harkins, Security and Trust Officer at Cymatic and Chad Boeckmann, CEO at TrustMAPP, speak with Jason Lish, Privacy, and Data Officer at Advisor Group about mentoring the next security leader and creating a back up for existing cyber security leadership. The discussion evolves into skill types, as well as organization maturity and fitting the right leader profile with the appropriate security program stage a company may be currently managing. Both Jason and Malcolm leave our listeners with wisdom and guidance to consider on the topic of "Build or Buy" the next security leader.Jason Lish: https://www.linkedin.com/in/jasonlish/Malcom Harkins: https://www.linkedin.com/in/malcolmharkinsChad Boeckmann: https://www.linkedin.com/in/chadboeckmann/Brought to you by our Sponsor: TrustMAPP
The podcast is back with fresh new content. In this episode Chad Boeckmann talks cybersecurity value, business engagement and contemplating risk versus measuring risk with Malcolm Harkins. The security team of course must align to the business but just as important the business must align with security. So how do we accomplish this? What approach is best practice? Do you need to quantify all the risk? How do I design my control environment to meet all the demands of the business while reducing assessment and compliance fatigue? All these questions and more are answered in our discussion. LinkedIn: https://www.linkedin.com/in/malcolmharkins/Twitter: https://twitter.com/ProtecttoEnablehttps://trustmapp.com
In this episode Chad Boeckmann interviews Adam Stone about the new California Consumer Privacy Act of 2018 (CCPA). The discussion leads off with the comparison of GDPR to CCPA some similarities and differences between the two. The latter half of the interview dives into a role-play of scoping a business for CCPA compliance. Adam guides our listeners through a qualification process to determine the scope and breadth of CCPA privacy compliance based on a series of qualifying questions and describes the basis for asking these questions. LinkedIn: https://www.linkedin.com/in/adambstone/Web: https://trustsds.com/about-sds/leadership-and-credentials/adam-stone/
Kristin Judge brings a very interesting background in counseling, teaching, public service and leadership to drive cybersecurity awareness and learning to the masses. Ron Woerner and Kristin have a conversation about the qualities of a good leader and how this can translate into driving change and awareness across the cyber security landscape. Kristin stresses the importance of having a mentor and mentee relationship no matter the level of your current role. In the second half of the podcast Kristin takes us through the development of the Cybercrime Support network and the benefits this offers to people impacted by cybercrime where traditional law enforcement may not necessarily be the appropriate avenue or have the right tools to respond to the crimes that occur through electronic interactions.LinkedIn: https://www.linkedin.com/in/kristin-judge-1108b624/Websites:CybercrimeSupport.org Fraudsupport.org
Bob Zukis, CEO of Digital Directors Network and Professor at USC Marshall School of Business, took time out of his busy schedule to talk about cyber risk and board awareness with Chad Boeckmann on this episode. Bob discusses the results of a panel survey from the NACD (National Association of Corporate Directors) annual summit in Washington DC relative to cyber security and cyber risk. Bob talks about the urgency for Board's to address cyber risk as part of the regular agenda and warns if companies do not begin to take this initiate regulators will enforce action to do so. Ensuring transparency of a governing board to address cyber risk is the heart of the matter and having the necessary skills on the board to adopt and manage cyber risk at eh board level is ultimately where organizations need to focus. We continue the dialogue on trends for this adoption and the estimated timeframe for cyber risk expertise to sit on boards across all public companies. If you are a corporate director with fiduciary risk, you really should listen closely to this episode to understand how to address the cyber risk challenge at the board level.Digital Director Network (DDN): https://www.digitaldirectors.networkTwitter: https://twitter.com/BobZukisLinkedIn: https://www.linkedin.com/in/bobzukis/USC Marshall Profile: https://www.marshall.usc.edu/personnel/bob-zukis
Ron Woerner connects with Joyce Brocaglia, CEO of Alta Associates and Founder of Executive Women's Forum. Joyce covers the importance of investing in one's own career and how to grow into a leadership CISO role to gain the proverbial "seat at the table" with the business. Further discussion leads to describing the importance and approach to building diverse and competitive teams in cyber security and privacy. Joyce takes us through the history of the Executive Women's Forum now on its' sixteenth year. Finally Joyce answers the question: "What do business leaders need to know and understand to build and run a cyber security program?"Executive Women's Forum: https://www.ewf-usa.com/Alta Associates: https://www.altaassociates.com
If you have written off your local library you may be underestimating the true value it can deliver that "automatically" brings you privacy. Take a journey on this very special episode to uncover the treasures The New York Public Library holds and also specific privacy rules around the use of any library's resources. Bill Marden is our guest and he also is an excellent tour guide providing specific details of how The New York Public Library is an institution consisting of research, museum-quality artifacts and multi-media resources. Bill covers case law around privacy of library resources as well as the history itself of The New York Public Library. This is the most cultured episode of the season!
Information security poverty line - Ron and George discuss the segment of teams who can succeed and those are are handicapped. Diving deeper George uncovers his current project for a book he is writing titled "9 Habits to Be Cyber Secure". Ron inquires with George about cultivating good habits for a community of professionals. As an industry we tend to focus on the technology and typically pay less attention to people and process. Looking at different aspects of improving cyber security such as psychology and neuroscience to improve behaviors of the community. Growing people into the habits gradually over time to improve the overall cyber security posture for both organizations and individuals.
Are you ready? This is an action packed, information filled episode with Allan Alford the CISO for Mitel. Allan covers 4 key points to achieve GDPR "alignment" and takes us through the journey of accomplishing these four key phases as a CISO. Towards the latter half of the episode we dive into evolution of relationship between privacy and security while looking into the future role of the CISO. Don't miss this one!Allan is on LinkedIn: https://www.linkedin.com/in/allanalford/Twitter: https://twitter.com/AllanAlfordinTX
Chris Hadnagy joins Ron Woerner on this season 2 episode 6 titled Hacking the Human. A master of social engineering, Chris starts the episode with real-world scenarios that interesting and entertaining based on real-life social engineering exercises he has conducted. Further in the episode Chris shares valuable insight into understanding people and the value of becoming an active listener - specifically as a leader. Ron dives into the inevitable of being phished with Chris providing insights on responding to phishing attacks and improving protection in the future. Linkedin: https://www.linkedin.com/in/christopherhadnagy/Twitter: @SocEngineerIncWeb: social-engineer.com
Ben Rothke joins Ron Woerner on this episode to discuss Ben's experience that lead to his book titled Computer Security: 20 Things Every Employee Should Know (McGraw-Hill). Ben addresses the question "what has changed in 20 years" and also reviews some best practices that are very relevant today. Focusing security on the data is where the conversation should start and build out cybersecurity capabilities from there. As cybersecurity is no longer an option, it is a cost of doing business, this episode speaks to the necessity and potential trade off of investing in cyber security. Ben follows up with the top skills a person should have to be a great cyber security practitioner.Ben Rothke's website: http://www.rothke.comAuthor of: Computer Security: 20 Things Every Employee Should KnowTwitter: @benrothke
Adam Shostack is the author of the book titled Threat Modeling: Designing for Security (Wiley, 2014). He also is a co-author of The New School of Information Security (Addison-Wesley, 2008). Adam is a veteran in the cyber security industry having spent over eight years with Microsoft where he focused on threat model tools and techniques. In this episode Ron and Adam discuss the ROI of threat modeling as well as address the fear security practitioners sometimes have with the agile development process. Adam leaves us with his top three items business leaders must know! Don't miss it. Reach Adam on Twitter:@adamshostack Threat Modeling Book:https://threatmodelingbook.com
What is DevSlop you ask? Tanya Janca take us through the landscape of DevSecOps (application security in a DevOps environment) and compares this to more traditional approaches to security and application development lifecycles. Tanya addresses the requirements for a success lifecycle process no matter the model and takes us through how to be successful with application security design principals. Tanya and Ron discuss training resources as well. Follow Tanya on Twitter at: https://twitter.com/shehackspurpleWeb: https://medium.com/@shehackspurple
Robert Baldi joins Ron Woerner on the Business of Security Podcast Series for a discussion about Cyber Security Audit and using the audit capability as a way to leverage change and enhance overall security performance. Robert discusses using a mathematical formula for risk and translating this back into the investments for a Board discussion. Collaboration between security, audit and risk teams is key to success of all three parties.
Chad Boeckmann and Ron Woerner discuss the theme of Season 2 podcast, upcoming guests and also share some of their own experiences over many years in the cyber security industry. Topics include the important skills the industry still needs and where the emphasis should be for upcoming professionals. We also discuss the definition of "Security Ground-Hog Day. Tune in!
Aaron Pritz of Aaron Pritz & Associates (www.aaronpritz.com) sits down and talks with us about cyber security in healthcare and common threads from the May 2018 Spring Summit of NH-ISAC. This conversation evolves into data breach management, incident response readiness. This discussion goes into managing risk as an ongoing activity to maintain appropriate balance with business and technology.
Barry sits down with us and discusses his long tenure in the industry as a CISO for government entity to a CISO for a healthcare entity. The conversation transforms into how similar security challenges are across all industries. For CISO's to be effective it is important to learn the business of business. We dive into the variables of presenting to different board audiences and opportunities to tune the message. This is a value packed session you won't want to miss!
Robert Wood, CSO at SourceClear (acquired recently by CA Veracode), speaks about becoming an empathetic security leader for the business. Exploring context for different perspectives across the business given a variety of responsibilities and stakeholders across an enterprise landscape.
Sitting down at Target Field in Minneapolis patiently waiting for the season to kick in full speed we caught up with Jason Meszaros of the Minnesota Twins Baseball Club. There is a lot of content packed into this episode including IoT, Big Data, Security Intelligence and enhancing business value through innovation. The examples set by Jason in this episode can be applied to many different businesses where we cover how security and technology innovation drives customer engagement and business success.
Sharon Smith from C-Suite Results speaks about her experience providing security leadership to companies and lessons learned through these interactions. The discussion evolves from presenting meaningful information for business leaders to negotiating a CISO's reporting structure prior to accepting the job offer. You won't want to miss this engaging episode! Learn more about C-Suite Results (http://www.c-suiteresults.com/about-us/)
We connect with Christophe Veltsos, Cyber Risk Strategist for Prudent Security on the current curriculum of cyber security in colleges and universities. How to groom up and coming CISO's and what a successful CISO in the future looks like. Together we delve into healthy skepticism for Boards and the C-Suite and why this is healthy level of skepticism is increasingly important with today's cyber risk landscape. Reach out to Chris Veltsos on Twitter @DrInfoSec.
We continue our dialogue around cyber security response and dive deep into crisis communications when dealing with a negative cyber event. Loren Dealy Mahler speaks with us about her experience managing multiple audiences with her work on Capitol Hill and how this translates into the private sector. We dig into the importance of planning and also tackle the crisis exercise and the intended benefits from them. You can reach Loren through her website (https://www.dealymahlerstrategies.com). Enjoy the show!
In EP#3 we speak with Charlie Langdon, CEO of Vault Data a cognitive software company. Charlie has tenure from companies such as GE, NEC, Active Voice and is an author and advisor. In this episode we hear a CEO's perspective on managing cyber risk and relate this to how Equifax executives could have handled the breach. We also explore how security leaders can interact and inform the CEO regularly of current security performance as well as developing a swat team to manage and respond to major incidents. We promise you will hear a perspective not commonly shared!
We begin the conversation with Wayne Sadin (who is an NACD Board Governance Fellow) about his role at Affinitas Life. Wayne offers both a technology leadership perspective as well as a Board of Director perspective on cyber risk and cybersecurity. Wayne introduced us to the concept of a QTE (Qualified Technology Expert). Wayne brings to us a much needed view point on board perceptions and understanding of the cyber risk landscape and offers up suggestions to enhance the experience for both the cybersecurity leader and board members mutually.
This is a short introduction describing the business of security podcast series with Chad Boeckmann and Ed Snodgrass. If you are wondering what this podcast is about listen to this!
In this inaugural episode of Business of Security, we caught up with Alex Wood at the Minneapolis SecureWorld Conference. Alex is the Chief Information Security Officer of Pulte Financial and co-founder of podcast Colorado=Security. Alex shares with us how he got into the industry, his thought process and approach to managing security within an organization along with how the industry could improve.