CISO Stressed

On this episode of CISO STRESSED, Liz Wharton SCYTHE Chief of Staff is joined by special guest Aldan Berrie. Berrie is the Founder and Director of Technology Solutions and an experienced CISO. Wharton and Berrie discuss the need for smaller companies to achieve a secure network on a budget and how to provide them with the best possible protection. Berrie expresses the need for vendors to be objectively evaluated and the disconnect between business leaders and their perception of security.

New CISO Stressed episodes are released every other Tuesday, grab a cup of coffee (or your favorite dessert) and listen in on YouTube, Anchor, or wherever you stream podcasts. Follow SCYTHE's CISO Stressed on social media and subscribe to our YouTube channel. Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line. About Robert: Robert is a 26-year veteran in computer security, known to many in the industry by handle ‘RSnake'. Robert started his career at eBay, where he was responsible for authentication as well as most anti-fraud systems and anti-phishing technologies. His work at eBay was later built into every modern web browser and is now protecting every Internet user as a result. His ha.ckers.org and consultancy, SecTheory, was at one point responsible for a third of all the top-ranked web vulnerabilities. Most recently, Robert's corporate intelligence platform, OutsideIntel, was acquired by Bit Discovery after which he became the CTO. Robert is also a floating CISO for multiple companies and sits on advisory boards of multiple technology and security companies such as Arkose Labs.

On this episode of CISO STRESSED, Elizabeth Wharton is joined by Matthew Dunlop. Matt is an Army Veteran, and VP CISO at Under Armour responsible for global security across all corporate, retail and eCommerce functions, as well as its connected fitness application MapMyFitness. Liz and Matt discuss the challenges facing CISO's, prioritizing ransomware defense, and how to condition company employees to truly care about security.

On this episode of CISO STRESSED, SCYTHE Chief of Staff Elizabeth Wharton is joined by Ed Rojas, Director of Tactical Edge. Tactical Edge is an organization focused on creating large-scale events within Latin America for Cybersecurity and AI. Tactical Edge has grown from 200 attendees in Colombia, to 2,000 people during 2020 from all over the world. Wharton and Rojas discuss the lessons learned from ransomware attacks like the Colonial Pipeline, and the need for large-scale events that promote information sharing and preparedness for future attacks such as these. Rojas shares his network-building experience, the blessing of making friends with some of the best in the industry, and the importance of learning from each other no matter where we are in the world.

On this episode of CISO STRESSED, Elizabeth Wharton SCYTHE Chief of Staff is joined by Nick Andersen, CISO for Public Sector at Lumen Technologies and Nonresident Senior Fellow with the Cyber Statecraft Initiative at the Atlantic Council. Wharton and Andersen discuss the unpacking of Biden's latest Executive Order with the Atlantic Council, and the importance of collaboration and sharing within the CISO role. Show Notes: Andersen shares his experience unpacking the most recent thirty-page executive order from the Biden Administration. Andersen unpacked the executive order with the Atlantic Council people encapsulating the S Bomb initiatives that NTIA has been working on for a couple of years, to EDR Requirements, instant response playbooks, and cloud requirements there is a lot to unpack. (4:28 – 7:17) Andersen shares that any time he has reached out to anyone as a CISO with questions or interest in something he read, he has never been turned away for help and he enjoys the collaborative nature of the community. (5:31 – 6:58) Talking about the community of collaboration on the private sector side continuing as well as it did on the government side) (12:52 – 14:17) Lumen sees a tremendous amount of traffic: ingesting about 190 billion net flow sessions and 771 million DNS queries per day. This creates a great opportunity for Lumen to pair up with other organizations and discuss what we are seeing, what is normal/abnormal, what we see in an adjacent sector, and within our customer segments. There are many opportunities for collaboration and taking advantage of the insights from a company like Lumen that sees so much traffic. Collaboration helps each party deepen their understanding of what is happening within a threat environment. From the CISO perspective A huge difficulty is it to remind people of all the competing and compliance issues. There is a tremendous amount of intertwined nature between federal and state entities and opportunity there as well. States stand up and say they are going to model some of our compliance and procedures and policies based off the way the federal government has taken their approach. It is difficult to ask these tiny little county and city governments to meet these requirements when, in some cases, they are made up of just two people responsible for all that. It's important for them to be able to leverage the knowledge base at the federal level, and then piggyback. Subscribe to SCYTHE's YouTube Channel and watch the latest CISO Stressed episode as well as Threat Thursday and other video releases. Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line.

On this episode of CISO STRESSED, SCYTHE Chief of Staff Elizabeth Wharton interviews Dr. Pablo Breuer. Breuer is currently a non-resident senior fellow at the Atlantic Council's GeoTech Center and the CISO of Security BSides Las Vegas. They discuss what to change in a team's response plan after a ransomware attack, ransomware and malware attacks going undetected for months at a time, and his response to stress and building better plans. KEY TAKEAWAYS The military is more likely to plan out a few years in advance, and commercial companies normally only plan as far as one fiscal year ahead of time. There is something to be learned from both the private and the public sector. Get back to basics. Solarwinds could have been prevented from ever reaching a supply chain attack if people didn't' gloss over the basics: Interns shouldn't be allowed to do things that are public facing without a mentors supervision Attacks are going to happen: It's the nature of the beast, and there's too much incentive. Companies need to evaluate what risk they are currently accepting, if that risk is acceptable, and if not how do they get down to residual risk that is. Depending on who's map you follow, at the end of 2020 we had between fifteen or twenty times the number of devices on the internet than we had people on the planet. A CISO is essentially a risk advisor, advising company risk. They don't get to decide what's acceptable, the company decides what risk is acceptable.

Healthcare is chock full of adventure - rising number patients, increase in malware attacks, and a shift towards remote work. On this episode of CISO STRESSED Liz sits down with Mitch Parker, Exec. Dir./CISO at Indiana University Health and talks about leveraging and maximizing resources and building trust to solve security challenges facing healthcare systems. Mitch shares his insights on adapting to COVID, third party risk models, IOT in healthcare, and how his team is working on chasing down multiple items to make sure that they are protected against even the most basic attacks. Links and Stories Discussed During Episode 3 Connect with Mitch: Twitter |

Building security in the customer experience, not “compliance helmets” - Shawn Bowen, CISO with Restaurant Brands International, joins CISO Stressed Host Liz Wharton to discuss the value of experience-based learning, digital empathy, and the customer experience. New CISO Stressed episodes are available every other Tuesday. Subscribe to SCYTHE’s YouTube Channel and watch the latest CISO Stressed episode as well as Threat Thursday and other video releases. Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line. https://www.scythe.io/library/episode-2-shawn-m-bowen

Conversations stimulate ideas, solutions, and help us feel connected. In our inaugural episode of CISO Stressed guests Wendy Nather and Tyrone Wilson join Liz to discuss how to adjust to shifting work environments while still providing team members with hands-on training experiences, keeping motivated, and favorite ways to cap off the day. New CISO Stressed episodes are released every other Tuesday, grab a cup of coffee (or your favorite dessert) and listen in on YouTube, Anchor, or wherever you stream podcasts. Follow SCYTHE’s CISO Stressed on social media and subscribe to our YouTube channel. Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line. https://www.scythe.io/library/episode-1

It’s dangerous to go alone! Evolving threat landscapes and shifting resources. CISOs need all the swords and unicorns available and at the ready - leveraging their team, time, and budget to focus on the adventure at hand. CISO Stressed - SCYTHE’s latest release focuses on the quests that CISOs face. Join Liz Wharton (Chief of Staff at SCYTHE) for conversations on what is top of mind with CISOs - what causes stress and what they’re stressing within their organization. New episodes released every other week. Come join and listen in.