#CISOlife

In this episode of #CISOLife, hosts Brian Haugli and Dmitriy Sokolovskiy, delve into the dynamics of the RSA Conference, exploring its evolving relevance and the broader implications for cybersecurity. They discuss the nature of cybersecurity events, the benefits of smaller, local conferences like Secure World, and the importance of vendor relationships and ROI in cybersecurity. The conversation also touches on recent news involving TikTok and Kaspersky, highlighting the cybersecurity and geopolitical concerns associated with these companies.Key Points Covered:RSA Conference Overview:Brian and Dimitri discuss the RSA Conference's shift from a must-attend cybersecurity event to one that may not offer the same value for everyone. They note that while the conference was previously a hub for significant industry insights, it now serves more as a networking event.Local vs. Global Conferences:The hosts compare the benefits of global conferences like RSA to regional events like Secure World in Boston, which offer more focused networking opportunities and potential for local partnerships.Cybersecurity Event ROI:Discussion on the return on investment for companies participating in cybersecurity conferences, emphasizing the strategic considerations for both established companies and startups.TikTok and Cybersecurity Risks:The episode addresses the security risks associated with TikTok, including data privacy concerns and the potential for foreign influence, reflecting on recent U.S. government actions to potentially restrict the app.Kaspersky's Scrutiny:They also cover concerns around Kaspersky, given its Russian roots and the potential risks this poses in terms of data privacy and national security.Call to Action:Encouragement for viewers to engage with the topics discussed by commenting on their experiences with cybersecurity events, and sharing their perspectives on TikTok and Kaspersky.Conclusion:The episode wraps up with a discussion on the importance of understanding the sources of one's information and the implications of misinformation online, stressing the need for vigilance in digital consumption.Engagement: Viewers are invited to subscribe for more insights from CISOLife, share their experiences, and follow the discussion on various social media platforms using the hashtag #CISOLife. Follow us - Website - https://sidechannel.com Podcast - https://anchor.fm/cisolife LinkedIn - https://www.linkedin.com/company/sidechannelsecurity/ Twitter / X - https://twitter.com/sidechannelsec --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

"#CISOlife" is a podcast that explores the challenges and strategies of cybersecurity leadership. In a compelling episode, host Brian Haugli welcomes Andrew Pendergast, Managing Director at NFP, to delve into the intricacies of Directors & Officers (D&O) Insurance. This episode provides a thorough breakdown of how D&O Insurance operates and its significance for Chief Information Security Officers (CISOs). Pendergast, with his extensive expertise in insurance and risk management, discusses the coverage aspects that are particularly relevant to CISOs, highlighting how this type of insurance can protect against personal liabilities that may arise from the decisions and actions taken in their professional capacities. This discussion is invaluable for CISOs and other executives who want to understand the protective measures available to safeguard their personal and professional interests. --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

What does good look like? ISSA Keynote by Brian Haugli, CEO, SideChannel Cybersecurity program goals are often centered around the comparison to sector peers, “best practices”, and “reasonable controls”. These terms and approaches leave much ambiguity in an industry that's seeking defined, focused expectations on outcomes. While most acknowledge the existence of frameworks like NIST CSF or CIS Controls, many programs are not actually built to them. We see them, yet we do not use them. This keynote will discuss the pragmatic approach to building frameworks backed and standards-based cybersecurity programs while not campaigning for purely compliance. It will cover the areas required to prioritize within an open framework, govern after it's implementation, and how to report its effectiveness to leadership in a way they will understand the risks addressed. Slides: https://sidechannel.com/wp-content/uploads/ISSA-Keynote-2023-Brian-Haugli.pdf --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

Welcome back to #CISOlife with your host, Brian Haugli! In this episode, we dive deep into the world of CISO searchability, placement, and the evolving landscape of cybersecurity leadership.

The world of finance and cybersecurity has entered a new chapter with the U.S. Securities and Exchange Commission's (SEC) recent final rule on cybersecurity disclosure. Effective September 5, 2023, this new regulation requires public companies to enhance transparency around cybersecurity risks and incidents. We will delve into the details of the final rule, discuss its impact on registrants, and explore how companies can turn this regulatory requirement into a strategic advantage. --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

Review of an engagement and initial work as the CISO or a vCISO. More at SideChannel Why do organizations start a cybersecurity program? 1. Customer demands 2. Board or C-suite requests 3. Regulation requires it 4. Right thing to do 5. Post post breach Assess against a cybersecurity standard, framework or regulation Build cybersecurity roadmap to address gaps --- Support this podcast: https://anchor.fm/cisolife/support

A #CISOlife overview of the public information of the recent American Airlines breach by Brian Haugli, CEO, SideChannel. Brian presents an explanation and walk through of how an O365 tenant can be hacked where legacy authentication methods are still available; specifically with IMAP. The info released so far shows a series of steps: American Airlines has a breach of O365 Still using legacy protocol IMAP Microsoft instructs to remove legacy protocols Attacker can pull down all emails Steps to stop this attack --- Support this podcast: https://anchor.fm/cisolife/support

vCISO provider SideChannel's approach to building a cybersecurity program for startups and mid-market companies. [2:15] The vCISO should be able to do the following (part of the #cisolife) [3:30] Develop, or mature currently existing, documentation for the following: [4:30] Information Security Strategy (3 to 18 months) - taking into account information from Risk Assessment and Gap Analysis [5:15] Enterprise Information Security Policy, including, but not limited to; -Acceptable Use Policy -Data Governance & Classification Policy -Asset Inventory & Device Management Policy -Incident Response Policy -Remote Access & Identity Management Policy -Mobile Security Policy -Vulnerability Management Policy -Third Party Risk Management Policy -Disaster Recovery Plan -Incident Response Plan [9:15] Risk Assessments - guided by the organization's overall risk management process or previous risk assessment activities. [9:45] Determine, Analyze, and Prioritize Gaps - compare the current profile and the target profile to determine gaps [10:00] Information Security Governance - using the NIST CSF v1.1 framework; provide oversight to ensure that risks are adequately mitigated, and then support management to ensure that controls are implemented to mitigate risks. [11:40] Managed Security Services - support the implementation of end-point detection and response (EDR) capabilities and mature to a 24/7/365 monitoring and response function via internal or external resources. [12:00] Incident Response - outline and develop incident response functions for the enterprise to respond to cyber events, incidents, and crises. [12:45] Vulnerability Management & Secure Configuration - structure function for the discovery and remediation of vulnerabilities discovered from lack of patching or unknown vulnerabilities in accordance with severity established in Vulnerability Management Policy. [13:35] Third Party Vendor Risk Management (TPRM) - provide resources to respond to third-party risk assessment questionnaires (incoming) and conduct third party risk assessments of vendors (outgoing); [13:50] Cybersecurity Training and Awareness - identifying and aligning security and training awareness topics to focus on where security intersects with the business mission and aligns content to ensure the goals and objectives of the program are met. Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com Podcast - https://anchor.fm/cisolife Spotify - http://spotify.sidechannel.com iTunes - http://itunes.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

Brian Haugli & David Chasteen discuss potential impacts on privacy post Roe v Wade being overturned by the Supreme Court. Both share ideas and concerns that could have negative impacts on privacy and personal data usage by companies using big data analytics. #cisolife #cybersecurity #privacy --- Support this podcast: https://anchor.fm/cisolife/support

Overview of Access Control & Zero Trust concepts, specifically with system to system & user to system access. Ideal outcomes for micro-segmentation using software defined networking (SDN) include: Reduced costs for management Reduced costs for licensing Reduced costs for hardware Increased security and control of accesses across end-points, users, and systems --- Support this podcast: https://anchor.fm/cisolife/support

Review of 4 articles - https://feedly.com/i/subscription/feed%2Fhttps%3A%2F%2Ffeedly.com%2Ff%2FqCoqRqeJcihgymBxwp6qby2x SecurityWeek Analysis: Over 230 Cybersecurity M&A Deals Announced in First Half of 2022 What to look for when taking out a cyber insurance policy Cyber insurers split on what's most important in a security posture assessment Virtual ciso services platforms --- Support this podcast: https://anchor.fm/cisolife/support

#Cybersecurity has an ability now within the new CISO paradigm to lead and help maintain trust with an organization's customers. Video from CISOlife™ about how cybersecurity is treated as an operational risk within the business. --- Support this podcast: https://anchor.fm/cisolife/support

Interview with Delisha Hodo, SANS Institute Historically Black Colleges and Universities (HBCU) Chair & Senior Student Advisor Nowhere is the workforce skills gap more pronounced than in cybersecurity, as the U.S. continues to endure a severe cybersecurity workforce shortage amidst an onslaught of sophisticated attacks. This is exasperated by the lack of diversity in the field—according to research conducted by the Aspen Institute, only 22 percent of the cybersecurity workforce are BIPOC. Covering Black History Month, we speak to a SANS representative, Delisha Hodo, to discuss: - Her own personal experiences of entering the cyber field and challenges they faced - SANS recently announced a new nationwide initiative to provide access to cybersecurity training and certifications to historically black colleges and universities (HBCU) students and alumni. #cisolife --- Support this podcast: https://anchor.fm/cisolife/support

Join us for a Fireside chat on CMMC, brought to you by the CMMC-CoE Honest Broker of Cyber Capabilities that leverages standards, design expertise, and lessons learned from leading industry groups, standards bodies, public sector leaders and cyber communities of practice to improve and enhance the overall security and resilience of the supply chain for the defense industrial base and the U.S. Department of Defense. John Weiler - Chairman, CMMC Center of Excellence (CMMC-COE.org) Leslie Weinstein - CMMC Consulting LLC & Creator of dodcui.com Mike Waters - Principal Consultant, SideChannel Brian Haugli - Managing Partner, SideChannel & Host of #CISOlife The CMMC Center of Excellence ( cmmc-coe.org ) is an IT-AAC sponsored and hosted public – private partnership that will be the focal point for coordination, communication, and collaboration in support of entities seeking to achieve the Cybersecurity Maturity Model Certification requirements, to improve and enhance the cybersecurity and overall security of the supply chain for the defense industrial base and the United States Department of Defense. The CMMC COE is forging a variety of partnerships, alliances, and affiliations committed to the mission of meeting the requirements of the Cybersecurity Maturity Model Certification. These engagements include industry groups and organizations; standards bodies; NGO's; academic institutions and leaders; government entities; FFRDC's; and more. The COE also serves in an industrial advisory capacity for the Congress and the Executive Branch. Through the various strategic engagements, the CMMC COE supports the entities seeking to achieve the appropriate level of certification mandated by the CMMC, so they remain eligible to participate in DoD acquisitions as a prime contractor; subcontractor; supplier; or vendors of information and communications technology products and services. --- Support this podcast: https://anchor.fm/cisolife/support

Industry-leading coaching techniques and assessments supported by expertise in Human Resources, Talent Management and Organizational Development We talk with Christine Bilotti Peterson about applying best practices to being an executive. She's offering a free consult to discuss your goals! Schedule on her website here: https://whatsyourlongview.com/ "I founded Longview Consulting because I've been working on ways to make a significant impact on people and in organizations for almost 30 years. It's my passion, my purpose and I've never been more excited about it. I love helping companies and executives level up, exceed their goals and lead authentically" — Christine Bilotti-Peterson #cisolife --- Support this podcast: https://anchor.fm/cisolife/support

A very light CISOlife with return guests Dom Vogel and Dutch Schwartz. What happens when we get together and openly discuss the cyber industry? Tune in to find out. --- Support this podcast: https://anchor.fm/cisolife/support

Join Dutch Schwartz and Brian Haugli as they discuss pre COVID cyber risks, being the business enabler and risk management. They also cover what the new water cooler talk and best way to kick back on a Friday is. --- Support this podcast: https://anchor.fm/cisolife/support

Dominic Vogel sits down with me to talk the Canadian SMB markets, how companies are still reactive vs proactive in addressing their #cybersecurity posture, and his views on company mindsets. #CISOlife --- Support this podcast: https://anchor.fm/cisolife/support

#CISOlife - Off the top of the head thoughts and back from #vacation. Here I overview why vacation's are much needed to avoid burnout and how most organizations are causing issues with their 3rd party vendor #cybersecurity risk assessment questions. Help the supply chain and help yourself on this episode of CISOlife YouTube and Podcast from SideChannel Security. --- Support this podcast: https://anchor.fm/cisolife/support

Welcome back to CISOlife. I sit down with Yaron Levi, CISO at Blue Cross Blue Shield Kansas City (not just Kansas! Thank Yaron) We talk about his view on small businesses working with larger enterprises, the effects of 3rd party vendor risk management and how the cyber community can work with law makers on better policy. Enjoy! #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com Podcast - https://anchor.fm/cisolife Spotify - http://spotify.sidechannel.com iTunes - http://itunes.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

Interview with Jennifer Pilat, VP Strategy at MxD. MxD is the Department of Defense's National Center for CyberSecurity in Manufacturing (NCCM). MxD (Manufacturing x Digital) is where innovative manufacturers go to forge their futures. In partnership with the Department of Defense, MxD equips U.S. factories with the digital tools and expertise they need to begin building every part better than the last. As a result, our approximately 300 partners increase their productivity and win more business. --- Support this podcast: https://anchor.fm/cisolife/support

Recorded from the 5/27/2020 LinkedIn Live stream. Allan Alford and I sit down to discuss examples from our past of where NIST CSF controls were missed or not implemented. Listen as we trade war stories on failures and successes. --- Support this podcast: https://anchor.fm/cisolife/support

#CISOlife Full Discussion Video - Leslie Weinstein of CMMC Consulting LLC and the US Army joins me to talk #CMMC, #cybersecurity efforts, DoD standards, Cybersecurity Maturity Model Certification Accreditation Body (CMMC AB) opportunities, Defense Contract Management Agency (DCMA) reviews and much more! --- Support this podcast: https://anchor.fm/cisolife/support

#CISOlife - Full discussion with Karl Sharman at BeecherMadden on job hunting and recruiting! --- Support this podcast: https://anchor.fm/cisolife/support

Chris Tillett interview - Surviving COVID Support from cyber & healthcare communities --- Support this podcast: https://anchor.fm/cisolife/support

Ron Ford of U.S. Department of Homeland Security & Cybersecurity and Infrastructure Security Agency sat down with me on #CISOlife to discuss all things CISA, #cybersecurity tools, work during pandemic, and risk management. #cmmc --- Support this podcast: https://anchor.fm/cisolife/support

Special guest Dr Magda Chelley joins me to discuss US and Singapore cyber alignment on implementations and adoptions. How risk management plays into the supply chain and the role of the CISO. Dr Magda Chelley CEO Responsible Cyber https://www.responsible-cyber.com/ https://www.linkedin.com/in/m49d4ch3lly/ --- Support this podcast: https://anchor.fm/cisolife/support

Why do we require a college degree for all cybersecurity jobs? Why not remove the requirement and see what the candidate pool looks like then. #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

How will CISOs and CIOs respond when there's a decision to force full remote work at the company? When will the Board start asking about how well protected the company is with a more remote workforce? #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

#CISOlife - Top tips for the aspiring cybersecurity professional coming out of college with Taylor Lehmann & SideChannel Security 1) Local meetups 2) Internships 3) Mentor What do the veterans in the space have to say? What tips can you share for the early in career or soon to graduate cybersecurity professionals? --- Support this podcast: https://anchor.fm/cisolife/support

I sit down with Taylor Lehmann, CISO athenahealth and partner at SideChannel, to discuss cybersecurity evolution, progress, FInOps, cloud security, IoT, OT, medical device security, and design thinking. Follow Taylor on Twitter @BostonCyberGuy and LinkedIn at https://www.linkedin.com/in/tpain/ --- Support this podcast: https://anchor.fm/cisolife/support

#CISOlife - what makes a good Security Operations Center? Who has seen great communication between the SOC and the rest of the org? What was it that made it so good? --- Support this podcast: https://anchor.fm/cisolife/support

--- Support this podcast: https://anchor.fm/cisolife/support