Business Security Weekly
SubscribeIdentity Resilience: The Next Frontier in Security – Hed Kovetz, Ray Zadjmool, Jeff Margolies – BSW #350
In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize.
Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-piece-in-identity-threat-detection-and-response
https://www.mightyid.com/download-am-i-covered
https://www.mightyid.com/articles/vegas-under-cyber-attack-what-went-wrong
This segment is sponsored by MightyID. Visit https://securityweekly.com/mightyid to learn more about them!
AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.
Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/
This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!
The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.
Segment Resources: https://www.silverfort.com/the-identity-underground-report/
This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Identity Resilience: The Next Frontier in Security – Ray Zadjmool – BSW #350
Leveraging AI & The Role Identity Plays – BSW #350
Say Easy, Do Hard – Train How You Fight, Part 1 – Malcolm Harkins – BSW #349
Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?
Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:
- Developing the training program
- Practice, practice, practice
- Imposing corrective actions
- Constantly evaluating/reviewing the success of the training program
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Say Easy, Do Hard – Train How You Fight, Part 1 – BSW #349
Say Easy, Do Hard – Train How You Fight, Part 2 – BSW #349
Meet Silver SAML: Golden SAML in the Cloud – Eric Woodruff – BSW #348
A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.
Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!
In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Meet Silver SAML: Golden SAML in the Cloud – Eric Woodruff – BSW #348
Board’s Pivotal Role in Cybersecurity as CISO-CEO Communication Gaps Continue – BSW #348
What does DoD’s CMMC Requirement Mean for American Businesses – Edward Tuorinsky, Mike Lyborg – BSW #347
Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover:
- The background of CMMC
- Standardization of CMMC
- CMMC v3 changes and implementation timelines
- Best practices to prepare
Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program
https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/
The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including:
- Quantification
- Materiality
- Evidence
- Disclosure
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
What does DoD’s CMMC Requirement Mean for American Businesses – Edward Tuorinsky – BSW #347
Unraveling the “Materiality” Mystery: A CISO’s Guide to SEC Compliance – Mike Lyborg – BSW #347
From Idea to Success: How to Operationalize a Startup from Zero to Exit – Seth Spergel – BSW #346
Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well.
In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like.
Segment Resources: https://merlin.vc/advice-for-young-startups-eyeing-federal-what-kind-of-tech-does-the-u-s-government-need/ https://merlin.vc/we-have-liftoff/ https://merlin.vc/portfolio/ https://merlin.vc/dig-security-talon-cyber-security-acquired-by-palo-alto-networks/ https://innovationisrael.org.il/en/digital-reports/
In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
From Idea to Success: How to Operationalize a Startup from Zero to Exit – Seth Spergel – BSW #346
Generative AI Legal Challenges as SEC Charges Disrupt Journey to CISO Role – BSW #346
Understanding the Cybersecurity Ecosystem – Ross Haleliuk – BSW #345
In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you hopefully get the point). In fact, buying too much can often create more problems than it solves, especially if you're struggling to fill your staffing needs.
In this 2-part episode, we'll discuss:
- The current state of vendor offerings in cybersecurity
- The difficulties of measuring value and efficacy in a product
- How to avoid building a security program that centers around managing products
- Shelfware
- Minimizing product overhead
- The pros and cons of buying from different types of companies
- Who to look to for product recommendations
- Is making a plan to "ditch before you hitch" a good or bad idea?
- What to do when you inherit a mess
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Understanding the Cybersecurity Ecosystem, Part 1 – Ross Haleliuk – BSW #345
Understanding the Cybersecurity Ecosystem, Part 2 – Ross Haleliuk – BSW #345
CISO Soul Searching: Navigating the Evolving Role of the CISO – Harold Rivas – BSW #344
Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the CISO Initiative and the Trellix CISO Council. In this interview, we do a little CISO soul-searching. Harold will bring insights from the initiative to cover some of the top challenges CISOs face in this ever-evolving role, including:
- Earning a seat at the table
- Talking the language of business
- Addressing the risks and opportunities of business evolution
- Reading the tea leaves of the future
and more! If you're a CISO or want to be a CISO, don't miss this episode.
Segment Resources: https://www.trellix.com/blogs/perspectives/introducing-trellixs-mind-of-the-ciso-initiative/ https://www.trellix.com/solutions/mind-of-the-ciso-report/ https://www.trellix.com/solutions/mind-of-the-ciso-behind-the-breach/
In the leadership and communications section, The Strategic Implications of Cybersecurity: A C-Level Perspective, Leadership Misconceptions That Hinder Your Success , "Mastering Communication: Lessons from Two Years of Learning", and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
CISO Soul Searching: Navigating the Evolving Role of the CISO – Harold Rivas – BSW #344
C-Level Perspective, Communication Failure, and Leadership Misconceptions – BSW #344
Apps Gone Wild: Re-thinking App and Identity Security for SaaS – Guy Guzner – BSW #343
With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”
This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!
In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
CSO Role vs. Changing CISO Role as 60% of Both Roles are Omitted from SEC Filings – BSW #343
Apps Gone Wild: Re-thinking App and Identity Security for SaaS – Guy Guzner – BSW #343
How The Evolving Threat Landscape Drives Innovation In Cybersecurity – Tom Parker, Dave Dewalt – BSW #342
Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about:
- The evolving threat landscape, including impacts of Artificial Intelligence
- The latest cybersecurity innovation, including what's working and what's NOT working
- The impact of budgets on buying decisions, including whether "best of breed" is dead in lieu of platforms
Tune in for this insightful discussion before you make your next strategic cybersecurity decisions.
Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
How The Evolving Threat Landscape Drives Innovation In Cybersecurity – Dave Dewalt – BSW #342
Emerging Trends CISOs Should Pay Attention To – Tom Parker – BSW #342
Protecting Executives: Why The Home Is The New Battle Ground – Chris Pierson – BSW #341
When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and family life will never be the same.
Chris Pierson, CEO at BlackCloak, joins Business Security Weekly to discuss the changes in the risk landscape for executives, including Generative AI, and its impacts on social engineering, personal attacks, and family threats. Executive protection must now include digital protection, both at work and at home.
This segment is sponsored by BlackCloak. Visit https://securityweekly.com/blackcloak to learn more about them!
In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!