Content

RiskSec: Angelo Longo, CISO at Resorts Casino Hotel

We've all heard how IoT technologies have and will continue to cause massive challenges to the execution and maintenance of security controls for organizations. How can security teams implement plans and policies to address the security vulnerabilities wrought by IoT-related technologies being leveraged in their organization’s building, products and more?

At RiskSec 2019, gain a more comprehensive view of your companies' risk postures when it comes to current and future IoT developments with speaker Angelo Longo, CISO at Resorts Casino Hotel. The following is a Q&A with Longo:

SC: Let’s talk ransomware. Hotels and casinos have been obvious – and profitable – targets for ransomware. Why does ransomware continue to be a persistent problem? What steps have you taken to thwart and/or mitigate ransomware attacks?

Angelo Longo: Ransomware is always a concern. Ransomware really comes down to user education.  User education comes down to the programs I put in place to get my colleagues to listen, be a little paranoid and NOT click on the link. Sure, anti-malicious software tools help, but the users are always the conduits of exploitation that which I am most worried. Backups of data are a good recovery methodology, but did you test the backups? Are they viable?  More gray hair.

SC: Casinos and hotels are known for their physical and cybersecurity efforts. How do the two intersect and how do the professionals in each discipline work together to effectively address the needs of each?

Angelo Longo: They are very distinct. Regulations call for separation of duties, and thus security is split into focused groups. We do interact and collaborate, but we each focus on our patch.

SC: What are your cybersecurity priorities in the coming year? What obstacles did you have to overcome to ensure you received the resources, budget and buy-in you needed to meet those priorities?

Angelo Longo: I am focusing on data correlation. I have many data points that I need to take into account, each having their own set of idiosyncrasies. Managed deception is also an interesting technology that I am investigating. Further, GRC/IRM is important for regulatory reasons.

SC: We hear a lot about how AI and machine learning will affect security – how either can help or hinder your cybersecurity efforts. Are there any other technologies or issues that are of concern to you going forward? 

Angelo Longo: I believe AI can be effective on both sides of the cybersecurity equation. Any tool that could be used for good can probably be used for evil. Given that, what effects could come from an AI?  AI gaming? AI pen testing? AI social engineering?  AI data correlation and analysis?  All of these could be great or catastrophic. Caution is needed now, and reliance might come later.  AI is both alluring and scary. 

Related

DevSecOps Scanning Challenges & Tips

There are many ways to do DevSecOps, and each organization — each security team, even — uses a different approach. Questions such as how many environments you have and the frequency of deployment of those environments are important in understanding how to integrate a security scanner into your DevSecOps machinery. The ultimate goal is speed […]

It Should Be ‘Cybersecurity Culture Month’

It’s Cybersecurity Awareness Month, but security awareness is about much more than just dedicating a month to a few activities. Security awareness is a journey, requiring motivation along the way. And culture. Especially culture.That’s the point Proofpoint Cybersecurity Evangelist Brian Reed drove home in a recent appearance on Business Security Weekly.“If your security awareness program […]

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.