Stop the Bleeding – BSW #218
Full Audio
View Show IndexSegments
1. Simplify & Accelerate Patch Management – Chris Hallenbeck – BSW #218
Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn't still in their network?
Segment Resources: https://site.tanium.com/rs/790-QFJ-925/images/TaniumSolutionPaperDistributedWorkforce_FINAL.pdf https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf
This segment is sponsored by Tanium.
Visit https://securityweekly.com/tanium to learn more about them!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Chris Hallenbeck is CISO for the Americas at Tanium. Chris provides security leadership and operational insight gained from over 20 years in both public and private sector. Chris came to Tanium after almost 7 years of government service at the U.S. Computer Emergency Readiness Team (US-CERT). At US-CERT he designed and built their incident response capabilities, and restructured the team’s focus toward strategic remediation with a goal of building more resilient organizations. Chris believes that breaking the incident response “Groundhog Day” cycle requires an emphasis on IT hygiene. Prior to joining US-CERT, Chris worked for RSA Security as a security engineer and with AOL/Time Warner on their global incident response team. He started his career as a Unix sys-admin at Binghamton University. When not chasing electrons he prefers to be 20-30 meters under the sea.
Hosts
2. CISOs Struggle to Cope, Cybersecurity Metrics, & Security by Design – BSW #218
This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and more!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Hosts
- 1. CISOs Struggle to Cope with Mounting Job StressThe CISOs aren’t OK. A new survey showed the pandemic has ratcheted up job pressure to “extreme stress” levels among chief information security officers (CISOs), and it’s left them grappling for coping mechanisms ranging from workouts to narcotics.
- 2. 8 things CISOs should be thinking about, but probably aren’tCISOs need to cover all the security bases. The problem is, some of the bases are easy to overlook. Here's a rundown of eight often-overlooked areas that CISOs should immediately address: 1. Ensuring that third-party partners maintain strong security 2. Investigating innovation opportunities 3. Understanding their enterprise's data footprint 4. Strengthening security team support and focus 5. Thinking ahead 6. Maintaining return on existing security investments 7. Finding ways to build enterprise management unity 8. Developing a truly effective method to sharpen threat awareness
- 3. Corporate Compliance Strategies to Protect DataCompanies that bring teams together and form an operational strategy are more likely to protect data than the best-intentioned silo approach.
- 4. Cybersecurity Metrics That MatterWendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings, including: 1. Best Practices that Improve Security Outcomes: 1) Proactive Technology Refresh and 2) Integrated Technology Stacks 2. Compliance in name only is not enough 3. Metrics that Matter are tied to Outcomes and Capabilities of each Organization
- 5. Security by Design: A New Model for Cloud, CyberAn integrated approach can help build business and technology resilience, which can act as a differentiator for companies focused on building consumer trust. This security-by-design approach can lead to several benefits, including: - Providing leading-edge, innovative security approaches such as intelligent threat detection - Reducing risk related to technology, insider threats, and supply chain - Supporting developers and engineers while enabling the business with development, security, and operations (DevSecOps) - Establishing a cyber-forward approach that reinforces and enhances business objectives, including security and trust - Identifying potential cyber incident and breach scenarios during cloud migration that help build stronger cyber and business resilience.
- 6. 4 ways to handle the cybersecurity skills shortage in 2021Four suggestions for CISOs, executives, and boards to address the negative effects of the cybersecurity skills shortage: 1. Incentivize employees 2. Invest in training 3. Recruit via professional networks 4. Get HR on board