Security and Compliance Weekly Subscribe

All Stressed Out – SCW #12

January 7, 2020

This week on Security and Compliance Weekly, we welcome Ian Amit, CSO at Cimpress, to discuss utilizing quantitative (vs qualitative) metrics in a security program, maturing it from a technical novelty to something a business can align with and see value from, and understanding where security fits into risk management!

Visit https://www.securityweekly.com/scw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Quantifiable Risk Metrics – Bringing Value to Your Security Program Part 1 – Ian Amit – SCW #12

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management.

Guest

Ian Amit

Ian Amit

CSO at Cimpress

Ian Amit, has over 20 years of experience in hands-on and strategic roles, working across diverse security fields: business, industry, marketing, technical and research. Ian is the Chief Security Officer at Cimpress, the world leader in mass customization. Previously, Ian held senior leadership roles at Amazon, ZeroFOX and IOActive. His career also includes time at Security-Art, Aladdin, Finjan, and Datavantage, as well as speaking at conferences such as BlackHat, DefCon, various BSides, and RSA. He founded the Tel-Aviv DefCon chapter (DC9723) and also was a founding member of the Penetration Testing Execution Standard (PTES). Ian studied Computer Science and Business Administration at the Herzliya Interdisciplinary Center.

Hosts

Jeff Man

Jeff Man

Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems

https://www.obsglobal.com/

Josh Marpet

Josh Marpet

Executive Director at RM-ISAO

Matt Alderman

Matt Alderman

VP, Product at Living Security

Scott Lyons

Scott Lyons

CEO at Red Lion

https://redlion.io

2. Quantifiable Risk Metrics – Bringing Value to Your Security Program Part 2 – Ian Amit – SCW #12

Utilizing quantitative (vs qualitative) metrics in a security program is the first step in maturing it from a technical novelty to something a business can align with and see value from. Understanding where security fits into risk management.

Guest

Ian Amit

Ian Amit

CSO at Cimpress

Ian Amit, has over 20 years of experience in hands-on and strategic roles, working across diverse security fields: business, industry, marketing, technical and research. Ian is the Chief Security Officer at Cimpress, the world leader in mass customization. Previously, Ian held senior leadership roles at Amazon, ZeroFOX and IOActive. His career also includes time at Security-Art, Aladdin, Finjan, and Datavantage, as well as speaking at conferences such as BlackHat, DefCon, various BSides, and RSA. He founded the Tel-Aviv DefCon chapter (DC9723) and also was a founding member of the Penetration Testing Execution Standard (PTES). Ian studied Computer Science and Business Administration at the Herzliya Interdisciplinary Center.

Hosts

Jeff Man

Jeff Man

Sr. InfoSec Consultant – Online Business Systems at Online Business Sytems

https://www.obsglobal.com/

Josh Marpet

Josh Marpet

Executive Director at RM-ISAO

Matt Alderman

Matt Alderman

VP, Product at Living Security

Scott Lyons

Scott Lyons

CEO at Red Lion

https://redlion.io

Related

Managed services

Removing the B.S. from Third-Party Risk Assessments – Merike Kaeo – CFH #21

May 16, 2023

Risk assessment questionnaires are a standard practice when evaluating current or prospective third-party partners. And yet some folks may justifiably ask: How valuable are these questionnaires if there are no consequences for fudging your answers, or even outright lying? This session will examine common weaknesses and oversights in the third-party...

From Nothing to Something: Overcoming Hurdles – Larry Whiteside Jr – CSP #118

April 18, 2023

Everyone has a struggle or hurdle they will face. Your outcome is largely determined by your approach. Does this mean you will get OVER every hurdle? No. But sometimes, you can go around it or under it and still reach your final destination.

Managed services

The Rise of RegOps: The Need for Compliance Automation – Travis Howerton – ESW #313

April 13, 2023

Compliance with cyber security frameworks such as NIST, PCI, HIPAA, etc. have largely been driven by paper-based processes in Word and Excel. With the rise of cloud computing, containers, and ephemeral systems, paper-based processes can no longer keep up with the speed of business and compliance has become the new bottleneck to progress for highly...