Business continuity, Careers, Compliance, Leadership

BSW #275 – Brad Thies

In this segment, BARR Advisory founder and president Brad Thies will use real-world examples to discuss how cybersecurity scorecards and KPIs can help organizations measure and manage the effectiveness of their cybersecurity programs. Thies will also reveal which metrics he sees as most valuable in evaluating cybersecurity posture and discuss how to define accountability for security within an organization. This segment is sponsored by BARR Advisory. Visit https://securityweekly.com/barradvisory to learn more about them!

In the leadership and communications section, 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership, 4 key areas cybersecurity leaders should focus on, Cybersecurity spending strategies in uncertain economic times, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. How to Use Cybersecurity Scorecards and KPIs to Achieve your Security Goals – Brad Thies – BSW #275

In this segment, BARR Advisory founder and president Brad Thies will use real-world examples to discuss how cybersecurity scorecards and KPIs can help organizations measure and manage the effectiveness of their cybersecurity programs. Thies will also reveal which metrics he sees as most valuable in evaluating cybersecurity posture and discuss how to define accountability for security within an organization. This segment is sponsored by BARR Advisory. Visit https://securityweekly.com/barradvisory to learn more about them!

Sponsored By

BARR Advisory

Announcements

  • Security Weekly is proud to partner with Hack Red Con for their first annual in-person event! Hack Red Con is happening at the Hyatt Regency in Louisville, KY from September 7th-11th. As a part of our partnership, Security Weekly listeners receive a 10% discount on registration! Visit https://securityweekly.com/hackredcon to register now! We hope to see you there!

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Brad Thies
Brad Thies
Founder and President at BARR Advisory

As Founder and President of BARR Advisory, Brad Thies leads all aspects of the organization’s global client service delivery and security assessment services including SOC, ISO, PCI, NIST, and HIPAA examinations; FedRAMP reviews; and GRC consulting services. Under Brad’s leadership, BARR has become one of the most sought-after third-party assessors in the cloud computing space.

Brad is a recognized thought leader on security and compliance in the cloud computing space. He is a regular guest speaker at industry events, such as ISACA conferences, and is a member of the AICPA’s Trust Integrity Task Force. Brad’s professional advice has been featured in Entrepreneur, Cloud Computing Journal, and Information Security Buzz. Prior to founding BARR, Brad managed KPMG’s IT Advisory Services telecommunication industry practice in their gateway west region. He is a Certified Public Accountant (CPA) and Certified Information System Auditor (CISA).

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security

2. Improve Your Leadership, Rekindling Community, and Cybersecurity Spending Strategies – BSW #275

In the leadership and communications section, 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership, 4 key areas cybersecurity leaders should focus on, Cybersecurity spending strategies in uncertain economic times, and more!

Announcements

  • Security Weekly listeners save 20% on InfoSec World 2022 passes! InfoSec World will be held September 27th through the 29th at Disney's Coronado Springs Resort in Lake Buena Vista, Florida. Visit securityweekly.com/isw and use the code ISW22-SECWEEK20 to secure your spot now!

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership - Here they are. #1. “Whatever you are doing, do it like you mean it.” #2. “Write a letter and get that mustard!” #3. “Eat spaghetti with a fork.” #4. “Guuuuuuiiiiiiide!” #5. “Get out of your people’s way.” #6. “In 90 years I’ve only met two people that truly couldn’t wait to go to work every day.” #7. “Thank you for being nice to me 27 years ago.”
  2. 2. 4 key areas cybersecurity leaders should focus on - Here are four critical areas every chief information security officer (CISO) should invest in now to help set their team up for success: 1. Security Staff Training 2. Providing Visibility 3. Keeping up-to-Date With Security Technology 4. Prioritizing Remediation Effectively
  3. 3. Lloyd’s of London to exclude state-backed attacks from cyber insurance policies - Moving forward, all standalone cyberattack policies falling within risk codes “CY” and “CZ” must include a suitable clause excluding liability for losses arising from any state-backed cyberattack in accordance with the requirements set out below, Lloyd’s stated. At a minimum, the state-backed cyberattack exclusion must: - Exclude losses arising from a war (whether declared or not), where the policy does not have a separate war exclusion. - (Subject to 3) exclude losses arising from state-backed cyberattacks that (a) significantly impair the ability of a state to function or (b) that significantly impair the security capabilities of a state. - Be clear as to whether cover excludes computer systems that are located outside any state which is affected in the manner outlined in 2(a) and (b) above, by the state-backed cyberattack. - Set out a robust basis by which the parties agree on how any state-backed cyberattack will be attributed to one or more states. - Ensure all key terms are clearly defined.
  4. 4. Rekindling a Sense of Community at Work - During the pandemic, many of us became more isolated than before. Community, which the authors define as a group of individuals who share a mutual concern for one another’s welfare, has proven challenging to cultivate, especially for those working virtually. To learn more, they conducted a survey with the Conference of Women in which they asked nearly 1,500 participants about their sense of community at work before and since the pandemic and found it has declined 37%. When people had a sense of community at work, they found that they were 58% more likely to thrive at work, 55% more engaged, and 66% more likely to stay with their organization. They experienced significantly less stress and were far more likely to thrive outside of work, too. People can create community in many ways, and preferences may differ depending on their backgrounds and interests. The authors present several ways companies have successfully built a sense of community at work that leaders can consider emulating at their own organizations.
  5. 5. Cybersecurity spending strategies in uncertain economic times - When most companies developed their cyber program, there was a strong emphasis on tools that could help the security team manage its environment. During economic uncertainty, it is a good time to review those tools and apply a total cost of ownership model by considering the following questions: - What was the initial cost of the tool? - What was the cost to install or implement the tool in your environment? - What is the operating cost of the tool? - What are the maintenance costs of the tool? - Is the tool meeting expectations and mitigating the appropriate risk?
  6. 6. How 2023 cybersecurity budget allocations are shaping up - Security spending is not expected to slow much next year as organizations look to improve cloud defenses, rely more on MSSPs.
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Tyler Robinson
Tyler Robinson
Director of Offensive Security & Research at Trimarc and Founder & CEO of Dark Element at Trimarc Security
prestitial ad