Controls & Conditions – BSW #229
This week, Ben Carr, CISO at Qualys, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs. In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!
Visit https://securityweekly.com/qualys to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Follow us on Twitter: https://www.twitter.com/securityweekly
Like us on Facebook: https://www.facebook.com/secweekly
1. What Type of CISO Are You & Does It Align to Your Company’s Needs? – Ben Carr – BSW #229
Ben Carr, Qualys CISO, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs.
This segment is sponsored by Qualys.
Visit https://securityweekly.com/ to learn more about them! This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!
CyberRisk Alliance, in partnership with InfraGard, has launched the Critical Infrastructure Resilience Benchmark study. Measure your readiness for ransomware by completing the survey and getting your score. Visit https://securityweekly.com/CIRB to take the survey
In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.
Ben Carr is the Chief Information Security Officer at Qualys. He is an information security and risk executive with more than 25 years of experience in developing and executing long-term security strategies. Ben has demonstrated global leadership and experience, through executive leadership roles of advanced technology, high risk, and rapid-growth initiatives, at companies such as Aristocrat, Tenable, Visa and Nokia. While at Aristocrat, Ben built a world-class global cybersecurity program from the ground up as part of a digital transformation. As a senior cybersecurity executive at Visa, Ben was responsible for developing and leading Visa’s Global Attack Surface Management Team and capability. Prior to Visa, he led all security programs for Nokia corporate IT as the Global Head of IT Security. Ben holds a certificate in Risk & Information Systems Control (CRISC), is a Certified Data Privacy Solutions Engineer (CDPSE).
2. 10 Years Later… 15 Priorities, 8 Weeks, & 7 Steps – BSW #229
This Week, In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!
InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
- 1. 10 years later, software really did eat the worldTen years after the publication of the oft-quoted Marc Andreessen op-ed "Why software is eating the world," lines of code are still revamping industry dynamics and generating fresh revenue streams. Disruption has even accelerated given wider cloud adoption and the influence of AI.
- 2. Cyber security and crossword puzzles, problem solving for professionalsIn the intense and fast-moving world of cyber security, problem solving capabilities are key. New trends and new organizational conundrums crop up on a daily basis, meaning that businesses need to be able to innovate on the fly and launch new cyber security campaigns quickly. As the CISO of Delta Airlines says, “To excel in this field, you have to be a good problem solver, not necessarily a strong programmer.”
- 3. Let Your Top Performers Move Around the CompanyAs a manager, it’s human nature to want to hang on to the superstars in your group, department, or division. But ultimately, that’s detrimental to the organization and to the individuals involved. Multiple studies on talent mobility show that actively moving employees into different roles is one of the most underutilized, yet most effective, development and cultural enhancement techniques in companies today. In fact, research has shown that high-performance organizations are twice as likely to emphasize talent mobility versus low-performance companies. Building a culture of mobility is a trait of very healthy organizations, and the benefits are clear. Cross-functional collaboration increases, departmental cooperation is enhanced, innovation improves, and companies begin working more as one cohesive team instead of separate fiefdoms.
- 4. CISOs’ 15 top strategic priorities for 2021According to CISOs, analysts and security leaders, the typical CISO priority list today has many or most of these 15 items: 1. A focus on fundamentals 2. Identifying, mitigating third-party risk 3. Assuring security within enterprise code 4. Defending against ransomware attacks 5. Getting board-level support 6. Support for transformation and strategic goals 7. Increasing agility 8. Upskilling teams 9. Addressing IoT security 10. Security by design 11. More automation 12. Strengthening remote work security 13. Securing the cloud 14. Keeping up with emerging, evolving privacy laws 15. Building continuity plans to account for global events
- 5. CISA Release Guidelines to Prevent Ransomware AttacksThe Cybersecurity and Infrastructure Security Agency (CISA) recently released a security fact sheet to safeguard critical corporate data from various exfiltration attempts. The fact sheet helps individuals and organizations understand the severity of the ransomware threat landscape and how to defend against it. CISA highly recommended businesses to adopt the guidelines, which include: - Maintaining offline, encrypted backups of data and regularly testing backups - Creating, maintaining, and exercising a basic cyber incident response plan, resiliency plan, and associated communications plan - Mitigating internet-facing vulnerabilities and misconfigurations to reduce the risk of hackers exploiting this attack surface - Employing best practices for the use of Remote Desktop Protocol (RDP) and other remote desktop services - Conducting regular vulnerability scanning to identify and address vulnerabilities, especially those on internet-facing devices - Updating software, including operating systems, applications, and firmware, regularly - Disabling or blocking inbound and outbound Server Message Block (SMB) Protocol and remove or disable outdated versions of SMB - Reducing the risk of phishing emails from reaching end users by enabling strong spam filters and implementing a cybersecurity user awareness and training program
- 6. 7 steps to protect against ransomware-related lawsuitsHow a CISO prepares for and responds to a ransomware attack can have huge consequences should customers or partners decide to sue. Here are seven actions CISOs can take to protect their enterprise against ransomware-related legal actions. 1. Assess the risk 2. Adopt ransomware prevention best practices 3. Build a recovery plan 4. Practice good security hygiene 5. Encourage top-down management support 6. Support transparency 7. Consider insurance coverage
- 7. How to Build Rock-Solid Self-Esteem in 8 Weeks (or less!)Building self-esteem takes time, so don’t be hard on yourself about getting it all done fast. Let’s take it week by week. Follow this framework, and you’ll be on your way to a lifetime of high self-esteem: Week 1: Do a Social Media Cleanse Week 2: Cut Out Toxic Friends Week 3: Clean Your Environment Week 4: Create Micro Wins Week 5: Develop Your Mission Statement Week 6: Do Something Uncomfortable Week 7: Build Your Social System Week 8: Quit Negative Self-Talk Read more at: https://www.scienceofpeople.com/self-esteem/