Cloud security, Email security, Incident response, Leadership, Threat intelligence, Careers, Compliance, Privacy

Culture of Innovation – BSW #212

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Accelerating Security with Security Automation – John McClure – BSW #212

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

John McClure
John McClure
CISO at Laureate Education, Inc.

John McClure is the Chief Information Security Officer for Laureate Education, Inc. He is a proud military veteran (Army Aviation.) He separated from the military to enter in the technology field. John has worked for more than 20-years in the critical infrastructure and information security arena, and supported the federal government and Intelligence Community for over 20 years before transitioning to the commercial sector.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly

2. Risk Management Approach, Automation, & the Problem With Cyber Insurance – BSW #212

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!

Announcements

  • Do you have a specific guest or topic that you want us to cover on one of the shows? Submit your suggestions for guests by visiting https://securityweekly.com/guests and completing the form! We review suggestions monthly and will reach out to you once reviewed!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Matt Alderman
Matt Alderman
VP, Product at Living Security
  1. 1. What is a CISO? Responsibilities and requirements for this vital role - CISO responsibilities break down into the following categories: 1. Security operations 2. Cyberrisk and cyber intelligence 3. Data loss and fraud prevention 4. Security architecture 5. Identity and access management 6. Program management 7. Investigations and forensics 8. Governance
  2. 2. Developing a Risk Management Approach to Cybersecurity – Security Boulevard - CISOs have an opportunity to reorient their cybersecurity programs away from a focus on compliance, toward a focus on risk. Here's how: Start With Objectives and Risks - Yes, compliance will always be one of those objectives, but consider some of the other objectives the organization has: 1. Financial 2. Growth 3. Personnel Tie Together Risk, Security, and IT Governance - The capabilities that are important for IT governance today are more along the lines of: 1. Data security and data mapping 2. Your ability to monitor network activity 3. Provisioning and de-provisioning user access 4. Security assessments for vendors This approach leads to Better Reporting to the Board.
  3. 3. How Automation Can Protect Against Data Breaches - Automating security allows vital data, such as the location of suspicious login attempts, to be tracked without the need for a costly and time-consuming campaign.
  4. 4. The Guide to Presenting Information Security’s Business Value – Security Boulevard - With the ever-changing landscape of cyber risk, how can security teams demonstrate the business value of security programs? How can CISO’s underline the importance of correct procedures that need to be followed company-wide? 1. Benefits of Cybersecurity Investments Must be Framed Around Enterprise Goals 2. Define and determine risk posture 3. Drive home the value proposition added and control the narrative
  5. 5. The Problem with Cyber Insurance: Outdated Incentives - Instead of solving your cybersecurity problems, cyber insurance companies capitalize on your amortized cost given the probability of a breach. It’s economically viable because data breaches have been relatively cheap. Here's the limitations of cyber insurance: 1. Cyber Insurance Won’t Save your Reputation 2. Cyber Insurance Won’t Save your Data 3. Cyber Insurance may not be a Sustainable Industry
  6. 6. Research: A Little Recognition Can Provide a Big Morale Boost - As organizations large and small face the twin challenges of increasingly strained budgets and burned out workforces, what can managers do to keep employees engaged — without breaking the bank? In this piece, the authors share new research on the power of symbolic awards such as thank you notes, public recognition, and certificates. They find that these simple interventions can significantly improve employee motivation, but clarify that to maximize their effect, it’s essential to customize these rewards to your unique context. Specifically, the authors draw on prior research to highlight five key considerations for managers looking to implement symbolic awards: the most impactful messenger, the best timing, whether to make it private or public, attention to detail, and the importance of starting small. While these interventions are no substitute for fair monetary compensation, especially when cash is limited, symbolic awards can go a long way to demonstrate your appreciation for your employees and keep spirits high.
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
Paul Asadoorian
Paul Asadoorian
Founder at Security Weekly
prestitial ad