Application security, Careers, Cloud security, Leadership, Compliance, Privacy

Shiny Thing – BSW #233

This week, we welcome Guillaume Ross, CISO at Finaptic, to discuss Building Security from Scratch: One Year as CISO at a Start-up! We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.

In the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

Segment Resources:

Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

View Show Index

Full Audio

Segments

1. Building Security from Scratch: One Year as CISO at a Start-up – Guillaume Ross – BSW #233

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.

Segment Resources:

Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

Announcements

  • InfoSec World 2021 is proud to announce its keynote lineup for this year’s event! Hear from Robert Herjavec plus heads of security at the NFL, TikTok, U.S. Department of Homeland Security, Stanford University, and more… Plus, Security Weekly listeners save 20% on Digital Pass registration! Visit https://securityweekly.com/isw2021 to register now!

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

Guillaume Ross
Guillaume Ross
CISO at Finaptic

Guillaume has worked in security for way too long by now – he’s been a defender, a consultant, managed blue teams and is now CISO at Finaptic, building security from scratch in an environment where it is critical

Hosts

Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
Ben Carr
Ben Carr
CISO at Cradlepoint
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies

2. CISO vs. CIO, CISO & the C-Suite, & How the CISO Works With the CPO – BSW #233

This week in the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

Announcements

  • In an overabundance of caution, we have decided to flip this year’s SW Unlocked to a virtual format. The safety of our listeners and hosts is our number one priority. We will miss seeing you all in person, but we hope you can still join us at Security Weekly Unlocked Virtual! The event will now take place on Thursday, Dec 16 from 9am-6pm ET. You can still register for free at https://securityweekly.com/unlocked.

  • Join us June 29th for a webcast with Tyler Robinson and Beau Bullock to learn how to pivot into the world of Crypto security. Visit https://securityweekly.com/webcasts to register with only your name and email! Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Hosts

Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
  1. 1. Who actually owns cyber security: CISO vs. CIO – CyberTalk - Both CISOs and CIOs commonly operate within the cyber security space. A recent survey indicates that 48% of security teams report to a CISO, while 25% report to the CIO. Although there was no measurable difference in terms of strategies deployed by CISOs vs. CIOs, defining who should take cyber security ownership is becoming increasingly important.
  2. 2. The CISO and the C-Suite: How to Achieve Better Working Relations - The CISO is a relatively new arrival to the C-Suite. It’s also one that is still finding its place among more established leadership positions. As organizations continue to use a remote or hybrid workforce, the CISO’s role at the executive’s table will be needed. But to empower them to defend against cyberattacks, the working relationship between the CISO and other members of the C-suite need to shift.
  3. 3. How Should the CSO Work With the Chief Privacy Officer? - The chief security officer needs to be in constant communication with the chief privacy officer about what's working or not working.
  4. 4. A Day in the Life of a Modern CISO - A Chief Information Security Officer (CISO) is the highest-ranking in the company’s information security organization. One of the primary objectives of a CISO is to build a security posture that is compliant with legal, regulatory, and contractual obligations of information security. CISOs are also capable of protecting the organization from emerging external and internal threats. A CISO achieves this objective through various organization-level controls and disciplines. 1. Establish a Security Strategy 2. Risk Assessment 3. Security Governance 4. Vulnerability Management 5. Verifications (Audits, Penetration tests, red team exercises) 6. Program Management 7. Leadership 8. People Management
  5. 5. How to Say “No” After Saying “Yes” - Whether you have overbooked yourself, realized you have a conflict, or otherwise can’t or don’t want to participate in a project, it’s essential to uncommit gracefully. Doing so will keep your reputation intact and your relationships strong. The author offers six tips to help you go about saying no after you’ve already said yes with tact and professionalism: 1) Consider the cost. 2) Shift your perspective. 3) Be diplomatic but truthful. 4) Preserve the relationship. 5) Offer an alternative. 6) Learn from it.
  6. 6. Cybersecurity Priorities in 2021: How Can CISOs Re-Analyze and Shift Focus? - In this article, we have put together the top cybersecurity priorities for 2021 and beyond that will enable businesses to be fully equipped for future disruptions, without compromising on security" 1. Strengthen the Cybersecurity Fundamentals 2. Cybersecurity Must Be a Boardroom Agenda 3. Leverage Intelligent Automation and Other Advanced Technology 4. Shift to A Zero Trust Architecture 5. Focus on Securing Your Cloud Infrastructure 6. Develop Robust Continuity Plans
  7. 7. Decode different types of business interruption insurance - Most business continuity and disaster recovery (BCDR) administrators are aware that business interruption insurance is available to cover some or all downtime-related costs, including lost income. However, many aren't sure what a policy includes or excludes, or how it can be acquired. 1. Add coverage to a property/casualty policy 2. Consider what the plan covers 3. Read the fine print
Ben Carr
Ben Carr
CISO at Cradlepoint
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
prestitial ad