Stop the Bleeding – BSW #223

Announcements

• Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!

• Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

Guest

Maurice Stebila

Former CISO at Harman by Samsung and Chairman and Founder of CxO InSyte at CxO InSyte

A Chief Information Security, Compliance and Privacy Officer with over 20 years of global technology leadership, Maurice Stebila has served as an advisor or CISO to some of the world’s biggest companies, including Harman International, Samsung, General Motors (GM), Hewlett Packard (HP) and Electronic Data Systems.

He is renowned as an industry authority and thought leader and has spoken at top cybersecurity and IoT conferences, including DHS – Connected Car, Evanta / Gartner, RSA, and Samsung Developers Conference. He is also the author of multiple award-winning cybersecurity awareness programs and infosec newsletters. Now, as the founder and leader of CxO InSyte, he’s using his knowledge and experience to bring together CISOs and other experts to share their insights through his platform, a cybersecurity information exchange and professional network event consortium for CISOs and CIOs.

Hosts

Matt Alderman

VP, Product at Living Security

Adrian Sanabria

Director of Product Marketing at Valence Security

@sawaba

https://valencesecurity.com

Jason Albuquerque

Chief Operating Officer at Envision Technologies

Announcements

• Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

• Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Our Call For Presentations Deadline has been extended through July 23rd at 11:59 pm ET! Visit securityweekly.com/unlocked to submit your presentation!

Hosts

Matt Alderman

VP, Product at Living Security

1. 1. 3 Things Every CISO Wishes You Understood
   Ensuring the CISO's voice is heard by the board will make security top of mind for the business, its employees, and their customers. But the role of the CISO is as diverse as it is dynamic, varying massively depending on the organization, and is a role that's constantly in flux. Here are three things that every CISO wishes you knew: 1. The CISO's Role Is Changing Before Our Eyes 2. CISOs Are Capable of Helping Other Areas of Business Function 3. Questions of Ethics and Technology Are More Important Than Ever
2. 2. Critical CISO Initiatives for the Second Half of 2021
   Here are the top goals for 2021, based on the lessons we have learned from 2020: 1. Security Operations Center (SOC) Automation 2. Remote Workforce Monitoring 3. Access Analytics and Risk-Based Access Controls 4. Detecting and Preventing Insider Threats 5. Cloud Transformation 6. Extended Detection and Response (XDR)
3. 3. The risk of disconnect between CIOs and CISOs
   Companies need their CIO and CISO working together to reach their strategic goals. Strain in the relationship is a recipe for breaches.
4. 4. What is the BISO role and is it necessary?
   Relatively new and somewhat controversial, the business information security officer, or BISO, acts as the CISO's tactical and operations-level ambassador to the business units. Here are some of the responsibilities of this role: 1. raise the cybersecurity program's profile within the organization; 2. increase delivery of cybersecurity services internally; 3. connect with business units, learn their needs and offer them technical and operational support; and 4. organize and execute cybersecurity service delivery.
5. 5. What Does It Take to Be a Cybersecurity Professional?
   With a red-hot job market and great career prospects, more and more people want to know what they have to do to get a cybersecurity job — or better yet a career.
6. 6. NIST defines “critical software” with a broad range of security functions
   The goal is to enable stronger security practices for government-purchased software mandated by President Biden's cybersecurity executive order. NIST has determined that "EO-critical software is defined as any software that has, or has direct software dependencies upon, one or more components with at least one of these attributes:" - Is designed to run with elevated privilege or manage privileges - Has direct or privileged access to networking or computing resources - Is designed to control access to data or operational technology - Performs a function critical to trust - Operates outside of normal trust boundaries with privileged access Later phases of the EO's implementation may also include other categories of software, including: - Software that controls access to data - Cloud-based and hybrid software - Software development tools such as code repository systems, development tools, testing software, integration software, packaging software, and deployment software - Software components in boot-level firmware - Software components in operational technology (OT)
7. 7. Cyber insurance costs up by a third
   The frequency and severity of ransomware attacks is a leading factor behind a substantial increase in the cost of obtaining cyber security insurance.

Adrian Sanabria

Director of Product Marketing at Valence Security

@sawaba

https://valencesecurity.com

1. 1. Secretary Mayorkas Announces Most Successful Cybersecurity Hiring Initiative in DHS History
2. 2. Start With Why

Jason Albuquerque

Chief Operating Officer at Envision Technologies