The Art of Negotiation – BSW #244
Full Audio
View Show IndexSegments
1. Security Maturity: From Hostage Negotiator to Business Leader – Sandy Dunn – BSW #244
Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions.
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
We had an absolute blast putting together this year's SW Unlocked virtual event! All presentations are now available on-demand for your viewing pleasure. Please visit https://securityweekly.com/unlocked to register and watch now!
Guest
Sandy Dunn is a regular speaker on AI Security, Cyber Risk Quantification, and Cybersecurity as well as providing cybersecurity consulting services through QuarkIQ LLC, a CISO advisor to numerous startups ,and an Adjunct Professor for BSU’s Cybersecurity Program. She is a core team member of OWASP Top 10for LLM and OWASP AI Privacy & Security. She has over 20 years of Cybersecurity knowledge from an array of cybersecurity roles including CISO (healthcare and startup), IT Security Architect, Security Engineer, Information Security Officer, Senior Security Strategist, and Competitive Intelligence.
Hosts
2. Office of the CISO, The Fearless CISO, and America’s Cyber Reckoning – BSW #244
In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Security Weekly listeners, save $100 on your RSA Conference 2022 Full Conference Pass! RSA Conference will be live in San Francisco June 6th-9th, 2022. Security Weekly will be there in full force, delivering real-time, live coverage and interviewing some of the event’s top speakers and sponsors. To register using our discount code, please visit https://securityweekly.com/rsac2022 and use the code 52UCYBER. We hope to see you there!
Hosts
- 1. C-suite’s biggest ransomware fear: Post-attack regulatory sanctionsC-suite executives and business leaders are most concerned about being exposed to regulatory sanctions, such as fines, over and above the loss of data or intellectual property (IP) and other consequences, in the wake of a ransomware attack, according to new data from cyber pro association (ISC)².
- 2. The Office of the CISO: A Framework for the CISOThe Office of the CISO framework integrates the (increasingly expected) elements of ‘executive’ in the context of the CISO function. CISOs are more impactful, and their programs are more effective; when they are delivering at a higher caliber of ‘executive.’ The 3 Pillars of the Office of the CISO: 1. Strategy, Governance & Oversight 2. Talking & Partnering 3. Operations
- 3. The Fearless CISO: 4 Ways to Secure EverythingWhat happens when security leaders have a comprehensive security approach based on Zero Trust principles? They can be fearless, armed with the ability to secure everything without any limits. Let’s take a look at four ways that we have seen organizations manage a comprehensive security approach: 1. Commit to a Zero Trust Strategy 2. Manage Compliance, Risk, and Privacy 3. Use a Combination of XDR + SIEM Tools 4. Using MFA Whenever and Wherever Possible
- 4. America’s Cyber-ReckoningTo do better, the United States must focus on the most pernicious threats of all: cyberattacks aimed at weakening societal trust, the underpinnings of democracy, and the functioning of a globalized economy. The Biden administration seems to recognize the need for a new approach. But to make significant progress, it will need to reform the country’s cyber strategy, starting with its most fundamental aspect: the way Washington understands the problem.
- 5. Security priorities for 2022: Advancement, not revolutionSecurity leaders say their priorities reflect security needs due to recent shifts in their organization’s IT and business environments, a changing threat landscape, and emerging risks. - Cloud data protection technologies top the priority list, with 87% of CISOs either studying, piloting, using or upgrading their use of them. In a related finding, 88% of CISOs are prioritizing cloud-based cybersecurity services. - Data access governance technologies also tops the CISO priorities list, as does zero trust, with 84% indicating that zero trust is a priority for them. - Behavior monitoring and analysis is another big priority, with 82% saying they’re studying, piloting, using, or upgrading their use of them. - CISOs also indicated high interest or use of security orchestration, automation and response (SOAR) technologies, with 77% of CISOs either studying, piloting, using or upgrading their use.
- 6. How to Include Cybersecurity Training in Employee OnboardingApproach cybersecurity training in a structured way. Think of it as a cybersecurity checklist for new employees: - Set Employee Cybersecurity Expectations - Cybersecurity Awareness Training for New Employees - Easy Security Threat Reporting - Cybersecurity Training Advocates - Manage User Privilege Access - Protecting Passwords and Other Login Credentials - Require Lock Screen Passcodes for Unattended Devices - Require a VPN for Remote Work - Cybersecurity Training Should Include Managing Allowed Apps - Set BYOD Guidelines - Include Company Device Use Policies in Employee Onboarding - Device Monitoring - Ongoing Cybersecurity Training
