Application security, Careers, DevOps, Incident response, Leadership

3 Ways + 4 Measures + 5 Approaches + 5 Myths = 17 Questions – BSW #219

In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more!

Full episode and show notes


  • Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit to submit your presentation & register for the early registration price before it expires!

  • Don't forget to check out our library of on-demand webcasts & technical trainings at


Matt Alderman
Matt Alderman
Executive Director at CyberRisk Alliance
  1. 1. 4 Immediate Measures to Execute After a Cyberattack - Organizations should have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible. Here are the four immediate steps to follow when dealing with a cyberattack: 1. Contain 2. Report 3. Investigate and Recover 4. Remediate
  2. 2. CISO’s Guide to a Modern AppSec Program - A guide for CISOs and security leaders to enable a business with Application Security and a shift left approach starts with: 1. Cybersecurity influence on Organizational Culture Change 2. The Product and Application Security Program Checklist 3. Building out AppSec Focus Areas
  3. 3. The Evolving CISO: From Naysayer to Enabler - Chief Information Security Officers (CISOs) are not typically perceived as business enablers. Their core responsibility is to safeguard the company’s sensitive information and operational services, which makes us naturally risk-averse. Business innovation tends to require some level of experimentation, failure, and recalibration. But for the CISO, a single instance of failure can be catastrophic. The good news is that many of the same technologies used to lock down environments can be repurposed to enable innovative new use cases with significant potential for business transformation. Additionally, new capabilities continue to emerge. Let me highlight three possibilities below: 1) Creating secure sandboxes for development teams to innovate freely 2) Using machine learning to dramatically improve application time to market 3) Freeing the value of data
  4. 4. 5 Cybersecurity Approaches All Businesses Should Consider - Cybersecurity forces us to stay sharp and is continually challenging us to be better at what we do. The top five cybersecurity approaches you should consider are: 1. Teams/Slack Notifications for Critical Issues 2. Start Learning Incident Response 3. Harden Your Critical Infrastructure
  5. 5. 17 cyber insurance application questions you’ll need to answer - Recent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking, including: 1. Do you perform regular backups and store them in a secure off-site location? 2. Do you limit remote access to all computer systems by using two-factor authentication? 3. How many PII records are held on your network? 4. Do you provide periodic anti-fraud training to employees? 5. Are processes in place to request changes to bank account details including account numbers, telephone numbers, or contact information? 6. Are you using Office 365? 7. Can users access email through a web application on a non-corporate device? 8. Do you strictly enforce SPF on incoming emails? 9. Are your backups encrypted and kept separate from the network whether offline or with a specialist cloud service? 10. Do you use endpoint protection in the network? What brand? 11. How long does it take to install critical, high severity patches? 12. Do you have a SOC? 13. What steps are you taking to detect and prevent ransomware attacks? 14. Have you implemented a hardened baseline configuration across servers, laptops, desktops, and managed mobile devices? 15. How do you implement local administrator rights? 16. Do you provide users with a password manager software? 17. Are end-of-life or out-of-support hardware and systems segregated from the rest of the network?
  6. 6. 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement - Here are three ways companies can show they value their employees through effective communication. 1. Maximize Communication Channels And Techniques 2. Dismantle The Red Tape And Have An Open-Door Policy 3. Give Employees A Seat At The Table
  7. 7. 5 Myths About Flexible Work - We believe fear has created stumbling blocks for many organizations when it comes to flexibility. Companies either become frozen by fear or they become focused by fear. It is focus that can help companies pivot during challenging times. In the years that we’ve been working with companies on flexibility, we’ve heard countless excuses and myths for why they have not implemented a flex policy. In fact, the Diversity & Flexibility Alliance has boiled these myths down to the fear of losing the 5 C’s: Loss of control Loss of culture Loss of collaboration Loss of contribution Loss of connection
Adrian Sanabria
Adrian Sanabria
Director of Product Management at Tenchi Security
Jason Albuquerque
Jason Albuquerque
Chief Operating Officer at Envision Technologies
prestitial ad