Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
The CISOs aren’t OK.
A new survey showed the pandemic has ratcheted up job pressure to “extreme stress” levels among chief information security officers (CISOs), and it’s left them grappling for coping mechanisms ranging from workouts to narcotics.
CISOs need to cover all the security bases. The problem is, some of the bases are easy to overlook. Here's a rundown of eight often-overlooked areas that CISOs should immediately address:
1. Ensuring that third-party partners maintain strong security
2. Investigating innovation opportunities
3. Understanding their enterprise's data footprint
4. Strengthening security team support and focus
5. Thinking ahead
6. Maintaining return on existing security investments
7. Finding ways to build enterprise management unity
8. Developing a truly effective method to sharpen threat awareness
Wendy Nather, head of advisory CISOs at Cisco, recently teamed up with researcher Wade Baker to investigate cybersecurity metrics and determine how to make a cybersecurity program measurably more successful. She shares some of her more surprising findings, including:
1. Best Practices that Improve Security Outcomes: 1) Proactive Technology Refresh and 2) Integrated Technology Stacks
2. Compliance in name only is not enough
3. Metrics that Matter are tied to Outcomes and Capabilities of each Organization
An integrated approach can help build business and technology resilience, which can act as a differentiator for companies focused on building consumer trust. This security-by-design approach can lead to several benefits, including:
- Providing leading-edge, innovative security approaches such as intelligent threat detection
- Reducing risk related to technology, insider threats, and supply chain
- Supporting developers and engineers while enabling the business with development, security, and operations (DevSecOps)
- Establishing a cyber-forward approach that reinforces and enhances business objectives, including security and trust
- Identifying potential cyber incident and breach scenarios during cloud migration that help build stronger cyber and business resilience.
Four suggestions for CISOs, executives, and boards to address the negative effects of the cybersecurity skills shortage:
1. Incentivize employees
2. Invest in training
3. Recruit via professional networks
4. Get HR on board
What will the future bring with respect to AI and LLMs? Josh has spent some time thinking about this and brings us some great resources. We'll discuss how to get students involved with AI in a safe and ethical manner. How can we use AI to teach people about cybersecurity? What tools are available and where do they fit into our educational systems t...
Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into.
Fitzgerald, T. 2019. Chapter 14. CISO ...
In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!