RSAC2022 Subscribe

Supply chain, Compliance Management

Going Beyond the Motions of Cybersecurity – Malcolm Harkins – RSA22 #4

June 9, 2022

Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).

Segment Resources:

https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/

https://www.uscybersecurity.net/csmag/making-better-cyber-risk-decisions-by-architecting-the-choices/

Full episode and show notes

Guest

Malcolm Harkins

Malcolm Harkins

Chief Security & Trust Officer at Epiphany Systems

http://cymatic.io/

Malcolm is Chief Security & Trust Officer with Epiphany Systems. He is responsible for enabling client growth with optimal information security infrastructure, systems, policies, and processes. He is featured industry speaker, author, and has testified on cybersecurity before the US Senate. Malcolm was previously the Chief Security and Trust Officer at Cylance as well as Chief Security and Privacy Officer at Intel Corporation. He is a board member and advisor to other growth-stage cybersecurity companies. Malcolm received a BS in Economics from UC Irvine, and an MBA from UC Davis.

Hosts

Paul Asadoorian

Paul Asadoorian

Founder at Security Weekly

https://securityweekly.com

Matt Alderman

Matt Alderman

VP, Product at Living Security

Related

Application security

Supply Chain Security Security with Containers and CI/CD Systems – Kirsten Newcomer – ASW #256

September 25, 2023

Supply chain has been a hot topic for a few years now, but so many things we need to do for a secure supply chain aren't new at all. We'll cover SBOMs, vuln management, and putting together a secure pipeline. Segment resources: https://www.solarwinds.com/assets/solarwinds/swresources/whitepaper/2111swiwhitepaper_nextgenbuild.pdf https://next.red...

Network Device Supply Chain Security – Nate Warfield – BTS #13

September 20, 2023

We dig into network devices/appliances, why they are still around, who is attacking them, and how. Just why are attackers using network devices in ransomware campaigns and how do we stop them? Tune-in to find out as Nate Warfield, Director of Threat Research and Intelligence at Eclypsium joins us for this episode! This segment is sponsored by Ecly...

Application security

Talking to the founder of Binarly, a Black Hat Startup Spotlight Finalist – Alex Matrosov – ESW #327

August 10, 2023

Binarly is one of only a few startups focused on highlighting security issues in firmware. The company has discovered a remarkable number of vulnerabilities in firmware in a very short time. Its' founder, Alex Matrosov, joins us to discuss insights discovered along his company's journey to convince vendors that firmware is worth securing. https://...