Business Security Weekly
SubscribeClosing CISO-CEO Communication Gap Requires a Common Business Language – Sumedh Thakar, Jeff Recor – BSW #357
Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms.
Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader.
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Closing CISO-CEO Communication Gap Requires a Common Business Language – Sumedh Thakar – BSW #357
Risk Management Insights: What CEOs and Boards Really Need – Jeff Recor – BSW #357
Solving the Complexities of Cyber Insurance for SMBs – Brian Fritton – BSW #356
Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview.
In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Solving the Complexities of Cyber Insurance for SMBs – Brian Fritton – BSW #356
Board and CEO Understanding of CyberSecurity as CISOs Grapple with the C-Suite – BSW #356
Technology Rationalization in Cybersecurity – Max Shier – BSW #355
On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size?
Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization.
In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Technology Rationalization in Cybersecurity – Max Shier – BSW #355
Bringing the Boardroom to the Cyber Battlefield as CISOs Navigate the Role – BSW #355
CISOs 2023 Planning Guide: Forecast The Recession’s Impact On Your Program – Jeff Pollard – BSW Vault
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.
As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.
Segments
CISOs 2023 Planning Guide: Forecast The Recession’s Impact On Your Program – Jeff Pollard – BSW Vault
Building a Successful API Security Strategy – Luke Babarinde, Bhawna Singh – BSW #354
With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.
This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!
In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:
- CSOs/CISOs for their focus on security
- CTOs for their focus on innovation
- CIOs for their focus on operational efficiency
Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.
Segment Resources: www.okta.com/resources/whitepaper-ai-at-work-report/ www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/
This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Building a Successful API Security Strategy – Luke Babarinde – BSW #354
AI at Work 2024: C-suite Perspectives on Artificial Intelligence – Bhawna Singh – BSW #354
Shifting Third Party Risk & What You Need to Know About PCI DSS 4.0 – Lynn Marks, Paul Valente – BSW Vault
Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.
This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!
While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.
This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!
Segments
Shifting Third Party Risk & What You Need to Know About PCI DSS 4.0 – Lynn Marks, Paul Valente – BSW Vault
Zero Trust Is Not A SKU – Saša Zdjelar – BSW Vault
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022.
Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.
Segments
Zero Trust Is Not A SKU – Saša Zdjelar – BSW Vault
The State of the Cybersecurity Market, At Least According to Gartner – Vivek Ramachandran, Carl Froggett, Padraic O’Reilly – BSW #353
Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:
- Artificial Intelligence(AI)
- Continuous Threat Exposure Management(CTEM)
- Identity & Access Management (IAM)
- Cyber Risk
Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.
This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!
The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology’s role in powering predictive prevention.
This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!
Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.
Today SASE/SSE’s Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.
Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.
Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing
Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing
Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d
Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/
This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
The State of the Cybersecurity Market, At Least According to Gartner – Padraic O’Reilly – BSW #353
Deep Learning to Combat AI Threats & Disrupting the Browser Security Market – Carl Froggett, Vivek Ramachandran – BSW #353
Emotional Intelligence for Cyber Leaders – James Doggett, Jessica Hoffman, Sivan Tehila – BSW #352
Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?
In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:
- Self Awareness
- Self Regulation
- Motivation
- Empathy
- Social Skills
and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.
With new industry regulations, like the SEC’s Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.
Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management
This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!
Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization’s infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.
Segment Resources:
Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/
Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/
This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!
Visit https://www.securityweekly.com/bsw for all the latest episodes!
Segments
Emotional Intelligence for Cyber Leaders – Jessica Hoffman – BSW #352
Harnessing the Power of Data and AI & The Evolving Role of the CISO – James Doggett, Sivan Tehila – BSW #352
The VC Perspective: Embracing Uncertainty & Staying the Course – Alberto Yépez – BSW Vault
Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022.
Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.
Segment Resources:
Forgepoint’s new CISO security priorities model: https://forgepointcap.com/news/forgepoint-capital-builds-first-ever-ciso-security-priorities-model/
Recent exits that Forgepoint supported: - Forescout acquires Cysiv on June 6, 2022(release: https://www.cysiv.com/news/forescout-announces-intent-to-acquire-cysiv and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-partha-panda-ceo-of-cysiv/)
SentinelOne acquires Attivo Networks on May 4, 2022 (release: https://www.sentinelone.com/press/sentinelone-completes-acquisition-of-attivo-networks/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/attivo-networks-why-we-invested/)
LexisNexis Risk Solutions Acquires BehavioSec on May 3, 2022 (release: https://risk.lexisnexis.com/about-us/press-room/press-release/20220503-behaviosec and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-neil-costigan-of-behaviosec/ )
Cloudflare acquires Area 1 Security on April 1, 2022 (release: https://www.cloudflare.com/press-releases/2022/cloudflare-completes-acquisition-of-area-1-security/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/area-1-security-why-we-invested/ )