Business Security Weekly

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO.

Segment Resources: https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos

In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​ This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.

From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications. This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!

Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know.

In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, How to Empower Teams, and more!

How do you manage the human side of cybersecurity? Traditionally, security awareness programs have checked this box from a compliance angle but had minimal impact on cyber risk. Human Risk Management (HRM) is transforming this space by connecting an integrated, data-driven approach with personalized security training to deliver quantifiable results. In this session, we'll define HRM, explore how it is being adopted, and review the business case supporting the change.

This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

In the leadership and communications section, What CISOs Should Know About Hacking in 2023, Getting Employee Buy-In for Organizational Change, Listening — The most important communication skill, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

This week, it's Security Money. While the major indexes have improved, the SW25 index has not. Pressures from the macro economic conditions appear to have a greater impact on cybersecurity. We'll dig in and review.

In the leadership and communications section, Who Does Your CISO Report To?, 5 CISO Traps to Avoid and Truths to Embrace, How to effectively communicate cybersecurity best practices to staff, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

What keeps the cyber C-Suite up at night? What are their main priorities, and how do they articulate them to board? In this session, we’ll go behind the screens and find out what CISOs from all over the world really think in terms of making turning cyber risk into business risk.

This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

In the leadership and communications section, Why CISOs Make Great Board Members, Unlock Your Leadership Potential: 12 Must-Read Books to Take Your Skills to the Next Level, How To Get People To Listen To You, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview.

In the leadership and communications section, 8 Questions to Ask Before Selecting a New Board Leader, How Cybersecurity Leaders Can Build Employee Trust—And Why It Is Important, 7 rules to communicate the business value of IT, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more!

SolarWinds has been on the journey of Secure by Design since the Sunburst incident in late 2020. Secure by Design is a practical approach to minimizing risk. It involves advanced build systems, an assumed breach model, proactive testing, audit, increased visibility and sharing lessons externally.

Segment Resources: https://www.solarwinds.com/secure-by-design-resources Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly