BSWEpisode176

From Security Weekly Wiki
Jump to navigationJump to search

Business Security Weekly Episode #176 - June 08, 2020

Subscribe to all of our shows and mailing list by visiting: https://securityweekly.com/subscribe

1. Interview - Career Ladders in Information Security - 03:00 PM-03:30 PM


Announcements

  • Join the Security Weekly Mailing List & receive your invite to our community Discord server by visiting securityweekly.com/subscribe and clicking the button to join the list!
  • We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!

Description

Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet.

With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO...

All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders


All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders


Guest(s)

Marc French

Marc French is CISO and Managing Director at PSG. He has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. Marc is a frequent speaker at industry events and currently chairs the MassTLC CISO group as well as serving as the Vice President for Infragard-Boston.


Hosts

2. News - Challenges of a New CISO, Security Culture, & Business Communication - 03:30 PM-04:00 PM


Announcements

  • Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
  • Learn how hidden vulnerabilities lead to application compromise in our next webcast with Snyk! Our second June webcast will be with Google Cloud teaching you how to prevent account takeover attacks! Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. Or visit securityweekly.com/ondemand to view our previously recorded webcasts!

Description

In the Leadership and Communications section, Challenges of a New CISO: The First Year, Why a robust security culture begins with people, How Cybersecurity Leaders Can Chart the Seas of Business Communication, and more!


Hosts

Jason Albuquerque's Content:

Articles

Matt Alderman's Content:

Articles

  • Challenges of a New CISO: The First Year - The first year as a new CISO can be exhilarating and at times downright frightening. Early on, the emphasis is on learning the lay of the land of your new organization, assessing the company’s security maturity level, developing a business-focused security strategy and building up the relationships and political capital needed to make it a reality. What’s next?
    • How Will You Put Your Plans into Action?
    • Be Seen as a Business Enabler
    • Demonstrating Business Value
    • Handling Changes to the Business Landscape
  • Why a robust security culture begins with people - A recent study by ClubCISO, supported by Telstra Purple, surveyed 100 CISOs and identified cyber resilience as one of the top three hot topics on the CISO radar, along with security culture and cloud security.
  • Research from MIT Sloan Indicates Top CISO Priority is Enhancing Coverage for a Wide Variety of Attack Types and Surfaces - Attivo Networks, in participation with SINC and MIT Sloan, published a research report entitled “The Cybersecurity Landscape: Challenges and How to Overcome Them.” Here are some of the key findings:
    • With more people working from home, attacks that disrupt services or use credential theft are top concerns, along with the need to protect cloud architectures and critical access resources like Active Directory.
    • Executives are prioritizing security investments that help them fight disruption of service and ensure compliance.
    • A significant concern is ransomware, in part because business continuity and maintaining uptime are of utmost importance to keep operations running.
  • How Cybersecurity Leaders Can Chart the Seas of Business Communication - As organizations prepare for the remainder of 2020, cybersecurity leaders can use this opportunity to review their communication style and improve how they share key messages across the organization. Here's a few tips:
    • Set Your Sails - Craft your message
    • There’s No Sailing Without a MAST: Medium, Allies, Space, Time
    • Align With Organizational Winds - Have your finger on the pulse of the business and to know and support the direction it has chosen.
  • Cyber Security Is A Global Threat - On this episode, private sector executive talk cyber security, including:
    • Encouraging The Private Sector To Invest In Cyber Security
    • The Business Case For Cyber Security
    • The Ultimate Multitasker
    • COVID-19 And Cybersecurity
    • New Technology
  • CIO strategies for COVID-19 require new long-term IT planning - CIOs "need to have some eye on the future" to align IT networks, systems and applications with post-pandemic enterprise demands in a cost-effective way, states Gartner analyst Paul Proctor. Here are where companies should focus:
    • Survive now, thrive later
    • Strategic alignment on IT budget growth
    • A faster pace on digital transformation projects

Paul Asadoorian's Content:

Articles