- 1 Enterprise Security Weekly Episode 181 - 2020-04-29
- 2 Interview: Building an Enterprise Security Team - 6:00-6:45PM
- 3 Interview: Security Challenges When Working Remotely - 6:00-6:45PM
- 4 Fullaudio - None
- 5 News - Trustwave, F-Secure, & Obsidian Security
Enterprise Security Weekly Episode 181 - 2020-04-29
- Learn how penetration testing reduces risk in our next live webcast with Core Security (a Help Systems Company). Register for our upcoming webcasts or virtual trainings by visiting securityweekly.com/webcasts. You can also access our on-demand library of previously recorded webcasts/trainings by visiting securityweekly.com/ondemand.
- Join the Security Weekly Mailing List by visiting securityweekly.com/subscribe and clicking the button to join the list! We will be starting to roll out our public Discord channel in the next week or so and our mailing list subscribers will get the first invites!
- Join us at InfoSecWorld 2020 - June 22nd-24th now a fully virtual event! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code!
- We are looking for high-quality guest suggestions for all of our podcasts to fill our Q3 recording schedule! Submit your suggestions for guests by visiting securityweekly.com/guests and submitting the form! We review suggestions monthly and will reach out to you once reviewed!
Interview: Building an Enterprise Security Team - 6:00-6:45PM
Hat tip to @snipeyhead (Grokability) for that link. It’s very representative on how I feel I work best with people.
Is Information Security a specialisation of IT rather than a branch of its own? Opinions might be different. When are you “entry level” in security? In most cases you’re already pretty senior in one or more IT disciplines …
Hiring/Firing: There’s often a discussion on how you attract people. The biggest challenges are keeping them and letting them go. I’ve helped people that I sorely needed move to new jobs elsewhere. Why? They were not happy and I had nothing to offer them. The upside? 10 years later I got to work with them again.
Maybe take some time to discuss the “hire for potential instead of culture fit” adage as well.
Training Teams Something I realized when I did more training than I did today. Most training programs are targeted at creating carbon copies of a certain “ideal” profile. That is so wrong. If we indeed hire for diversity and breadth of coverage across a team, why do we all make them tick boxes (GPEN, CEH, CISSP, …). We should train our teams so that they not only learn new skills but also grease the wheels of working together and at the same time learn who excels at what. What do you want? 3 people that have completed the GPEN, GCIH, CISSP, and CEH trainings (not even talking about certs) or 3 people with a certain overlap in skills but one that excels in network forensics, one that excels in Linux Forensics, and one that is badass at reporting?
The myth of the badass Security Expert Let’s be real. There is nobody that covers the breadth of infosec as an expert. You can’t do it all. It’s that simple. Why don’t we as the perceived experts recognize that there are enormous gaps in our knowledge?
|Before founding Wire Security, Wim gained experience in both technical and executive roles at companies such as Rapid7, IOActive, and Ernst & Young. He is passionate about finding ways to integrate information security into the fabric of an organization through the application of more than 20 years of IT and information security experience. Wim also served on the (ISC)2 Board of Directors (2012–2014 and 2016–2018). (ISC)2 is an organization that certified more than 135.000 security professionals around the globe. Wim has spoken at security conferences on 5 continents including Blackhat Europe, Blackhat USA, BruCON, QCon, Source Boston & Dublin, and many others.|
Interview: Security Challenges When Working Remotely - 6:00-6:45PM
|Gerald Beuchelt is the Chief Information Security Officer at LogMeIn. He is responsible for the company’s overall security, compliance, and technical privacy program. With more than 20 years of experience working in information security, he is a member of the Board of Directors and the IT Sector Chief for the Boston Chapter of Infragard. In his prior role, Gerald was the Chief Security Officer for Demandware, a Salesforce Company. He holds a Master of Science degree in theoretical physics.|
Fullaudio - None
Visit https://www.securityweekly.com/esw for all the latest episodes!
Matt Alderman's Content:
Paul Asadoorian's Content:
News - Trustwave, F-Secure, & Obsidian Security
Matt Alderman's Content:
Paul Asadoorian's Content:
- Obsidian Security lets security teams monitor Zoom usage - Help Net Security
- Guardicore Infection Monkey now maps its actions to MITRE ATT&CK knowledge base - Help Net Security
- Google Meet: Video meetings built on a secure foundation, soon free for everyone - Help Net Security
- Trustwave Launches Powerful Cybersecurity Collaboration Platform Globally
- Trustwave Security Colony delivers resources, playbooks and expertise to bolster security posture - Help Net Security
- Netskope's security controls and protection now available for Microsoft Teams - Help Net Security
- Niagara Networks' Open Visibility Platform Brings Network, SecOps Together
- Cybersecurity Startup, swIDch Is Stepping Up to Help Businesses Working from Home amid COVID-19
- Almost half of security pros being redeployed during pandemic
- Fast, informative detections power F-Secures performance in 2nd MITRE ATT&CK evaluation
- Fortinet Makes All Online Cybersecurity Training Courses Available for Free to Address Skills Gap
- Why You Need Both SIEM and SOAR Solutions in your Cybersecurity