From Security Weekly Wiki
Jump to navigationJump to search
= Interview: Malcolm Harkins, InfoSec World Speaker =
[[File:MalcolmHarkins.jpg|thumb|<center>[ Malcolm Harkins] is the Chief Security & Trust Officer at [ Cymatic]</center>]] Malcolm Harkins is the Chief Security and Trust Officer for Cymatic. He is responsible for enabling business growth through trusted infrastructure, systems, and business processes. Including all aspects of information risk and security, as well as security and privacy policy. Also responsible for peer outreach activities to drive improvement across the world in the understanding of cyber risks and best practices to manage and mitigate those risks. Key areas of focus include the ethics around technology risk, social responsibility, total cost of controls, and driving more industry accountability. He is also an independent board member and advisor to organizations. He is also an executive coach to CISOs and others in a wide variety of information risk roles.<br><br>Previously Malcolm was the Chief Security and Trust Officer at Cylance Inc. In this role he reported to the CEO and was responsible for enabling business growth through trusted infrastructure, systems, and business processes. He had direct organizational responsibility for information risk and security, as well as security and privacy policy.<br><br>Malcolm was also previously Vice President and Chief Security and Privacy Officer (CSPO) at Intel Corporation. In that role Malcolm was responsible for managing the risk, controls, privacy, security, and other related compliance activities for all of Intel’s information assets, products, and services.<br><br>He is a Fellow with the Institute for Critical Infrastructure Technology, a non-partisan think-tank providing on cybersecurity to the House, Senate, and a variety of federal agencies. Malcolm is a sought-after speaker for industry events. He has authored many white papers and in December 2012 published his first book, Managing Risk and Information Security: Protect to Enable®. He also was a contributing author to Introduction to IT Privacy, published in 2014 by the International Association of Privacy Professionals. The 2nd edition of Malcolm’s book, Managing Risk and Information Security: Protect to Enable®, was recently published in August of 2016. Malcolm has also testified before the United States Senate Committee on Commerce, Science, and Transportation on the “Promises and Perils of Emerging Technology for Cybersecurity”. He also testified at the Federal Trade Commission hearings on data security in December 2018.<br><br>Malcolm received his bachelor’s degree in economics from the University of California at Irvine and an MBA in finance and accounting from the University of California at Davis.<br><br>'''Segment Topic:'''<br>The Rise of the Cyber Industrial Complex and Expense in Depth<br><br>'''Segment Description:'''<br>The security profits from the insecurity of computing thus at a macro economic level has no real economic incentive to solve many of the risk issues we face. The lack of good economic incentives has turned the notion of Defense in Depth in to one of Expense in Depth where we continue to use outdated approaches to control for risks which results in needing to purchase other solutions to make up for the weakness of the solutions we bought that did not properly control for the risks.<br>Notes:<br>* Threat reports are reporting that the security products don’t work* Who holds responsibility for product security and risk?* The economics of security <br><br>'''Segment Resources:'''<br>
= Interview: Wilson Bautista, InfoSec World Speaker =
[[File:WilsonBautista.jpg|right|220px|thumb|<center>'''[ Wilson Bautista]'''<br> is the Founder of [ Jün Cyber].</center>]] Wilson Bautista is a retired military officer who is currently the founder of the consulting firm Jün Cyber. His expertise is in the domains of InfoSec leadership, policy, architecture, compliance, and risk. He holds multiple InfoSec and IT certifications as well as a Masters Degree in Information Systems from Boston University. He is an INTP on the Myers-Brigg Type Indicator test with a Driver-Driver personality. As a practitioner of Agile and SecDevOps, he develops innovative, integrated, enterprise-scale cyber security solutions that provide high value to businesses.<br><br>'''Segment Topic:'''<br>InfoSec World 2020Security Orchestration Is Not About Tools<br><br>'''Segment Description:'''<br> Talk about my InfoSec World Presentation. * Leadership, Dev, Ops and Secrity working together to provide security for the business, how does that work?* The Wants, needs and human aspect of working in a team: leverage information and decentralize decision making, earn trust, develop leadership, deal with different personalities, move without authority because everyone knows the mission* Commander intent, go do something and how, but the subordinates still have decision-making powers* Meet stakeholders needs, by know what makes them happy and know what stresses them out* Building secure culture* Breaking down silos, communication between teams* Security Orchestration Is Not About Toolsas governance and security working in teams, IR teams talking, Threat intel teams, pen testers, compliance<br><br>'''Segment Resources:'''<br>
* DevSecLead Podcast

Navigation menu