From Security Weekly Wiki
Revision as of 22:30, 28 July 2019 by Matt (talk | contribs)
Jump to navigationJump to search

Recorded July 29, 2019 at G-Unit Studios in Rhode Island!

Episode Audio


  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting and clicking the button to join the list! You can also submit your suggestions for guests by going to and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting, selecting the webcast/training drop down from the top menu bar and clicking registration.

    Interview: Todd Fitzgerald, CISO SPOTLIGHT, LLC

    Todd Fitzgerald is the Managing Director/CISO/Cybersecurity Leadership Author at CISO SPOTLIGHT, LLC

    Todd Fitzgerald has built and led information Fortune 500/large company security programs for 20 years. He was named 2016–17 Chicago CISO of the Year, ranked Top 50 Information Security Executive, authored 4 books- CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers (2019), Information Security Governance Simplified: From the Boardroom to the Keyboard, ground-breaking CISO Leadership: Essential Principles for Success, E-C Council Certified Chief Information Security Officer Body of Knowledge and contributed to a dozen others. Todd held senior leadership positions at Northern Trust, Grant Thornton International, Ltd, ManpowerGroup, WellPoint (Anthem) Blue Cross Blue Shield/ National Government Services, Zeneca/Syngenta, IMS Health and American Airlines.

    Segment Description:
    His book, the CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers

    Segment Resources:

    Leadership Articles

    • Leading with Trust - in 2018, more CEOs were fired for ethical lapses than for poor financials or over battles with their board. People evaluate a leader’s trustworthiness on the same dimensions they evaluate a company’s. The more of these dimensions a leader has established trust in, the more power he or she has:
      • Legitimacy
      • Competence
      • Motive
      • Means
      • Impact
    • Portrait of a CISO: Roles and responsibilities - Success in the role of CISO requires security experts to wear many hats. Couple that with changes in compliance regulations and sophisticated cyberthreats, and CISOs are left with a full plate. Here are three informative areas that shed light on the importance of the CISO role, the regulatory guidelines CISOs enforce and the skills necessary to be successful in the position:
      • Evolution of threats expands CISO roles and responsibilities
      • New regulation policies affect CISO compliance oversight
      • CISOs must demonstrate quality communication skills
    • 8 Skills All Leadership Trainings Should Teach Managers - Leadership training is crucial for any management role. Whether you have a large team or just got your first hire, leadership training can help you be the best possible leader. Here are the most important leadership skills you need from any leadership training:
      • Learning Core Leadership Practices
      • Identify Your Leadership Style
      • How to Delegate
      • Motivating a Team
      • Make Good Decisions
      • Managing Conflict
      • Performance Management
      • Digital Leadership Skills
    • What Boards Can Do to Prepare for Crises - According to recent research by the National Association of Corporate Directors, almost half of respondents reported that their focus on known risks was a barrier to understanding and preparing for threats that are hard – or impossible – to predict. Furthermore, fewer than 20 percent of respondents felt confident that management could handle such risks. To help prepare corporate boards, let's translate the COBRA model to the corporate setting:
      • The UK, and other Commonwealth countries, use a Strategic, Tactical, Operational (STO) management structure to manage incidents. Each incident response is allocated one Strategic Commander on the team, one Tactical Commander, and as many Operational Commanders (geographic or thematic) as necessary to fulfill responsibilities. Thus, the strategic members function as the senior management of the response.
      • On the political side are senior elected officials and policy makers, often referred to as the COBRA group.
      • A designated senior, non-elected civil servant on each side in a formal liaison role serves to foster an orderly flow of information between the two.
        • This structure enables political leaders to have input into the handling of the operation while ensuring that they do not try to run it.
        • Conversely, the strategic team members receive valuable information about the political ramifications of their decisions while remaining able to maintain an essential “battle rhythm” to keep pace with unfolding events.
    • Cybersecurity Risk: What does a 'reasonable' posture entail and who says so? - Without an exact definition of what "reasonable" security practices entail, a simpler approach is to evaluate what constitutes a lack of reasonable security. This approach makes it easier for an organization to map data security protection efforts (including privacy and resources) to a known framework.
    • A call to end 'warrant-proof' encryption, but where does privacy protection fit in? - The encryption battle remerges:
      • Deploying encryption practices where the end user is the only one with decryption capabilities is preventing law enforcement from pursuing "communications in transit" and data. "Even with a warrant based on probable cause," encryption is thwarting investigations.
      • Because modern crimes carry heavy digital evidence, "warrant-proof" encryption is a threat to public safety. Encryption is "extinguishing" law enforcement's ability to access and trace evidence in investigations.
      • An individual's "zone of privacy" — person, house, papers and effects — are protected from "unreasonable" investigation. But, the zone of privacy is only possible because the public has a right to access when public safety is in question. Encryption prohibits right of access, morphing devices into "law-free zones."

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+