From Paul's Security Weekly
Recorded November 4, 2019 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Henry Harrison, Garrison
What is Hardsec?
A contrarian in the security industry, Henry Harrison of Garrison believes the only way forward is to implement security on the foundational level through Hardsec. An evangelizing approach that emerged out of research and development from the UK’s national security, hardsec relies on hardware security executed through the use of non-turing machines digital logic – chips that are too dumb to be hacked – to eliminate cyber threats. This moves away from the generic chip sets and advocates for a more unique and specialized chip set for devices where security is paramount. During this conversation, Henry can talk about this approach and what it would take for it to become widely adopted.
- Balancing the Company’s Needs and Employee Satisfaction - Doing what is right for their company and doing what will make their employees happiest are not always mutually exclusive. Making the following shifts in mindset can help:
- From individual happiness to collective purpose
- From engagement to ownership
- From promotability to visibility
- Why Successful People Wear The Same Thing Every Day - Researchers have actually studied the effect that making too many decisions can have on our lives and what they show is that our capacity to consistently make well thought out decisions is finite. Many successful individuals understand that less time spent on making decisions meant more brainpower and time for everything else. Therefore, reduce one decision by choosing a monotonous wardrobe...
- Technology That Will Actually Make You More Productive - Don’t be afraid of technology, embrace it. Just make sure you are picking the right tools to put on your phone or tablet...
- What industry gets wrong about cyber insurance - Misconceptions about the role insurance plays in a cyber event's aftermath are common. Let's try to provide some clarity:
- Cyber insurance is an investment
- How to choose a cyber insurance policy
- Insurance loopholes
- Security considerations
- Insurers' role in incident response
- Four principles for security metrics - When you start developing security metrics for a problem area, don't plunge into trying to analyze 'risk'. Here are four founding principles if you want to develop trusted operational security metrics that are relevant for your organization:
- Start with process
- Understand the reality of the process
- Create one metric per process
- Be clear on the type of process failure
- 3 lessons on the future of talent pipelines - Talent shortages haven't ceased being a discussion going into the next decade, yet swaths of the American population are either underrepresented in the workforce or struggle to develop the skills necessary to thrive in it. Here are the issues impacting employers' talent pipelines:
- The digital skills gap may be the biggest one
- Companies won't ignore the role of social issues in recruiting
- Employers can expect never-ending 'reskilling'