Difference between revisions of "BSWEpisode154"

From Security Weekly Wiki
Jump to navigationJump to search
 
(3 intermediate revisions by 2 users not shown)
Line 3: Line 3:
 
== Episode Audio ==
 
== Episode Audio ==
  
<!--<div align="center">
+
<div align="center">
 
{{#widget:SoundCloud
 
{{#widget:SoundCloud
|id=543346953
+
|id=722553280
 
|width=75%
 
|width=75%
 
|height=100
 
|height=100
Line 12: Line 12:
 
}}
 
}}
 
</div>
 
</div>
-->
+
 
 
== Hosts ==
 
== Hosts ==
 
{{Template:Matt}}
 
{{Template:Matt}}
Line 26: Line 26:
 
[[File:WardCobleigh.jpg|thumb|right|<center>[https://www.linkedin.com/in/ward-cobleigh Ward Cobleigh] is the Sr. Product Manager at [https://securityweekly.com/viavi VIAVI Solutions]</center>]] Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.<br><br>'''Segment Topic:'''<br>Bringing NetOps into the Threat Hunt<br><br>'''Segment Description:'''<br>In a very recent study, 65% of responding organizations reported a shortage of cybersecurity staff, with a lack of skilled or experienced security personnel their number one workplace concern (36%). To help fill this void, there is a very real and still growing need to cross-train existing professionals and teams whenever possible. How achievable is this goal? Can we really take the typical NetOps skillset, combine it with the data sources that are typically available to them, and apply this to the SecOps skills gap? This Business Security Week Podcast will answer these questions and include a demonstration of how a performance analysis platform can be used to quickly and efficiently identify threats.<br><br>'''Segment Resources:'''<br>
 
[[File:WardCobleigh.jpg|thumb|right|<center>[https://www.linkedin.com/in/ward-cobleigh Ward Cobleigh] is the Sr. Product Manager at [https://securityweekly.com/viavi VIAVI Solutions]</center>]] Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.<br><br>'''Segment Topic:'''<br>Bringing NetOps into the Threat Hunt<br><br>'''Segment Description:'''<br>In a very recent study, 65% of responding organizations reported a shortage of cybersecurity staff, with a lack of skilled or experienced security personnel their number one workplace concern (36%). To help fill this void, there is a very real and still growing need to cross-train existing professionals and teams whenever possible. How achievable is this goal? Can we really take the typical NetOps skillset, combine it with the data sources that are typically available to them, and apply this to the SecOps skills gap? This Business Security Week Podcast will answer these questions and include a demonstration of how a performance analysis platform can be used to quickly and efficiently identify threats.<br><br>'''Segment Resources:'''<br>
 
*Below are additional resources related to our topic. These can be used by the hosts for background information. We will have these available on our landing page https://viavisolutions.com/securityweekly
 
*Below are additional resources related to our topic. These can be used by the hosts for background information. We will have these available on our landing page https://viavisolutions.com/securityweekly
* SANS OnDemand Webinar Recording: https://comms.viavisolutions.com/lp-cmp?cp=vi101475&th=std&lang=en<br>
+
* SANS OnDemand Webinar Recording: https://comms.viavisolutions.com/lp-cmp?cp=vi101475&th=std&lang=en
 
Blogs:
 
Blogs:
 
* [https://blog.viavisolutions.com/2019/08/14/capital-one-cyberattack-lessons/ 3 Lessons Learned from the Capital One Cyberattack - Listen to Your Data Sources]
 
* [https://blog.viavisolutions.com/2019/08/14/capital-one-cyberattack-lessons/ 3 Lessons Learned from the Capital One Cyberattack - Listen to Your Data Sources]
Line 35: Line 35:
 
= Leadership Articles =
 
= Leadership Articles =
 
<!--<center>{{#ev:youtube|Rr3VkFPCT44}}</center>-->
 
<!--<center>{{#ev:youtube|Rr3VkFPCT44}}</center>-->
 +
* [https://hbr.org/2019/11/companies-need-to-rethink-what-cybersecurity-leadership-is Companies Need to Rethink What Cybersecurity Leadership Is] - For businesses today, cyber risk is everywhere. Yet for all the investments , companies are still struggling to make cybersecurity a vibrant, proactive part of strategy, operations, and culture. The root cause is twofold: (1) Cybersecurity is treated as a back-office job and (2) most cyber leaders are ill-equipped to exert strategic influence.  Here's a framework for what business leaders must do to spur cybersecurity success:
 +
# Set your intent with cybersecurity strategy
 +
# Position the cybersecurity function to have influence
 +
# Get the right cyber leader for your needs
 +
* [https://hbr.org/2019/11/what-companies-that-are-good-at-innovation-get-right What Companies That Are Good at Innovation Get Right] - Innovation labs, technology scouting outposts, and accelerator programs to invest in startups have become ubiquitous in large companies. Yet, in some companies, all of that activity adds up to nothing more than “innovation theater.” But for the ones who get it right, here's what they do:
 +
# They hone their focus
 +
# They collaborate with key internal partners
 +
# They staff appropriately
 +
# They design incentive system
 +
# They monitor impact
 +
# They move beyond culture clashes
 +
* [https://www.computerweekly.com/news/252474673/Staff-in-smaller-businesses-bogged-down-by-poor-communications Staff in smaller businesses bogged down by poor communications] - Inadequate communications between senior management and staff in small to medium-sized enterprises is leading to poor decision-making.
 +
* [https://www.scienceofpeople.com/video-emails/ Why You Should Be Sending More Video Emails … And How To Record Them] - Humans have been speaking to each other face-to-face for more than 150,000 years! In today’s digital age we are sending more and more emails, and speaking to each other less and less.  Here's a video email guide:
 +
# Know When to Send a Video Email
 +
# Build Your Confidence
 +
# Get Your Gear (way less than you think)
 +
# Nail Your First Impression
 +
# Don’t use a script!
 +
# Talk to one person
 +
# Lighting: Know where it is
 +
# Practice, practice, practice to build confidence and success
 +
* [https://www.computerweekly.com/news/252474610/Enterprises-muddled-over-cloud-security-responsibilities Enterprises muddled over cloud security responsibilities] - Miscommunication in enterprises was identified as a major factor in cloud-native security breaches.  There is a diverse range of views about who should take responsibility...
 +
* [https://www.ciodive.com/news/top-tech-conferences-to-attend-in-2020/567953/ Top tech conferences to attend in 2020] - For the CISOs:
 +
** Suits & Spooks DC, Feb. 6-7, Washington D.C.
 +
** RSA Conference, Feb. 24-28, San Francisco
 +
** Gartner Security & Risk Management Summit, June 1-4, National Harbor, Maryland
 +
** Black Hat USA, Aug. 1-6, Las Vegas
 +
** DEF CON 28, Aug. 6-9, Las Vegas
 +
** Global CISO Executive Summit, Sept. 21-23, Marana, Arizona
 +
** Forrester Security & Risk North America, Sept. 22-23, Washington D.C.
 
<br>
 
<br>
 
{{Template:SocialMedia}}
 
{{Template:SocialMedia}}

Latest revision as of 17:38, 5 December 2019

Recorded December 2, 2019 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
    • We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
    • Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.


    Interview: Ward Cobleigh, VIAVI Solutions

    Ward Cobleigh is the Sr. Product Manager at VIAVI Solutions

    Ward Cobleigh, Sr Product Manager for VIAVI Solutions, understands the balancing act between network ops and security that IT pros are facing today along with the challenges they have in solving issues due to limited visibility and complexity. His experience in engineering, product management plus design and marketing give him a unique ability to cut to the heart of the problem and demonstrate solutions that give engineers a sigh of relief. He brings a refreshing bit of humor to the dry, technical topic of network performance management and security threat hunting.

    Segment Topic:
    Bringing NetOps into the Threat Hunt

    Segment Description:
    In a very recent study, 65% of responding organizations reported a shortage of cybersecurity staff, with a lack of skilled or experienced security personnel their number one workplace concern (36%). To help fill this void, there is a very real and still growing need to cross-train existing professionals and teams whenever possible. How achievable is this goal? Can we really take the typical NetOps skillset, combine it with the data sources that are typically available to them, and apply this to the SecOps skills gap? This Business Security Week Podcast will answer these questions and include a demonstration of how a performance analysis platform can be used to quickly and efficiently identify threats.

    Segment Resources:

    Blogs:


    Leadership Articles

    • Companies Need to Rethink What Cybersecurity Leadership Is - For businesses today, cyber risk is everywhere. Yet for all the investments , companies are still struggling to make cybersecurity a vibrant, proactive part of strategy, operations, and culture. The root cause is twofold: (1) Cybersecurity is treated as a back-office job and (2) most cyber leaders are ill-equipped to exert strategic influence. Here's a framework for what business leaders must do to spur cybersecurity success:
    1. Set your intent with cybersecurity strategy
    2. Position the cybersecurity function to have influence
    3. Get the right cyber leader for your needs
    • What Companies That Are Good at Innovation Get Right - Innovation labs, technology scouting outposts, and accelerator programs to invest in startups have become ubiquitous in large companies. Yet, in some companies, all of that activity adds up to nothing more than “innovation theater.” But for the ones who get it right, here's what they do:
    1. They hone their focus
    2. They collaborate with key internal partners
    3. They staff appropriately
    4. They design incentive system
    5. They monitor impact
    6. They move beyond culture clashes
    1. Know When to Send a Video Email
    2. Build Your Confidence
    3. Get Your Gear (way less than you think)
    4. Nail Your First Impression
    5. Don’t use a script!
    6. Talk to one person
    7. Lighting: Know where it is
    8. Practice, practice, practice to build confidence and success
    • Enterprises muddled over cloud security responsibilities - Miscommunication in enterprises was identified as a major factor in cloud-native security breaches. There is a diverse range of views about who should take responsibility...
    • Top tech conferences to attend in 2020 - For the CISOs:
      • Suits & Spooks DC, Feb. 6-7, Washington D.C.
      • RSA Conference, Feb. 24-28, San Francisco
      • Gartner Security & Risk Management Summit, June 1-4, National Harbor, Maryland
      • Black Hat USA, Aug. 1-6, Las Vegas
      • DEF CON 28, Aug. 6-9, Las Vegas
      • Global CISO Executive Summit, Sept. 21-23, Marana, Arizona
      • Forrester Security & Risk North America, Sept. 22-23, Washington D.C.


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+