Difference between revisions of "BSWEpisode158"

From Paul's Security Weekly
Jump to: navigation, search
Line 21: Line 21:
 
= Leadership Articles =
 
= Leadership Articles =
  
* [https://hbr.org/2020/01/unexpected-companies-produce-some-of-the-best-ceos Unexpected Companies Produce Some of the Best CEOs]
+
* [https://hbr.org/2020/01/unexpected-companies-produce-some-of-the-best-ceos Unexpected Companies Produce Some of the Best CEOs] - About 10% of S&P 500 companies change CEOs annually.  Historically, GE, IBM, P&G, and McKinsey have been viewed as CEO factories, but not now.  Now, it's estimate there are over a dozen “stealth CEO factories” across a range of industries and geographies; these include Medtronic, Rohm and Haas, and Danaher Corporation.  Three practices stand out as especially important in the success of these stealth CEO factories:
* [https://www.computerweekly.com/opinion/Security-Think-Tank-Hero-or-villain-Creating-a-no-blame-culture Security Think Tank: Hero or villain? Creating a no-blame culture]
+
# Give leaders broad authority.
* [https://hbr.org/2020/01/how-corporate-cultures-differ-around-the-world How Corporate Cultures Differ Around the World]
+
# Encourage them to think like CEOs.
* [https://www.inc.com/betsy-mikel/the-guy-who-invented-inbox-zero-says-were-all-doing-it-wrong.html The Guy Who Invented Inbox Zero Says We're All Doing It Wrong]
+
# Challenge strong performers early with big opportunities.
* [https://www.ciodive.com/news/Microsoft-Azure-AWS-IaaS-Cloud/570170/ Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds]
+
* [https://www.computerweekly.com/opinion/Security-Think-Tank-Hero-or-villain-Creating-a-no-blame-culture Security Think Tank: Hero or villain? Creating a no-blame culture] - In the general business IT world, all too often the end-user is identified as the point of blame for an intrusion, resulting in a culture of fear with people afraid to report anything suspicious, especially if they have clicked on a link they shouldn’t have. If there is one thing we should have learned, it is that nobody is immune to social engineering. As a general rule, don’t blame people who honestly get things wrong. Listen and respond positively to reports of suspicious incidents and provide feedback. Peer pressure should eventually call out those who just won’t behave properly.
* [https://www.hrdive.com/news/forrester-insider-threats-and-employee-rights-strike-tension/569815/ Forrester: Insider threats and employee rights strike tension]
+
* [https://hbr.org/2020/01/how-corporate-cultures-differ-around-the-world How Corporate Cultures Differ Around the World] - HBR's online assessment received over 12,800 responses from across the globe between December 2017 and May 2019.  A few patterns emerged across the full sample of responses:
 +
** Caring and results were the most salient culture attributes across respondents’ organizations, reflecting an orientation toward collaboration and achievement in the workplace.
 +
** Authority and enjoyment ranked lowest overall, indicating that decisiveness and spontaneity were lower priorities.
 +
** Differences by region:
 +
*** Organizations in Africa exhibited substantial flexibility. Many organizations in this region were characterized by learning and purpose, indicating an openness toward change through innovation, agility, and an appreciation for diversity.
 +
*** Many firms in Eastern Europe and the Middle East were characterized by a strong degree of stability. An emphasis on safety was prevalent in these regions, revealing the prioritization of preparedness and business continuity.
 +
*** Firms in Western Europe and in North and South America leaned toward a high level of independence.
 +
*** Firms in Asia, Australia and New Zealand were more likely to be characterized by interdependence and coordination.
 +
* [https://www.inc.com/betsy-mikel/the-guy-who-invented-inbox-zero-says-were-all-doing-it-wrong.html The Guy Who Invented Inbox Zero Says We're All Doing It Wrong] - Merlin Mann explains how we all missed the point about inbox zero -- and what we should do instead.
 +
** Stop treating inbox zero as a means to an end
 +
** Be wary of the clean slate approach
 +
* [https://www.ciodive.com/news/Microsoft-Azure-AWS-IaaS-Cloud/570170/ Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds] - Goldman Sachs survey of 100 IT executives from global 2000 companies finds...
 +
** In the public cloud more IT executives are using Microsoft Azure than Amazon Web Services, though AWS captures a larger portion of cloud spend
 +
** Azure is the "most popular choice" for infrastructure as a service, slightly ahead of AWS
 +
** Google Cloud saw a slight dip in respondents using its tools, though it is still higher than users' original expectations three years ago
 +
* [https://www.hrdive.com/news/forrester-insider-threats-and-employee-rights-strike-tension/569815/ Forrester: Insider threats and employee rights strike tension] - Forrester Analytics Global Business Technographics Workforce Benchmark, which included 7,388 respondents from eight countries, finds...
 +
** Employers should balance the need to eliminate insider data threats with protecting employees' privacy
 +
** In 2015, insiders caused 26% of the data breaches in the respondents' organizations, a statistic that rose to 48% in 2019.
 +
** Employers can have a successful insider threat program by openly communicating the program and IT rules with employees, clearly defining the program's objectives, letting employees know their part in security and avoiding the prioritization of security over productivity
 
<br>
 
<br>
 
{{SocialMedia}}
 
{{SocialMedia}}

Revision as of 14:45, 13 January 2020

Recorded January 13, 2020 at G-Unit Studios in Rhode Island!

Episode Audio

Hosts

  • Matt Alderman
    CEO at Security Weekly, Strategic Advisor, and Wizard of Entrepreneurship
  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .

  • Announcements

    • Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
    • Attend RSA Conference 2020, February 24-28 in San Francisco, CA! Visit securityweekly.com/rsac2020 to sponsor an interview with us on-site at the conference or register using our code to save $150!
    • OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!


    Interview: Al Ghous

    Al Ghous is the Head of Security at ServiceMax, a Cloud platform focused on field service management and automation. Prior to ServiceMax, Al was responsible for Platform, Product and IoT security for GE Digital. Al has been in the Cyber Security industry for 20 years contributing in different capacities from Product Security and Risk Management to Solution Consulting and Security Architecture. He has held other leadership roles in organizations such as Ernst and Young, Oracle, Kaiser Permanente and Informatica to name a few. Al is active in the Cyber Security industry and part of several industry organizations and consortiums, as well as member of several advisory boards. As an Advisor, Al takes pride in helping Security Startups and their Founders focus on product development while maturing their Security posture to attract customers and investors alike.

    Topic: Startup Security – It’s Everyone’s Business

    Leadership Articles

    • Unexpected Companies Produce Some of the Best CEOs - About 10% of S&P 500 companies change CEOs annually. Historically, GE, IBM, P&G, and McKinsey have been viewed as CEO factories, but not now. Now, it's estimate there are over a dozen “stealth CEO factories” across a range of industries and geographies; these include Medtronic, Rohm and Haas, and Danaher Corporation. Three practices stand out as especially important in the success of these stealth CEO factories:
    1. Give leaders broad authority.
    2. Encourage them to think like CEOs.
    3. Challenge strong performers early with big opportunities.
    • Security Think Tank: Hero or villain? Creating a no-blame culture - In the general business IT world, all too often the end-user is identified as the point of blame for an intrusion, resulting in a culture of fear with people afraid to report anything suspicious, especially if they have clicked on a link they shouldn’t have. If there is one thing we should have learned, it is that nobody is immune to social engineering. As a general rule, don’t blame people who honestly get things wrong. Listen and respond positively to reports of suspicious incidents and provide feedback. Peer pressure should eventually call out those who just won’t behave properly.
    • How Corporate Cultures Differ Around the World - HBR's online assessment received over 12,800 responses from across the globe between December 2017 and May 2019. A few patterns emerged across the full sample of responses:
      • Caring and results were the most salient culture attributes across respondents’ organizations, reflecting an orientation toward collaboration and achievement in the workplace.
      • Authority and enjoyment ranked lowest overall, indicating that decisiveness and spontaneity were lower priorities.
      • Differences by region:
        • Organizations in Africa exhibited substantial flexibility. Many organizations in this region were characterized by learning and purpose, indicating an openness toward change through innovation, agility, and an appreciation for diversity.
        • Many firms in Eastern Europe and the Middle East were characterized by a strong degree of stability. An emphasis on safety was prevalent in these regions, revealing the prioritization of preparedness and business continuity.
        • Firms in Western Europe and in North and South America leaned toward a high level of independence.
        • Firms in Asia, Australia and New Zealand were more likely to be characterized by interdependence and coordination.
    • The Guy Who Invented Inbox Zero Says We're All Doing It Wrong - Merlin Mann explains how we all missed the point about inbox zero -- and what we should do instead.
      • Stop treating inbox zero as a means to an end
      • Be wary of the clean slate approach
    • Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds - Goldman Sachs survey of 100 IT executives from global 2000 companies finds...
      • In the public cloud more IT executives are using Microsoft Azure than Amazon Web Services, though AWS captures a larger portion of cloud spend
      • Azure is the "most popular choice" for infrastructure as a service, slightly ahead of AWS
      • Google Cloud saw a slight dip in respondents using its tools, though it is still higher than users' original expectations three years ago
    • Forrester: Insider threats and employee rights strike tension - Forrester Analytics Global Business Technographics Workforce Benchmark, which included 7,388 respondents from eight countries, finds...
      • Employers should balance the need to eliminate insider data threats with protecting employees' privacy
      • In 2015, insiders caused 26% of the data breaches in the respondents' organizations, a statistic that rose to 48% in 2019.
      • Employers can have a successful insider threat program by openly communicating the program and IT rules with employees, clearly defining the program's objectives, letting employees know their part in security and avoiding the prioritization of security over productivity


    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+