From Paul's Security Weekly
Recorded January 13, 2020 at G-Unit Studios in Rhode Island!
- Join us at InfoSecWorld 2020 - March 30 - April 1, 2020 at the Disney Contemporary Resort! Security Weekly listeners save 15% off the InfoSec World Main Conference or World Pass! Visit securityweekly.com/ISW2020, click the register button to register with our discount code or the schedule button to sponsor a micro-interview!
- OSHEAN and the Pell Center are partnering together to present Cybersecurity Exchange Day on Wednesday, March 18th from 9am-3pm at Salve Regina University in the beautiful Newport, RI! Visit securityweekly.com/OSHEAN2020 to register for free and come join in the fun!
- We have officially migrated our mailing list to a new platform! Sign up for the list to receive invites to our virtual trainings, webcasts, and other content relative to your interests by visiting securityweekly.com/subscribe and clicking the button to join the list! You can also submit your suggestions for guests by going to securityweekly.com/guests and submitting the form! We'll review them monthly and reach out if they are a good fit!
- Our first-ever virtual training is happening on March 19th @11:00am ET, with Adam Kehler & Rob Harvey from Online Business Systems Risk, Security & Privacy Team. In this training you will learn how to generate a complex SHA-256 hashed password and then use password cracking tools to break it. Register for our upcoming trainings by visiting securityweekly.com, selecting the webcast/training drop down from the top menu bar and clicking registration.
Interview: Al Ghous, ServiceMax
Al is active in the Cyber Security industry and part of several industry organizations and consortiums, as well as member of several advisory boards. As an Advisor, Al takes pride in helping Security Startups and their Founders focus on product development while maturing their Security posture to attract customers and investors alike.
Startup Security – It’s Everyone's Business
With the growing number of Security startups, often times the need for a quick go to market supersedes developing basic Security hygiene. However, the enterprise customers that startups want to attract will not do business unless they pass their third-party risk review. The question then becomes, how can startups build security within, without inhibiting their GTM strategy or increases in expenditure, in order to attract enterprise customers? To bridge this gap, a like-minded group of investors and CISOs got together to develop a framework that would empower startups with reasonable security controls. And when intelligently applied, have a favorable cost-effect ratio. Simply put: Security4Startups.com strives to help early stage startups solve for their greatest security risks, in a balanced way, and in a manner, that’s sustainable and doesn’t demand great security expertise or cost.
- Per Gartner, there was projected to be significant growth in the Cyber Security spend in 2019: https://www.darkreading.com/2019-security-spending-outlook/d/d-id/1333826?image_number=2
- Unexpected Companies Produce Some of the Best CEOs - About 10% of S&P 500 companies change CEOs annually. Historically, GE, IBM, P&G, and McKinsey have been viewed as CEO factories, but not now. Now, it's estimate there are over a dozen “stealth CEO factories” across a range of industries and geographies; these include Medtronic, Rohm and Haas, and Danaher Corporation. Three practices stand out as especially important in the success of these stealth CEO factories:
- Give leaders broad authority.
- Encourage them to think like CEOs.
- Challenge strong performers early with big opportunities.
- Security Think Tank: Hero or villain? Creating a no-blame culture - In the general business IT world, all too often the end-user is identified as the point of blame for an intrusion, resulting in a culture of fear with people afraid to report anything suspicious, especially if they have clicked on a link they shouldn’t have. If there is one thing we should have learned, it is that nobody is immune to social engineering. As a general rule, don’t blame people who honestly get things wrong. Listen and respond positively to reports of suspicious incidents and provide feedback. Peer pressure should eventually call out those who just won’t behave properly.
- How Corporate Cultures Differ Around the World - HBR's online assessment received over 12,800 responses from across the globe between December 2017 and May 2019. A few patterns emerged across the full sample of responses:
- Caring and results were the most salient culture attributes across respondents’ organizations, reflecting an orientation toward collaboration and achievement in the workplace.
- Authority and enjoyment ranked lowest overall, indicating that decisiveness and spontaneity were lower priorities.
- Differences by region:
- Organizations in Africa exhibited substantial flexibility. Many organizations in this region were characterized by learning and purpose, indicating an openness toward change through innovation, agility, and an appreciation for diversity.
- Many firms in Eastern Europe and the Middle East were characterized by a strong degree of stability. An emphasis on safety was prevalent in these regions, revealing the prioritization of preparedness and business continuity.
- Firms in Western Europe and in North and South America leaned toward a high level of independence.
- Firms in Asia, Australia and New Zealand were more likely to be characterized by interdependence and coordination.
- The Guy Who Invented Inbox Zero Says We're All Doing It Wrong - Merlin Mann explains how we all missed the point about inbox zero -- and what we should do instead.
- Stop treating inbox zero as a means to an end
- Be wary of the clean slate approach
- Enterprise-scale companies adopting Azure over AWS, Goldman Sachs finds - Goldman Sachs survey of 100 IT executives from global 2000 companies finds...
- In the public cloud more IT executives are using Microsoft Azure than Amazon Web Services, though AWS captures a larger portion of cloud spend
- Azure is the "most popular choice" for infrastructure as a service, slightly ahead of AWS
- Google Cloud saw a slight dip in respondents using its tools, though it is still higher than users' original expectations three years ago
- Forrester: Insider threats and employee rights strike tension - Forrester Analytics Global Business Technographics Workforce Benchmark, which included 7,388 respondents from eight countries, finds...
- Employers should balance the need to eliminate insider data threats with protecting employees' privacy
- In 2015, insiders caused 26% of the data breaches in the respondents' organizations, a statistic that rose to 48% in 2019.
- Employers can have a successful insider threat program by openly communicating the program and IT rules with employees, clearly defining the program's objectives, letting employees know their part in security and avoiding the prioritization of security over productivity