From Security Weekly Wiki
Revision as of 18:14, 22 February 2018 by Wheat Loaf (talk | contribs)
Jump to navigationJump to search

Business Security Weekly #73

Recorded February 2, 2018 at G-Unit Studios in Rhode Island!


  • Paul Asadoorian
    Embedded device security researcher, security podcaster, and CEO of Active Countermeasures .
  • Michael Santarcangelo
    Founder of Security Catalyst, author of Into the Breach, and creator of the Straight Talk Framework.
  • Announcements

    • InfoSec World is March 19-21st of 2018. It is at Lake Buena Vista, Florida. Security Weekly subscribers can save 15% off the InfoSec World 2018 Main Conference or World Pass with the code OS18-SW! You can catch talks from Adrian Sanabria, Diana Kelley and Ed Moyle, Jennifer Minella, Joseph Zacharias, Mark Arnold, Matias Madou, and Summer Fowler.
    • HackWest 1.0 “The Wild Bunch” is scheduled for March 21st through 23rd in lovely Salt Lake City. It includes training opportunities with Tim Tomes, FuzzyNop, and Jordan & Kent from Black Hills Information Security. You'll find a wireless hacking village, a voting machine hacking village, a mobile device hacking village. And keynotes from Dawn-Marie Hutchison and Eve Galparin. Go to to register and our audience gets a 25% discount with the code SWHW2018

    Interview: Dawn-Marie Hutchinson, Optiv

    is the executive director of Optiv offline.

    Dawn-Marie Hutchinson brings 15 years of enterprise information technology experience to her role as an as executive director, executive advisory at Optiv. She is an innovative business partner with extensive experience serving on Enterprise Risk Management teams. Hutchinson is an expert in providing data privacy and security solutions to manage information risk, improve IT governance and strengthen internal controls. Hutchinson’s extensive experience in information security and privacy program development has served the healthcare, insurance, retail and higher education sectors.

    Article Discussion on Leadership, Communication, and Innovation

    Special thanks Nigel for sharing his mind map of Never Split the Difference!

    Security concerns pushing IT to channel services - research

    • “60 percent of CIOs/CTOs and 49 percent of procurement say security is one of their top three biggest challenges. A third of CIOs/CTOs and a quarter of procurement rank it as number one.”
    • This is driving the push to “the cloud”
    • Also important: supply chain optimization, connected workforces, cloud and data center transformation, and digital innovation
    • How many of those are on your radar?

    The golden ticket to higher paying jobs: Hard skills plus social skills

    • Right technical skills + social skills = premium offers
    • Social skills means understanding other people and understanding where you fit in
    • You can always develop your social skills

    What Really Drives Sales Growth and Repeat Business?

    • “Content builds relationships, relationships build trust, and trust equals sales.”
    • This applies to our entire industry and community — especially if you are an enterprise team
    • What content are you creating (and is it any good)?
    • How are you building trust?
    • What, then, is the overall experience of working with you?

    Is the problem incompetence or lack of training?

    • Every industry, every organization claims a “talent gap” and then pretends it’s true (and unique)
    • I LOVE THIS PASSAGE: “(Let’s put it another way: If your company’s work requires only skills that people should already have, those skills aren’t unique and differentiated, and it’s unlikely your company is, either. If those people have the right skills, they probably have a job already, so why leave that for you?)”
    • What does your training and development program look like? Note: training and development are distinct roles
    • More than the specifics, what about your mindset? I always loved “What if we train them and they leave? With the reply, ‘What if you don’t, and they stay?”
    • More than the technical skills, this is the real challenge of security

    Best Practices Are Dead

    • The idea of a ‘best practice’ is to capture an effective approach to enable desired outcomes
    • Despite the claims, we’ve never had ‘best practices’ in Security (I prefer to call them standard practices, if I call them anything at all)
    • Technologies and standards are rapidly changing
    • Is the answer — Imagination + Experience = Innovation?
    • Start by asking more — and better — questions (and learning how to get the right answers)

    BONUS - this is horrible advice

    • The opening advice is solid… focusing on problems and solutions
    • Then they move to discredit …. Please don’t do this
    • Differentiate is a misunderstood approach to a proper Value Proposition
    • Instead, focus on a real value proposition - a promise to solve their problem in a way that adds value… in consideration of the impact
    • And skip the games…

    Startup & Security News You Need to Know

    APERIO Systems raised $4.5M in a Seed Round

    Proofpoint acquired Wombat Security for $225M

    J2 Global acquired VIPRE Security for Undisclosed

    LogMeIn acquired Jive Communications for “up to” $357M

    Owl raised $18M in a Seed round

    Follow us on Twitter Watch Security Weekly videos Listen to Security Weekly Security Weekly fan page Connect with Paul Google+