Business Security Weekly (Audio)

Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger.

So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode.

In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-371

In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more!

Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he’s seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today.

Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/

Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they’ve seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce.

Segment Resources: https://www.okta.com/oktane/

This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-370

Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well.

Segment Resources:

• LevelBlue Finds CISOs Challenged Most by Cybersecurity Tradeoffs, AI Implementation Pressures, and Reactive Budgets Compared to C-Suite Peers - Report Summary and Press Release
• Executive Accelerator: C-Suite Cyber Resilience Responsibilities Report

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-369

In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details.

In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-368

Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?

Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?

In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-367

The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.

Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:

• Blocking Untrusted Software,
• Ringfencing™ Applications, and
• Dynamically Controlling Network Traffic

This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-366

In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!

AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.

Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.

Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-365

Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:

• the use of Watsonx to generate their new KnightVision report
• how to use graphical node networks to model cybersecurity data
• the future of AI models to prioritize recommendations from all the data

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-364

Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start?

Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to:

• fundamentally shift you mindset and approach to acheiving operational excellence in cybersecurity
• prioritize IT and building security into everything you do
• prioritize proactive investment over funding emergencies
• leverage external expertise for success

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-363

Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022.

Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!

View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast

Show Notes: https://securityweekly.com/vault-bsw-13

How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.

This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.

On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-362

What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line?

After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research.

Segment Resources: LevelBlue.com/futuresreport

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.

Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.

This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!

Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser.

Segment Resources: Menlo homepage: https://resources.menlosecurity.com/videos/browser-security

Menlo research on three new nation state campaigns: https://www.menlosecurity.com/press-releases/menlo-security-exposes-three-new-nation-state-campaigns

Every browser should be a secure enterprise browser: https://www.menlosecurity.com/blog/every-browser-should-be-a-secure-enterprise-browser

Defending against zero-hour phishing attacks: https://www.menlosecurity.com/blog/state-of-browser-security-defending-browsers-against-ever-evolving-zero-hour-phishing-attacks

This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menlobh or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-361

This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies:

• Secureworks Corp
• Palo Alto Networks Inc
• Check Point Software Technologies Ltd.
• Rubrik Inc
• Gen Digital Inc
• Fortinet Inc
• Akamai Technologies, Inc.
• F5 Inc
• Zscaler Inc
• Onespan Inc
• Leidos Holdings Inc
• Qualys Inc
• Verint Systems Inc.
• Cyberark Software Ltd
• Tenable Holdings Inc
• Darktrace PLC
• SentinelOne Inc
• Cloudflare Inc
• Crowdstrike Holdings Inc
• NetScout Systems, Inc.
• Varonis Systems Inc
• Rapid7 Inc
• Fastly Inc
• Radware Ltd

• A10 Networks Inc

  In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-360

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 1, we discuss the challenges facing the CISO role and it's hiring. As CISOs leave the role, the position is not necessarily being refilled. How will this impact future CISO hiring?

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Job Search Strategies for CISOs. In part 2, Jason proposes we blow it all up, while Ben recommends a certification board for CISOs. We have no shortage of suggestions for how to fix the CISO hiring problem.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-359

Identity, the security threat that keeps on giving. For the 17th year in a row, identity is one of the top threats identified in the Verizon DBIR. Why?

Dor Fledel, Senior Director of Product Management at Okta and Co-Founder of Spera, joins Business Security Weekly to discuss the challenges of identity and how to solve them. From numerous disparate identity systems to a proliferation is SaaS application usage, Dor explains why Identity SecurityPosture Management is critical component to identify vulnerabilities, prioritize risks, and streamline remediation. If you're struggling with securing your identities, don't miss this interview.

Segment Resources: https://www.okta.com/products/identity-security-posture-management/ https://www.okta.com/secure-identity-commitment/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

The CISO role has been evolving for 20 years, but the last 2 years have accelerated that evolution. Some might say it's evolving into extinction. What are the factors driving this evolution?

Allan Alford, CEO at Alford and Adams Consulting and host of The Cyber Ranch Podcast, joins Business Security Weekly to discuss this evolution and some of the factors driving these trends. In this interview, Allan will share his insights:

• Migratory Trends of the CISO
• CISO Skill Sets: Technical or Business?
• The Language of the CISO

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-358

Back in April, we covered a story on episode #348 titled "CISO-CEO communication gaps continue to undermine cybersecurity". In that article, Sumedh Thakar, the CEO at Qualys, stated "CISOs must translate technical risks into business impact for CEOs." But he didn't say how. So, we invited him on the show to explain. In this episode, Sumedh walks us through real life interactions with his CISO and Board and explains why security needs to be communicated in business terms.

Security is a risk management discipline. No one understand that more than Jeff Recor. Jeff has built risk management practices for Deloitte, Grant Thornton, and Accenture and has recently formed his own risk consulting practice. In this unscripted interview, Jeff will share his insights on the evolution of security as a risk management discipline, what CEOs and Boards really need, and how CISOs can be successful as a business leader.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-357

Cyber insurance underwriting is all over the map. With such a variation in application requirements, how should small and medium businesses prepare to receive the best policy for the price? Brian Fritton joins Business Security Weekly to discuss a systematic approach to preparing for cyber insurance. By working with the underwriters, this approach provides implementation guidance on the controls required to maximize your coverage, including premium discounts, higher ransomware supplements, and a reduction is deductibles. If you're struggling with cyber insurance, don't miss this interview.

In the leadership and communications section, The Board’s understanding of cybersecurity, What does your CEO need to know about cybersecurity?, As CISOs grapple with the C-suite, job satisfaction takes a hit, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-356

On average, CISOs manage 50-75 security products. Many of these products have either not been deployed or only partially deployed, while others overlap of products. How do CISOs effectively consolidate their products to a manageable size?

Max Shier, Chief Information Security Officer at Optiv Security, joins Business Security Weekly to discuss technology rationalization within cybersecurity. Max will discuss how to inventory your security products, identify overlap, and pick the right products for your organization.

In the leadership and communications section, Bringing the boardroom to the cyber battlefield, Navigating the CISO Role: Common Pitfalls for New Leaders, Ask Better Questions to be a Better Leader, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-355

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on October 11, 2022.

As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.

Show Notes: https://securityweekly.com/vault-bsw-12

With 71% of web traffic coming from API calls last year and the average organization maintaining 613 API endpoints, a robust strategy is needed to protect APIs against automated threats and business logic attacks. Tune in as Luke Babarinde, Global Solution Architect, shares the key steps to building a successful API security strategy.

This segment is sponsored by Imperva. Visit https://www.securityweekly.com/imperva to learn more about them!

In the age of AI, driving a business forward requires balancing three very significant considerations: growth through innovation, productivity through operational efficiency, and trust through security. To better understand how AI impacts the intersection of security, innovation, and operational efficiency, Okta commissioned an AlphaSights survey of 125 executives across three regions, targeting the decision-makers typically tasked with helming those efforts at companies:

• CSOs/CISOs for their focus on security
• CTOs for their focus on innovation
• CIOs for their focus on operational efficiency

Bhawna Singh, Chief Technology Officer at Okta, is here to discuss the results.

Segment Resources: 

www.okta.com/resources/whitepaper-ai-at-work-report/

www.okta.com/blog/2024/06/ai-at-work-2024-a-view-from-the-c-suite/

This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-354

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on August 9, 2022.

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.

Show Notes: https://securityweekly.com/vault-bsw-11

Did you miss Gartner Security & Risk Management last week in National Harbor, MD? Don't worry, Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins us to discuss the hot topics that were presented at the conference last week, including:

• Artificial Intelligence(AI)
• Continuous Threat Exposure Management(CTEM)
• Identity & Access Management (IAM)
• Cyber Risk

Padraic will also discuss the changing role of the CISO, at least in the eyes of Gartner. Don't miss this recap.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

The recent rise in adversarial AI has made it clear: organizations must fight AI with better AI. Gone are the days of relying on legacy, antiquated endpoint detection and response offerings, or cybersecurity tools that are based on ineffective machine learning models. In this interview, Deep Instinct CIO Carl Froggett will explain why Deep Learning is the most superior form of AI, and the technology’s role in powering predictive prevention.

This segment is sponsored by Deep Instinct. Visit https://securityweekly.com/deepinstinctrsac to learn more about them!

Attackers are targeting enterprise users when they are online via attacks like spear phishing, malicious docs infected with malware/ransomware.

Today SASE/SSE’s Secure Web Gateway (SWG) component is touted as the solution to this problem. These SWGs look at traffic between the enterprise users and websites and try to infer attacks.

Unfortunately, attackers are subverting these SWGs and breaking into enterprises. There is an urgent need to stop this and the solution seems to be to have a browser native security agent which can detect-mitigate attacks happening on the users browser and allow enterprises to threat hunt web attacks company wide.

Segment Resources: Why Browser Native Solutions are better than Cloud Based Proxies: https://drive.google.com/file/d/1cItXj1KEm45ZNklASFmcvprbPqZChcMn/view?usp=sharing

Data Sheet: https://drive.google.com/file/d/1tv3q2iTFROJPceq2b9SJtzkdHD9J6mvC/view?usp=sharing

Blog on the Many Failures of Secure Web Gateways: https://labs.sqrx.com/the-unspoken-challenges-of-secure-web-gateways-c516bc287a6d

Latest Press Release: Forbes: Critical Security Flaws Found In Email Top 4—Apple, Gmail, Outlook & Yahoo: https://www.forbes.com/sites/daveywinder/2024/04/04/critical-security-flaw-in-apple-icloud-google-gmail-microsoft-outlook-yahoo-mail-aol-mail-email/

This segment is sponsored by Square X. Visit https://securityweekly.com/squarexrsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-353

Since the 1995 publication of Daniel Goleman’s international bestseller Emotional Intelligence, Why It Can Matter More Than IQ, a global movement has developed to bring “EQ” into practice in businesses, schools, and communities around the globe. But what is its impact on Cybersecurity?

In this interview, we welcome Jessica Hoffman, Deputy CISO for the City of Philadelphia, to discuss how Emotional Intelligence can be applied by CyberSecurity leadership to create a better culture and better leaders. Jessica will discuss the five skills that encompass Emotional Intelligence, including:

• Self Awareness
• Self Regulation
• Motivation
• Empathy
• Social Skills

and examples of how to use them. If you want to be a better cyber leader, then don't miss this episode.

Semperis CISO Jim Doggett shares insights into the evolving role of the CISO. The daily onslaught of cyberattacks not only increases business risk, but also puts a company’s most important data at risk – data on the company, its employees, customers, and partners. Now, more than ever, the CISO is being asked to understand the business of cyber without being given much time to implement plans for protecting an organization’s infrastructure. There is a balance needed between being a technical and business leader, and Jim can share stories from his successful career to enlighten listeners.

Segment Resources:

Read: https://www.semperis.com/blog/5-itdr-steps-for-cisos/

Watch: https://www.semperis.com/resources/the-key-to-cyber-resilience-identity-system-defense/

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperisrsac to learn more about them!

With new industry regulations, like the SEC’s Cybersecurity Disclosure Rules, there is an increasing demand on CISOs and security leaders to be able to quantify, communicate, and demonstrate how their cybersecurity programs and strategies are impacting the business. In this interview, Sivan Tehila, CEO and Founder of Onyxia Cyber, will discuss new advances in Cybersecurity Management and how CISOs and security leaders can harness the power of data intelligence, automation, and AI to proactively improve risk management, ensure organizational compliance, and align their security initiatives with business goals.

Segment Resources: https://rsac.vporoom.com/2024-04-30-Onyxia-Introduces-AI-to-Cybersecurity-Management-Platform-to-Power-Predictive-Security-Program-Management

https://www.forbes.com/sites/forbestechcouncil/2023/06/21/three-ways-to-best-communicate-the-value-of-your-security-program-to-business-stakeholders/?sh=18f0f6892e6f

This segment is sponsored by Onyxia. Visit https://securityweekly.com/onyxiarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-352

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on June 27, 2022.

Forgepoint Capital’s Co-Founder and Managing Director, Alberto Yépez, explains what the current economic challenges mean for innovation and the future of the cybersecurity market. Hear his perspective on what security investments, as well as mergers and acquisitions, will look like throughout the next 12-18 months, and how responsible companies are staying the course amidst layoffs and budget cuts in order to turn uncertainty into a strategic path forward.

Segment Resources:

• Forgepoint’s new CISO security priorities model: https://forgepointcap.com/news/forgepoint-capital-builds-first-ever-ciso-security-priorities-model/

• Recent exits that Forgepoint supported: - Forescout acquires Cysiv on June 6, 2022(release: https://www.cysiv.com/news/forescout-announces-intent-to-acquire-cysiv and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-partha-panda-ceo-of-cysiv/)

• SentinelOne acquires Attivo Networks on May 4, 2022 (release: https://www.sentinelone.com/press/sentinelone-completes-acquisition-of-attivo-networks/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/attivo-networks-why-we-invested/)

• LexisNexis Risk Solutions Acquires BehavioSec on May 3, 2022 (release: https://risk.lexisnexis.com/about-us/press-room/press-release/20220503-behaviosec and Forgepoint’s blog: https://forgepointcap.com/news/executive-spotlight-an-interview-with-neil-costigan-of-behaviosec/ )

• Cloudflare acquires Area 1 Security on April 1, 2022 (release: https://www.cloudflare.com/press-releases/2022/cloudflare-completes-acquisition-of-area-1-security/ and Forgepoint’s “why we invested” blog: https://forgepointcap.com/news/area-1-security-why-we-invested/ )

Show Notes: https://securityweekly.com/vault-bsw-9

Explore how to transform your third party risk program from a business bottleneck to a business driver. Discover how evidence-based security documentation and AI can streamline risk assessments, completing them in days not months. This data-driven approach will reduce TPRM backlog and allow your security team to move faster, identify risk proactively, and become a business driver for your organization.

This segment is sponsored by VISO TRUST. Visit https://www.securityweekly.com/visotrustrsac to learn more about them!

While client-side resources enable web applications to provide a rich user experience, security teams struggle to gain visibility, insight, and enforcement over them. In this interview, Lynn Marks discusses the latest client-side attack trends observed by Imperva and the pivotal role of client-side protection within PCI DSS 4.0.

This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!

Show Notes: https://securityweekly.com/vault-bsw-10

This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Rubrick's IPO saves the index, as Cisco finishes the acquisition of Splunk. The index is now made up of the following 25 pure play cybersecurity public companies:

Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

In this segment, Theresa will unpack the complexities of cyber resilience, and dive into new research that examines dynamic computing. She’ll discuss how it merges IT and business operations, taps into data-driven decision-making, and redefines computing for the modern era.

This segment is sponsored by LevelBlue. Visit https://www.Securityweekly.com/levelbluersac to learn more about them!

In this segment, Jim can discuss how organizations can enhance their cybersecurity posture with Blumira’s automated threat monitoring, detection and response solutions. Jim can talk about the exciting plans Blumira has in store for the next 3 years, emphasizing how the company is lowering the barrier to entry in cybersecurity for SMBs.

Segment Resources:

https://www.blumira.com/customer-stories/

https://www.blumira.com/why-blumira/

This segment is sponsored by Blumira. Visit https://securityweekly.com/blumirarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-351

In today's enterprises, the Identity Access Management (IAM) System is the key to a business' critical operations. But that IAM environment is more vulnerable than most security executives realize.

Segment Resources: https://www.mightyid.com/articles/the-r-in-itdr-the-missing-piece-in-identity-threat-detection-and-response

https://www.mightyid.com/download-am-i-covered

https://www.mightyid.com/articles/business-continuity-and-cyber-security-the-crucial-role-of-identity-resilience

https://www.mightyid.com/articles/vegas-under-cyber-attack-what-went-wrong

This segment is sponsored by MightyID. Visit https://securityweekly.com/mightyid to learn more about them!

AI is more than just a buzzword. Done right, AI can improve decision making and scale your identity security platform to manage every identity, human and machine, physical and digital. Learn about how Saviynt’s #1 Identity Security platform is leveraging a variety of AI capabilities to enhance the user experience and improve identity security and compliance, bringing AI to life in a practical, market leading way to drive value for our customers.

Segment Resources: https://saviynt.com/blog/analytics-ai-automation-and-abstraction-pioneering-the-next-chapter-in-identity-security/

This segment is sponsored by Saviynt. Visit https://www.securityweekly.com/saviyntrsac to learn more about them!

The common misperception that identity infrastructure and IAMs like Active Directory, Okta, or Ping can adequately secure the entire identity infrastructure is to blame for the continued barrage of cyber and ransomware attacks. Yes, each of these vendors has security controls baked into their solution, however they cannot extend those controls outside their environments to provide visibility, context, and protection beyond their walls. Hackers use the gaps between these tools to move throughout a company and evade detection. We don't expect Dell or Lenovo to protect our entire suite of endpoints. Nor do expect a single cloud provider to protect all your clouds; we rely on Wiz for that. Identity infrastructure remains the most unprotected part of the technology stack and needs dedicated protection, as organizations already apply for cloud, endpoints, or networks. Watch this conversation with Hed Kovetz as he takes us through why identity security remains the most unprotected part of the security stack, and what needs to change to advance the state of cybersecurity.

Segment Resources: https://www.silverfort.com/the-identity-underground-report/

https://www.forbes.com/sites/forbestechcouncil/2023/11/16/rethinking-the-framework-around-identity-security/

 https://techcrunch.com/2024/01/23/silverfort-now-valued-at-1b-after-raising-116m-for-its-holistic-approach-to-identity-security/

This segment is sponsored by Silverfort. Visit https://securityweekly.com/silverfortrsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-350

Inspired by my co-host Jason Albuquerque, this quarter's Say Easy, Do Hard segment is Train How You Fight. In part 1, we discuss the importance of training for a cyber incident. However, lots of organizations do not take it seriously, causing mistakes during an actual cyber incident. How will the lack of preparation impact your organization during an incident?

Inspired by my co-host Jason Albuquerque, we dig into the hard part of our Say Easy, Do Hard segment. In part 2, we discuss how to train for a cyber instance. We'll cover the elements of a training program that will prepare you for responding to a cyber incident, including:

• Developing the training program
• Practice, practice, practice
• Imposing corrective actions
• Constantly evaluating/reviewing the success of the training program

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-349

A hybrid workforce requires hybrid identity protection. But what are the threats facing a hybrid workforce? As identity becomes the new perimeter, we need to understand the attacks that can allow attackers access to our applications. Eric Woodruff, Product Technical Specialist at Semperis, joins Business Security Weekly to discuss those attacks, including a new attack technique, dubbed Silver SAML. Join this segment to learn how to protect your hybrid workforce.

Segment Resources: https://www.semperis.com/blog/meet-silver-saml/&utmsource=cra&utmcampaign=bsw-podcast

This segment is sponsored by Semperis. Visit https://securityweekly.com/semperis to learn more about them!

In the leadership and communications section, The Board's Pivotal Role in Steering Cybersecurity, CISO-CEO communication gaps continue to undermine cybersecurity, The Essence of Integrity in Leadership: A Pillar of Trust and Excellence, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-348

Since 2016, we been hearing about the impending impact of CMMC. But so far, it's only been words. That looks to be changing. Edward Tourinsky, Founder & Managing Principal at DTS, joins Business Security Weekly to discuss the coming impact of CMMC v3. Edward will cover:

• The background of CMMC
• Standardization of CMMC
• CMMC v3 changes and implementation timelines
• Best practices to prepare

Segment Resources: https://www.federalregister.gov/documents/2023/12/26/2023-27280/cybersecurity-maturity-model-certification-cmmc-program

https://www.forbes.com/sites/forbesbusinesscouncil/2024/02/13/the-department-of-defenses-cmmc-requirement-and-what-it-means-for-american-businesses/?sh=7ccbc268b7b5

https://consultdts.com/demystifying-the-cmmc-rule-a-breakdown-of-proposed-regulation/

The new SEC Cyber Security Rules require organizations to be ready to report cyber incidents. But what do you actually need to do? Mike Lyborg, Chief Information Security Officer at Swimlane, joins Business Security Weekly to discuss how to prepare. In this interview he'll discuss the key element of your preparation, including:

• Quantification
• Materiality
• Evidence
• Disclosure

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-347

Startup founders dream of success, but it's much harder than it looks. As a former founder, I know the challenges of cultivating an idea, establishing product market fit, growing revenue, and finding the right exit. Trust me, it doesn't always end well.

In this interview, we welcome Seth Spergel, Managing Partner at Merlin Ventures, to discuss how to accelerate that journey to lead to a successful outcome. Seth will share Merlin Venture's approach to helping startups tackle the largest markets in the world, including US enterprises and federal. He will also share what success looks like.

Segment Resources:

 https://merlin.vc/advice-for-young-startups-eyeing-federal-what-kind-of-tech-does-the-u-s-government-need/

 https://merlin.vc/we-have-liftoff/

https://merlin.vc/portfolio/

 https://merlin.vc/dig-security-talon-cyber-security-acquired-by-palo-alto-networks/

https://innovationisrael.org.il/en/digital-reports/

In the leadership and communications section, Navigating Legal Challenges of Generative AI for the Board, Winds of Warning? SEC Charges Threaten to Disrupt Role of CISO, 6 Common Leadership Styles — and How to Decide Which to Use When, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-346

In this discussion, we focus on vendor/tool challenges in infosec, from a security leader's perspective. To quote our guest, Ross, "running a security program is often confused with shopping". You can't buy an effective security program any more than you can buy respect, or a black belt in kung fu (there might be holes in these examples, but you hopefully get the point). In fact, buying too much can often create more problems than it solves, especially if you're struggling to fill your staffing needs.

In this 2-part episode, we'll discuss:

- The current state of vendor offerings in cybersecurity - The difficulties of measuring value and efficacy in a product - How to avoid building a security program that centers around managing products - Shelfware - Minimizing product overhead - The pros and cons of buying from different types of companies - Who to look to for product recommendations - Is making a plan to "ditch before you hitch" a good or bad idea? - What to do when you inherit a mess

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-345

Harold Rivas has held multiple CISO roles. In his current CISO role, he's championing Trellix's overall mission to address the issues CISOs face every day, encouraging information sharing and collaborative discussions among the CISO community to help address challenges and solve real problems together - part of this is through Trellix's Mind of the CISO Initiative and the Trellix CISO Council. In this interview, we do a little CISO soul-searching. Harold will bring insights from the initiative to cover some of the top challenges CISOs face in this ever-evolving role, including:

• Earning a seat at the table
• Talking the language of business
• Addressing the risks and opportunities of business evolution
• Reading the tea leaves of the future

and more! If you're a CISO or want to be a CISO, don't miss this episode.

Segment Resources: https://www.trellix.com/blogs/perspectives/introducing-trellixs-mind-of-the-ciso-initiative/ https://www.trellix.com/solutions/mind-of-the-ciso-report/ https://www.trellix.com/solutions/mind-of-the-ciso-behind-the-breach/

In the leadership and communications section, The Strategic Implications of Cybersecurity: A C-Level Perspective, Leadership Misconceptions That Hinder Your Success , "Mastering Communication: Lessons from Two Years of Learning", and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-344

With hundreds or thousands of SaaS apps to secure with no traditional perimeter, Identity becomes the focal point for SaaS Security in the modern enterprise. Yet with Shadow IT, now recast as Business-Led IT, quickly becoming normal practice, it’s more complicated than trying to centralize all identities with an Identity Provider (IdP) for Single Sign-On (SSO). So the question becomes, “How do you enable the business while still providing security oversight and governance?”

This segment is sponsored by Savvy. Visit https://securityweekly.com/savvy to learn more about them!

In the leadership and communications section, The CISO Role Is Changing. Can CISOs Themselves Keep Up? , Why do 60% of SEC Cybersecurity Filings Omit CSO, CISO Info?, How Co-Leaders Succeed, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-343

Dave DeWalt needs no introduction. A four-time CEO and currently the Founder and CEO of NightDragon, Dave collects, analyses, and disseminates more intelligence on the cybersecurity industry in a year than most of us ever will in a lifetime. We've invited Dave to Business Security Weekly to share some of that intelligence with our audience. Specifically, we'll hear about:

• The evolving threat landscape, including impacts of Artificial Intelligence
• The latest cybersecurity innovation, including what's working and what's NOT working
• The impact of budgets on buying decisions, including whether "best of breed" is dead in lieu of platforms

Tune in for this insightful discussion before you make your next strategic cybersecurity decisions.

Piggybacking off of our interview with Dave DeWalt, Tom Parker from Hubble joins Business Security Weekly to discuss a few of the key trends CISOs should be paying attention to. Yes, we'll cover Artificial Intelligence, but more from a business risk and governance perspective. We'll also cover quantum computing, technical debt, and how budgets will impact how organizations can or cannot prepare for these emerging trends. Buckle up and hang on for part two of our jam packed episode.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-342

When you think of executive protection, you think of work related activities such as security details, travel planning, and other physical security protections. But in the world of Artificial Intelligence and DeepFakes, the risk landscape for executives goes far beyond work and into their personal lives. The home is now the new battle field and family life will never be the same.

Chris Pierson, CEO at BlackCloak, joins Business Security Weekly to discuss the changes in the risk landscape for executives, including Generative AI, and its impacts on social engineering, personal attacks, and family threats. Executive protection must now include digital protection, both at work and at home.

This segment is sponsored by BlackCloak. Visit https://securityweekly.com/blackcloak to learn more about them!

In the leadership and communications section, Cybersecurity in the C-Suite: A CISO’s Guide to Engaging the Board, The CISO's Guide to AI: Embracing Innovation While Mitigating Risk, Cyber Insurance Strategy Requires CISO-CFO Collaboration, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-341

The SEC's new cyber reporting requirements are forcing organizations to rethink their compliance and risk programs. No longer can compliance and risk be static, point in time assessments. Instead they need to match the speed of security which is dynamic and real-time. Couple the difference in speeds with whistleblowers and attack groups reporting non-compliance with the new SEC rules and organizations find themselves in a regulatory nightmare.

Igor Volovich, VP of Compliance Strategy for Cyber Compliance at Qmulos, joins BSW to share his "Notes from the battlefield" on how automation is the only way to effectively converge security, risk, and compliance into a dynamic, real-time discipline.

In the leadership and communications section, Effective cyber security starts at the top, CISOs Struggling to Balance Regulation and Security Demands With Rising Cybersecurity Pressures, Unlocking Leadership Excellence: Data-Driven Practices That Set Elite Leaders Apart, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-340

Released on January 26, 2023, the NIST AI RMF Framework was developed through a consensus-driven, open, transparent, and collaborative process that included a Request for Information, several draft versions for public comments, multiple workshops, and other opportunities to provide input. It is intended to build on, align with, and support AI risk management efforts by others.

Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins BSW to discuss why AI risks are a unique challenge and how they can impact both organizations and society. Without proper controls, AI systems can amplify, perpetuate, or exacerbate inequitable or undesirable outcomes for individuals and communities. With proper controls, AI systems can mitigate and manage inequitable outcomes.

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

Panoptica, Cisco’s cloud application security solution, was born out of Outshift, Cisco's incubation engine. Shibu George, Engineering Product Manager at Outshift, joins Business Security Weekly to discuss his transition from application performance monitoring to application security and how Panoptica was born.

This segment is sponsored by Panoptica. Visit https://securityweekly.com/panoptica to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-339

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on February 22, 2022.

The Business Information Security Officer, or BISO, is relatively new and somewhat controversial role. Does this role act as the CISO's non-technical liaison to the business units or as the CISO's deputy to oversee strategy implementation at a granular level? Is this new role a necessary career path for future CISOs or an entry point into security? The BSW hosts debate!

Show Notes: https://securityweekly.com/vault-bsw-8

In the leadership and communications section, SEC’s Enforcement Head: It’s Time for ‘Proactive Compliance’, Improving cybersecurity culture: A priority in the year of the CISO, Breaking Down Barriers: 6 Simple Measures to Overcome Communication Barriers, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-338

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index came roaring back last quarter. Here are the stocks currently in the index:

SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. SPLK Splunk Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc DARK Darktrace PLC S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

Large security vendors and hyperscalers, including Microsoft, continue to expand their cybersecurity product and service portfolios. Microsoft’s extensive enterprise reach, massive partner network, and enormous influence in the C-suite puts pressure on CIOs and CISOs to consolidate on it as much as possible for cybersecurity. This report helps security leaders understand Microsoft’s cybersecurity portfolio, the tactics it uses, and how to manage peer and executive pressure to single-source security technology.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-337

How do you prepare for a cyber incident? You train as you fight, but in what environment? William "Hutch" Hutchinson, CEO and co-founder of SimSpace, joins BSW to share cyber best practices and why testing in your operational environment not a good idea. Learn what it takes to be Cyber Ready.

In the leadership and communications section, A tougher balancing act in 2024, the year of the CISO, CISOs Struggle for C-Suite Status Even as Expectations Skyrocket, Want to Be a Better Leader? Stop Thinking About Work After Hours, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-336

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals?

In part 2, we get our hands dirty by addressing CISO hiring from the individual CISO. What should you look for in a CISO role? What questions should you be asking during the interview process? What are the non-negotiable items that must be part of the offer?

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-335

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of hiring a CISO. How will the new SEC regulations impact the role for both organizations and individuals?

In part 1, we discuss the challenges of hiring a CISO from the organization's perspective. Do I need a CISO? What are the responsibilities of a CISO? Who should the CISO report to?

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-334

Research shows that 26% of US workers currently work remotely, and there are expected to be 32.3 million American employees working remotely by 2025. To support these workers, organizations are adopting cloud solutions and migrating data to these cloud solutions. However, many businesses lack visibility into who has access to what data and when, especially in these cloud solutions. How should organizations reconcile the disconnect between data access and data security?

Mike Scott, CISO at Immuta, joins Business Security Weekly to discuss best practices for moving sensitive data into the cloud, including data access and data security. If you're moving data into the cloud, listen in to learn how best to protect that data.

In the leadership and communications section, Advice to Aspiring CISOs, New risk management framework helps with SEC mandate compliance, A Simple Hack to Help You Communicate More Effectively, and more!

Show Notes: https://securityweekly.com/bsw-333

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Robert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/vault-bsw-7

Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/vault-bsw-6

Cyber has been an historically hermetic practice. A dark art. Full of mysteries and presided over by magicians both good and bad. This is a bit of an exaggeration, yet there is some truth to it. Many in our industry knew that the SEC was evaluating the role that cyber risk management and incident disclosure plays in the pricing mechanism for an equity. Many of the participants in GRC, IRM, and Cyber Risk anticipated this before the SEC had even proposed such rules. Boards, C-Suites, and Information security teams within publicly traded companies brought it up occasionally in the year preceding its adoption. Lawyers on K Street actively advocated in the press against enacting such rules, and there is still a hearty back and forth concerning the merits of SEC involvement in cyber risk. But more transparency is a very welcome development. For investors, it’s essential.

Industry veterans say that this development hearkens back to Sarbanes Oxley, which had very big implications for Governance, Risk, and Compliance. This is likely cyber risk’s SOX moment, and the drop date is December 15th of this year on all 10-K filings. The SEC will not look kindly upon boilerplate disclosures, particularly if a cyber attack with significant losses occurs. So where do you start?

This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

In the leadership and communications section, Building an Effective Information Security Strategy, What Makes a Company Great at Producing Leaders?, 80 Fun Meeting Icebreakers Your Team Will Love, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-332

Materiality, Disclosure, and Evidence...  New terms for cybersecurity professionals to understand under the new SEC Regulations for Cybersecurity.  And the Solarwinds indictment is just the beginning.

Join the BSW crew as they tackle each of these new terms in preparation for SEC enforcement which starts this week.

In the leadership and communications section, Steve Katz, World's First CISO, Dies in Hospice Care, Top CISO Communities to Join in 2024, Workplace Culture 101: How to Create Positivity at Work, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-331

Theresa Lanowitz joins Business Security Weekly to review real edge computing use cases from the AT&T Cybersecurity Insights Report. Specifically, we'll cover the following industry sector reports, including:

• Healthcare
• Manufacturing
• Retail
• US SLED
• Transportation

Research for the AT&T Cybersecurity Insights Report was conducted during July and August 2022. AT&T surveyed 1,418 security practitioners from the United States, Canada, the United Kingdom, France, Germany, Ireland, Mexico, Brazil, Argentina, Australia, India, Singapore, and South Korea. Respondents come from organizations with 1,000+ employees except for US SLED and energy and utilities verticals. Respondents were limited to those whose organizations have implemented edge use cases that use newer technologies such as 5G, robotics, virtual reality, and/or IoT devices. Respondents are involved in decision-making for edge use cases, including cybersecurity, that involves new technologies such as 5G and IoT devices.

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

In the leadership and communications section, A Letter from the CISO to the CEO, The High Cost Of Ignoring Cybersecurity: Why Your Business Needs Protection, The Art of Speaking Cadence: Unleashing a Powerful Leadership Tool, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-330

Most leadership books suffer from one of two critical failures (and sometimes both). The book might be a hagiography: telling you the biography of some amazing leaders, pretending there is one secret trick that will let you emulate that leader. Or the lesson of book should have been written as a tweet: in 280 characters you could have learned one lesson, but instead you have to fight through 300 pages of obfuscation to decipher the lesson.

1% Leadership is the antidote to these approaches. There is no secret. Instead, 1% Leadership provides 54 distinct lessons on leadership, that apply to individuals, teams, and organizations. Each lesson is presented in a self-contained chapter, averaging under 800 words. The lessons are summarized in a tweet-length pithy summary, which is also the chapter title. The table of contents thus serves as a quick reference guide for leaders.

Segment Resources: csoandy.com/book/

In the leadership and communications section, Clorox Scapegoats Cyber Chief, Rewards Board After Crisis, The SEC To CISOs: Welcome To The Big Leagues, SolarWinds: SEC lacks 'competence' to regulate cybersecurity, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly 

We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge.

Segment Resources:

Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/vault-bsw-5

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?

In part 1, we discuss the challenges of cyber risk management and quantification. Do risk scores really work? What do CEOs and Boards really need to understand cyber risks?

Inspired by my co-host, Jason Albuquerque, we get our hands dirty and discuss the challenges of cyber risk management. Why is cyber risk management so elusive and what can we do to solve it?

In part 2, we get our hands dirty by walking through ways to quantify cyber risks in business terms. What risks are truly worth mitigating vs. accepting or transferring? And if we do mitigate them, how do we track progress and impact?

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-328

It's time to review the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. We also update you on the Security Weekly 25 index. The index is rebounding, but there's a long way to go to get back to the top.

In the leadership and communications segment, SolarWinds Is A Game Changer - You Cannot Sugarcoat Cybersecurity, Rethinking CISO Accountability: A Call for Balance in Cybersecurity Leadership, How to improve communication in the workplace: Strategies for enhanced productivity, and more.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-327

As the workforce increasingly relies on the cloud, the browser has become a critical aspect of enterprise security. Employees now use browsers to access data and applications from various devices and locations, making browsers the primary target for cyber attackers.

Enterprise browsers are specifically designed to address the security challenges of the modern and complex workforce. According to Gartner, "By 2030, enterprise browsers will be the core platform for delivering workforce productivity and security software on managed and unmanaged devices, ensuring a seamless hybrid work experience." Tune in to a discussion with Chrome Enterprise's Robert Shield, where he discusses the importance of an enterprise browser for modern businesses and shares insights on how to improve browser security.

Segment Resources: 1. Here’s how you can get started with Chrome Enterprise for free: https://chromeenterprise.google/browser/security/?utmsource=cra&utmmedium=podcast&utmcampaign=2023-H2-chromebrowser-brand-ispcon&utmterm=isp-chrome-browser-download&utm_content=GCEC&brand=GCEC 2. Chrome Enterprise Landing Page: https://chromeenterprise.google/browser/security 3. Complimentary Gartner report (Gartner® Emerging Tech: Security – The Future of Enterprise Browsers Report): https://chromeenterprise.google/gartner-report-enterprise-browsers/

This segment is sponsored by Google Chrome Enterprise.

Visit https://securityweekly.com/chromeenterprise to learn more about them!

In the leadership and communications section, Proactive Boards Enable More Reliable Cyber Governance, CISO Best Practices for Managing Cyber Risk, The Evolution of Work: How Can Companies Prepare for What’s to Come?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-326

As the CISO role continues to transform from a technician to a risk manager, how do you secure emerging technologies, such as edge computing? By aligning to business objectives. In this segment, Theresa Lanowitz from AT&T Cybersecurity and Scott Stout From Cisco help us break down the challenges of the CISO and how to align security requirements to business outcomes to solve the emerging edge computing use cases. During the interview, we will tackle the Hospital at Home and Manufacturing edge computing uses cases. Tune in for this collaborative session from two of the leading cybersecurity giants.

This segment is sponsored by AT&T Cybersecurity.

Visit https://securityweekly.com/attcybersecurity to learn more about them!

In the leadership and communications section, Cybersecurity should be a business priority for CEOs, What CISOs Should Exclude From SEC Cybersecurity Filings, Effective Communication: The Key to Workplace Success, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-325

Do we sound like a broken record? Leadership, communication, and risk management skills are key traits of the Chief Information Security Officer. But don't just take our word for it, Jason Loomis, CISO at Freshworks, joins Business Security Weekly to discuss why companies should be hiring CISOs for their leadership talent, not their technical talent.

Segment Resources: Switch

Five Dysfunctions of a Team

Drive

Extreme Ownership

Simon Sinek

In the leadership and communications section, Is Your Board Cyber-Ready?, Chief security officers' salary growth slowing, The Secret to Making Difficult Decisions, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-324

CEOs and boards struggle with their digital transformation process. Does their operations hinder or align with business initiatives? Has their security operations scaled to meet the data and digital demands to protect against business risk? In today’s episode, we’re talking to Chris Morales, CISO at Netenrich, who’ll provide compelling insights towards security transformation. Security organizations all face similar security challenges of too much data, siloed teams, underperforming legacy tools, and time-consuming and laborious threat investigation work. We’ll discuss the approach enterprises need to consider in advancing their security maturity. It’s one that’s data-driven, adaptive, and predictive.

In the leadership and communications section, The Data Your Board Actually Wants to Hear About When Valuing Cybersecurity Investments, Cybersecurity is a CFO issue, Must-know insights when navigating the CISO career path, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-323

As we move more infrastructure into the cloud, the traditional concepts of risk start to change. It's no longer just about networks and servers, but also needs to address identities and not just human identities. Cloud infrastructure introduces additional identity types that need to be addressed as part of your risk management program. Eric Kedrosky, CISO at Sonrai Security, joins us to discuss how to think differently about risk in the cloud.

In the leadership and communications section, The CISO Carousel and its Effect on Enterprise Cybersecurity, CISOs are struggling to get cybersecurity budgets, Respectfully, I Disagree, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-322

In this episode, we interview Jake Wilson, Western Governor University's Security Awareness Evangelist. We'll learn about how he built up and matured WGU's security awareness program, eliminating blind spots, and improving efficacy through data analysis and better reporting.

This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

This week in the leadership and communications section: building a feedback-driven culture, letting go of the reins, 25 hard-hitting lessons from 17 years in cybersecurity, and more!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-321

Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting.

Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware

This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them!

In the leadership and communications section, Board Members Struggling to Understand Cyber Risks, Cybersecurity Goals Conflict With Business Aims, Navigating Change: The Essence of Agile Leadership, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-320

Managing identities continues to add complexity for granting access to enterprise resources. Between the increasing number and expanding types of identities, including carbon-based, silicon-based, and artificial identities, and the evolution of cloud computing and remote work, managing the perimeter is now an identity problem. What risks do each of these identity types pose and how do you mitigate them? Jeff Reich, Executive Director at Identity Defined Security Alliance (IDSA), joins us to discuss the challenges of digital identities, how to discover risk with digital identities, and how best to mitigate those risks.

Segment Resources:

IDSA's 2023 Trends in Security Digital Identities: https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/

Securing Your Remote Workforce Through Identity-Centric Security: https://www.idsalliance.org/white-paper/securing-your-remote-workforce-through-identity-centric-security/

In the leadership and communications section, The importance of CISOs is not recognised by senior leadership, The secret habits of top-performing CISOs, Get *Free* copies of two of our favorite leadership books, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-319 

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on March 15, 2021. In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/vault-bsw-4 

The metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators. Metawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse. What if we can longer rely on our senses to determine what is real and what is fiction? Winn's research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering Winn's own Metanoia, which had a profound impact on the entire Metawar Thesis. Winn joins Business Security Weekly to share his Metanoia. In the leadership and communications section, A CISO's Actionable Strategy for Success, Security basics aren’t so basic — they’re hard, Building a Culture Where Employees Feel Free to Speak Up, and more! 

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-318 

The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc

Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations must move away from using legacy point products and instead migrate to a fully integrated zero trust platform that minimizes their attack surface, prevents compromise, reduces the blast radius in the event of a successful attack, and prevents data exfiltration.

Segment Resources: https://www.zscaler.com/press/zscaler-2023-ransomware-report-shows-nearly-40-increase-global-ransomware-attacks

https://www.zscaler.com/blogs/security-research/2023-phishing-report-reveals-472-surge-phishing-attacks-last-year 

This segment is sponsored by Zscaler.

Visit https://securityweekly.com/zscalerbh to learn more about them!

The security mediascape is buzzing with discussions around the growing threat of generative AI. But, how can we use this powerful new weapon for good? In this executive interview, IRONSCALES CEO Eyal Benishti walks us through the ways in which generative AI can be used to significantly harden organizations’ cyber defenses, and even unveils the latest, cutting-edge tools to be added to IRONSCALES’ growing AI suite of capabilities. Meet IRONSCALES’ Themis Co-Pilot for Outlook and learn how your team can use artificial intelligence to tip the scales back in your favor.

Segment Resources: https://ironscales.com/company/news-awards/news/ironscales-announces-themis-copilot

Video: https://youtu.be/ayn8ecsNgKY This segment is sponsored by IRONSCALES.

Visit https://securityweekly.com/ironscalesbh to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-317

In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-316

On July 31st, 2023, the Biden administration released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative. The National Cyber Workforce and Education Strategy focuses on four major pillars: equipping every American with cyber skills, transforming cyber education, expanding and enhancing the national cyber workforce and strengthening the federal cyber workforce. The strategy relies heavily on non-governmental and private sector entities to provide funding, internship and apprenticeship programs to increase the number of workers with cybersecurity skills. One of those entities referenced in the strategy is Dakota State University. Dr. José-Marie Griffiths joins us to discuss education's role in the strategy, but offers other insights, including: - immigration policies and how it limits the current cyber workforce, - diversity, equity, and inclusion initiatives and the reduction of women in the cyber workforce, and - what can the cyber community do to help.

 Segment Resources: https://www.dsucyber27.com/ 

https://dsu.edu/programs/artificial-intelligence-bs.html

 https://dsu.edu/programs/computer-science-artificial-intelligence.html

 In the leadership and communications section, How CISOs can engage the C-suite and Board to manage and address cyber risk, CISOs Need Backing to Take Charge of Security, It’s OK to Fail, but You Have to Do It Right, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-315

Some organizations are banning ChatGPT and other generative AI models out of fear of the risks they could introduce. While this is understandable, the reality is generative AI is accelerating so fast that, very soon, banning it in the workplace will be like blocking employee access to their web browser. Randy Lariar, Practice Director of Big Data, AI and Analytics at Optiv, will discuss how to embrace the new technology and shift the focus from preventing it in the workplace to adopting it safely and securely. We will discuss the challenges and benefits of generative AI, including: - How to detect AI tools and usage - How to develop policies and procedures for using AI tools - How the protect the models, data, and infrastructure to support AI tools - What are the regulatory requirements that may impact AI tools and usage - What are the benefits of using AI tools

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly 

Like us on Facebook: https://www.facebook.com/secweekly 

Show Notes: https://securityweekly.com/bsw-314

CYBER.ORG, in partnership with CISA, is helping create a diverse cyber workforce by breaking down the barriers to cybersecurity education by improving access for all K-12 students nationwide. CYBER.ORG’s HBCU feeder program Project REACH was recently highlighted in CISA’s 2022 Year in Review as part of the agency’s commitment to improving diversity and accessibility in the field. Laurie Salvail, Director of CYBER.ORG, joins BSW to discuss: - Why the expansion of K-12 cybersecurity education is the first step toward building a diverse talent pipeline. - How CYBER.ORG has implemented initiatives to drive diversity in cybersecurity including: - Project REACH, the HBCU feeder program launched across the country to build the next-gen workforce, and its plans to expand kickoff events in 2023. - Project Access, a program for the blind and visually impaired who are in pre-employment transition (Pre-ETS), and the summer camps on the horizon. - CYBER.ORG’s plans to expand diversity and inclusion efforts in the coming year to Hispanic-serving institutions. Segment Resources: To learn more about CYBER.ORG or to get involved, visit: https://www.cyber.org This week in the leadership and communications section: the SEC is asking for comments on Cybersecurity on Wednesday, July 26, 2023 at 10:00 a.m - Be there and tell them what you think of their cybersecurity regulations! Google has a new AI tool for journalism, Sergey Brin is back at Google, paving the path for "Blue-Collar AI" professionals, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-313

Less than 50% of the Fortune 500 have a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) listed on their executive team. Why is that? Is this role not considered an executive position? In part 1, we debate the role of the CISO/CSO and whether it is or is NOT and executive position. We've made a lot of progress over the last 20+ years, but has the role peaked? Will the role continue to get a seat at the table as a C-level executive or will it atrophy back to a VP or Director role? If the CISO/CSO is still an executive position, then what are the requirements of this role? In part 2, we debate the requirements of the CISO/CSO role and expectations of the organization. To be a true executive role, the CISO/CSO needs to have the decision making authority with the same protections of other officers. Will they get it? We debate.

Visit https://www.securityweekly.com/bsw for all the latest episodes! 

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly 

Show Notes: https://securityweekly.com/bsw-312

A golden age is a time of great achievement in a society or industry — a time of innovation and the furthering of new ideas via new mediums or technological advancements. Email security is now entering a golden age after stagnating for the better part of a decade. Is it time to celebrate? Customers have more choice than ever when it comes to protecting how employees, customers, and partners communicate and collaborate. Often, those customers are choosing more than one email security partner in a layered or multilayer approach to protection, as it provides greater efficacy — and peace of mind. But is that sustainable in a consolidating market? Jess Burn, Senior Analyst from Forrester Research, joins us to discuss the results of The Forrester Wave on Enterprise Email Security for Q2 2023. Segment Resources: https://www.forrester.com/blogs/announcing-the-forrester-wave-enterprise-email-security-q2-2023/?ref_search=604835_1688574622533 In the leadership and communications section, CISO as a Business Executive: 5 areas to focus on and 5 actions you can take to run cybersecurity…, How to win the battle for cybersecurity budgets, Mastering Effective Communication Skills with the Dale Carnegie Method, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly 

Like us on Facebook: https://www.facebook.com/secweekly

 Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw-311

This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days! In the Leadership and Communications segment, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/vault-bsw-3 

In a tight economy, security budgets have been under scrutiny. Vendor consolidation strategies are real, but what are the pros and cons of this strategy? Shawn Surber from Tanium joins us to discuss how vendor consolidation is playing out and what to look for. It's not just an expense exercise, it's also a strategic alignment exercise. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the Leadership and Communications section, CISO Burnout Prevention: Tips for Work-Life Balance, Maximizing Leadership Potential, The Essence of Effective Management: Commitment, Foresight, and Leadership, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

 Like us on Facebook: https://www.facebook.com/secweekly

 Show Notes: https://securityweekly.com/bsw-310

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on October 12, 2020. 

We go off script. Michael Santarcangelo joins me for a discussion on leadership. We review the 4 C's of Leadership: 1. Culture 2. Collaboration 3. Communication 4. Cultivation - and Michael shares some of his leadership approaches and ideas.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/vault-bsw-2 

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more!

This segment is sponsored by Living Security.

Visit https://securityweekly.com/livingsecurity to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-309

The American Data Privacy and Protection Act introduces oversight of how companies handle the data they collect and process from U.S. citizens, including AI algorithms used to uncover insights that can be monetized. Security professionals should prepare now for the legislation by understanding how to audit algorithms and implement compliance processes. Even if this version of privacy legislation doesn’t pass, similar legislation will likely pass soon.

Segment Resources:

Forbes Tech Council article: Why You Need to Prepare Now for Privacy Legislation That May Not Pass https://www.senecaglobal.com/media-mentions/ftc-why-you-need-to-prepare-now-for-privacy-legislation-that-may-not-pass/

Enterprise Security Tech - American Data Privacy Protection Act: What, Who, How https://www.enterprisesecuritytech.com/post/american-data-privacy-protection-act-what-who-how

Security Info Watch - What the American Data and Privacy Act means for businesses https://www.securityinfowatch.com/security-executives/article/21295869/what-the-american-data-and-privacy-act-means-for-businesses

In the leadership and communications section, Cybersecurity Starts with the Board and C-Suite, How CISOs can achieve more with less during uncertain economic times, Why Authentic Leadership Is So Hard, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw-308 

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020.

Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO...

All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/vault-bsw-1 

You can rebuild infrastructure. But you can’t un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We’re joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.

Segment Resources:

The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf

The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report

Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform

This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!

In the leadership and communications section: Do You Really Need a CISO?, A CISO Employment Contract May Mean the Difference Between Success and Jail, When Your Employee Tells You They’re Burned Out, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw307 

Medtronic's Security Ambassador program has seen tremendous growth and engagement in recent years. Learn how they gave their program a shot of adrenaline and haven't looked back since.

Cybersecurity teams today are inundated with tools that provide an abundance of alerts and data about threats, gaps, vulnerabilities and everything in between. While security tools are critical to operating a cybersecurity program and produce helpful data, they should never dictate an organization’s cybersecurity strategy. Instead, Amad Fida, CEO & Founder of Brinqa, explains why business priorities should be the foundation for any company’s cybersecurity strategy.

This segment is sponsored by Axonius. Visit https://securityweekly.com/axoniusrsac to learn more about them!

Economic uncertainty has forced IT and security leaders to be more cautious than ever when increasing spending and team size. Suh dynamics give CISOs and CIOs an opportunity to demonstrate value by going beyond “merely” defending the organization from threats. We can contribute toward the organization’s efforts to constrain costs by looking inward at existing tools and assets to understand deployment, usage, and value. We can do this by ensuring the company is making the most of what it already has – and eliminating the spend that’s not being utilized in the most effective way.

This segment is sponsored by Brinqa. Visit https://securityweekly.com/brinqarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw306 

Each year, Forrester tracks the top systemic risks — external events that impact your firm and customers but are out of your control — facing organizations. The impacts of climate change are both short-term, in the form of severe weather, drought, and heat waves, and long-term, in the form of biodiversity loss, sea-level rise, and rising temperatures. Want to see where climate risk ranked on the list? Read The Top Systemic Risks, 2023 (https://www.forrester.com/report/the-top-systemic-risks-2023/RES179156) or listen to this segment on Business Security Weekly.

A resilient cybersecurity strategy is essential to running your business while protecting against security threats and preventing data breaches. For CISOs, partnering with a managed service security provider (MSSP) means you can be in control of your organization’s information and infrastructure security without placing a strain on internal personnel or resources which is critical in today’s uncertain economy. With an MSSP on board, CISOs are better equipped to meet strategic and business goals, while improving operations and reducing expenses. This interview will discuss not only why to consider an MSSP but how to choose the right one for the job.

This segment is sponsored by Direct Defense. Visit https://securityweekly.com/directdefensersac to learn more about them!

Insider Risk is a problem that continues to grow - and that companies are still struggling to solve. CISOs state that it is the number one most difficult threat to detect, placing it over malware and ransomware. Code42 President and CEO Joe Payne will explain why the Insider Risk problem is so challenging and will offer guidance on how to solve it.

This segment is sponsored by Code42. Visit https://securityweekly.com/code42rsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw305 

This week, it's time for Security Money. We recap Q1 2023 with the latest financial results, funding announcements, and layoffs. Don't miss this quarterly update. At the market close on April 28th 2023: - SW25 Index is 1,404.31, which is an increase of 40.43% (up from last Q) since inception. - NASDAQ Index is 12,226.58, which is an increase of 84.27% (up from last Q) during the same period.

CISOs face the complex challenge of protecting organizations against an expanding array of cybersecurity risks. While the role requires constant adaptation to protect against new threats, CISOs often bear the blame when defenses are breached. In this segment Kunal Anand, CTO & CISO, Imperva, discusses the evolution of the role and what aspiring professionals need to know if they want to hold the title.

This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!

Today’s security products are evolving to meet the changing attack surface, each one targeting a specific set of risks. For organizations, this typically means that to increase security maturity, they need to implement a number of different solutions, and as the attack surface continues to expand, their tech stack quickly becomes difficult to manage. It’s time for the industry to help security teams achieve a better balance and reduce this operational burden.

Segment Resources:

 https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011766&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=video&utm_campaign=ft-rsa-conference

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw304 

We talk a lot about closing the skills gap, but it's harder said than done. So we thought we'd tackle the problem in our 2nd episode os Say Easy, Do Hard. Part 1 will discuss the skills needed, the requirements of the position, and the real qualifications for cybersecurity jobs. We will discuss the practical, realistic expectations of working in cybersecurity, not the hyped stereotypical positions.

After discussing the requirements for working in cybersecurity, part 2 will tackle where to find the talent. We will explore education, apprenticeships, mentorships, and training. We will also identify areas within the business that have resources with skills that are very complementary with cybersecurity that also make great recruiting areas.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw303 

Securing the business can often come at a cost of employee productivity, but it doesn’t have to be this way. Especially in today’s economic climate, the security team cannot be seen as a blocker to business. Aviv discusses how to find that balance in today’s episode.

This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them!

In the leadership and communications segment, Security Is a Revenue Booster, Not a Cost Center, How cybersecurity leaders can tackle the skills shortage, Engaged Employees Create Better Customer Experiences, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw302 

Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023 -Ransomware-insights-report.pdf.

Here are a few of the highlighted stats:

• Barracuda international survey finds 73% of organizations experienced a successful ransomware attack in 2022 — 38% were hit more than once.
• 42% of those hit three times or more paid the ransom to restore encrypted data — compared to 31% of victims hit just once.
• 69% of ransomware attacks began with an email.
• 27% of organizations feel underprepared to tackle ransomware.

Fleming Shi joins Business Security Weekly to discuss the findings and ways to better prepare for these attacks. In the leadership and communications segment, How to Succeed As a New Chief Information Security Officer, Lead by Example: What Army Special Forces Can Teach You About Leadership, How to Take Risks & Conquer Fears, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw301

Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including: 

•  Paul's resignation from Tenable in 2016 to expand the Security Weekly podcast
• Michael and Paul launching Start-up Security Weekly in 2016
• The switch to Business Security Weekly in 2018
• Matt's first episode (105) in 2018 as the new CEO of Security Weekly 
• The premier episode of Security Money (113) in 2019
• Jason's first episode (101) in 2018
• The sale of Security Weekly to CyberRisk Alliance in 2020
• Ben's first episode (231) in 2021
• The premier episode of Say Easy, Do Hard (289) in 2023

You ask, we respond. This Ask Me Anything (AMA) segment allows the audience to ask the BSW hosts anything. From leadership skills to career advice or even why Alderman keeps moving, this segment answers the questions you want to know.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw300

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw299

When CISOs report into CEOs it gives them more autonomy, empowers them with more decision making authority, and eliminates the inherent conflict of interest present when CISOs report into IT leaders like the CIO.

Segment Resources:

https://www.forrester.com/blogs/five-reasons-why-cisos-should-report-to-ceos

In the leadership and communications section, CISO: A Job in Search of a Description, The Rise of the BISO in Contemporary Cybersecurity, When More is Less: The Dangers of Over-Communication in Teams, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw298

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​

This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw297

From protecting application and data from cyberattacks to meeting compliance regulations, healthcare providers face the complex challenge of providing secure and reliable access to medical data. In this segment, Terry Ray joins Business Security Weekly to discuss common attack trends and security challenges that healthcare providers face along with guidance for securing healthcare data and applications.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

In the leadership and communications section, Your Biggest Cybersecurity Risks Could Be Inside Your Organization, Subtracting: The Simplest Path to Effective Leadership, How to Be a Good Interviewer, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw296

Lots of press lately regarding ChatGPT and its impact on cybesecurity. Some say it will help us fight adversaries, while others say it will only make adversaries more sophisticated. Lot's of FUD on both sides of the discussion. BSW hosts debate the pros and cons of ChatGPT (and other AI) to truly understand its impact and what we, as security leaders, need to know. In the leadership and communications section, Leaders Are Feeling the Pressure of an Uncertain, Dynamic Risk Landscape, Gartner Predicts Nearly Half of Cybersecurity Leaders Will Change Jobs by 2025, How to Empower Teams, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw295

It's another holiday week, so enjoy this episode from the BSW archives!

This week, we welcome Graeme Payne, President at Cybersecurity4Executives, to discuss Impacts of a Data Breach! During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as the human error . In the Leadership and Communications Segment, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more!

Show Notes: https://wiki.securityweekly.com/BSWEpisode172

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

How do you manage the human side of cybersecurity? Traditionally, security awareness programs have checked this box from a compliance angle but had minimal impact on cyber risk. Human Risk Management (HRM) is transforming this space by connecting an integrated, data-driven approach with personalized security training to deliver quantifiable results. In this session, we'll define HRM, explore how it is being adopted, and review the business case supporting the change.

This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

In the leadership and communications section, What CISOs Should Know About Hacking in 2023, Getting Employee Buy-In for Organizational Change, Listening — The most important communication skill, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw294

This week, it's Security Money. While the major indexes have improved, the SW25 index has not. Pressures from the macro economic conditions appear to have a greater impact on cybersecurity. We'll dig in and review.

In the leadership and communications section, Who Does Your CISO Report To?, 5 CISO Traps to Avoid and Truths to Embrace, How to effectively communicate cybersecurity best practices to staff, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw293

What keeps the cyber C-Suite up at night? What are their main priorities, and how do they articulate them to board? In this session, we’ll go behind the screens and find out what CISOs from all over the world really think in terms of making turning cyber risk into business risk.

This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

In the leadership and communications section, Why CISOs Make Great Board Members, Unlock Your Leadership Potential: 12 Must-Read Books to Take Your Skills to the Next Level, How To Get People To Listen To You, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw292

Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. In the leadership and communications section, 8 Questions to Ask Before Selecting a New Board Leader, How Cybersecurity Leaders Can Build Employee Trust—And Why It Is Important, 7 rules to communicate the business value of IT, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw291

We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today. 

This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You! 

Show Notes: https://securityweekly.com/bsw227

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://twitter.com/securityweekly

Follow us on Facebook: https://facebook.com/secweekly

In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming ‘Uninsurable’?, and more! SolarWinds has been on the journey of Secure by Design since the Sunburst incident in late 2020. Secure by Design is a practical approach to minimizing risk. It involves advanced build systems, an assumed breach model, proactive testing, audit, increased visibility and sharing lessons externally.

Segment Resources:

https://www.solarwinds.com/secure-by-design-resources

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw290

With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program.

This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities.

With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program.

This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities:

1. Asset Management

2. Patch Management

3. IAM/MFA/PIM/PAM

4. EDR/MDR/XDR

5. Backup/Recovery

6. Risk Management

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw289

In the Leadership and Communications section, CISOs of the World, Unite!, 8 things to consider amid cybersecurity vendor layoffs, The Best Public Speakers Put the Audience First, and more! Barracuda just finished an email security survey. We start to dig into the results and the impact for 2023, including:

- 86% of respondents in all the countries surveyed said third party email security solutions are essential to keep our Microsoft 365 environment secure

- This rises to 92% for respondents in the U.S.

- And to 91% for companies with between 250 and 499 employees

Also:

- Just under one in five (19%) of all respondents said their top email security concern with Microsoft 365 was data protection and the risk of data loss

- This rises to one in four (25%) among the frontline IT managers and professionals surveyed

This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw288

In the leadership and communications section, 5 top qualities you need to become a next-gen CISO, Ego Is the Enemy of Good Leadership, How To Explain Things Better, and more!

The U.S. is at an inflection point in terms of cyber threats; Critical infrastructure attacks are growing more frequent and consequential, and the White House recently called the cyber talent gap of nearly 770,000 open positions a “national security challenge.” Kelly Rozumalski, SVP at Booz Allen Hamilton leading the firm’s national cyber defense business, joins BSW to discuss why upskilling and reskilling are key to closing the cyber talent gap at the federal level and how a collective defense posture across government and private sector can enable us to better secure U.S. critical infrastructure.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw287

Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!

In the leadership and communications section, The Sacrificial CISO heralds a new age for cybersecurity, To Coach Leaders, Ask the Right Questions, How to Handle Criticism Gracefully: 12 Pro Tips, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw286

In the leadership and communications section, Is Your Board Prepared for New Cybersecurity Regulations?, 32% of cybersecurity leaders considering quitting their jobs, 40 Jargon Words to Eliminate from Your Workplace Today, and more!

Positive change is coming to cybersecurity. In this segment, Mike Devine (CMO) and John Grancarich (EVP of Strategy) at Fortra discuss the business of leading a cybersecurity company, the reasons behind our recent rebrand, and our plans for continuing as a people-first company that collaborates with our customers to combat the threat landscape with confidence.

This segment is sponsored by Fortra. Visit https://securityweekly.com/fortra to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw285

Threat actors use automation and technology to do evil at scale. Yet, even with cutting edge technology available to them, smaller organizations feel overwhelmed. Analysts struggle from the “alt-tab, swivel-chair” problem, and security products just don’t feel… powerful. So how does a SOC maximize its most valuable asset–the humans–in combination with technology to overachieve? This talk will teach you a new way to model out your team's resources, assets, and capabilities to defend against various levels of adversaries to determine where you have operational capability, where you have gaps, and how to tell the difference.

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

After years of increases, security budgets are coming under scrutiny. Cybersecurity professionals need practical guidance on how to manage existing budget allocations and new requests for funding. This segment provides Forrester's spending benchmarks, insights, and recommendations to future-proof your security investments in ways that keep you on budget while simultaneously mitigating the risks facing your organization.

Segment Resources:

https://www.forrester.com/blogs/new-security-risk-planning-guide-helps-cisos-set-2023-priorities/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw284

In the leadership and communications section, Is Cybersecurity Leadership Broken?, Cybersecurity career mistakes, 13 Cybersecurity Horror Stories to Give you Sleepless Nights, and more!

Cyber risk quantification should be at the center of an enterprise's actions to understand and measure risk posed in the event of a cyberattack. That data should then be used to estimate - financially - cyber risk exposure. To start this process, enterprises need 3 pillars to build a good cyber risk quantification program: the right data, appropriately skilled people and a methodology.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw283

Robert Herjavec, CEO of Cyderes, was the keynote speaker at InfoSec World 2022, where he discussed the momentum we continue to see in the cybersecurity industry. Topics included mergers & acquisitions, Robert's outlook on the cyber market, staffing shortages, and nation state threats. Robert joins BSW to expand on his ISW keynote presentation.

In the leadership and communications section, Boards looking to CEOs, not CIOs, to lead digital initiatives, Compensation for Cybersecurity Leaders is on the Rise, 3 cloud security posture questions CISOs should answer, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw282

In the leadership and communications section, So you do not want to become a CISO anymore?, Which cybersecurity metrics matter most to CISOs today?, 15 Effective Tips on How To Talk Less (And Listen More!), and more!

One of my favorite segments! We track the top 25 public companies and provide you an update on the overall market. The Security Weekly Index has taken a beating, but so has the broader market. We'll update you on the latest funding, acquisition, and financial news.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw281

As 2023 approaches, security leaders are hard at work preparing their budgets, identifying their projects, and setting their priorities for the next twelve months. At the same time, the growth mode days of cybersecurity spending appear to be over as budgets receive more scrutiny than ever. Join us as we discuss the pressures and problems that CISOs will encounter in 2023, and how they can best defend their cybersecurity budgets while the economy slips into a downturn.

In the leadership and communications section, The CISO of Tomorrow Is Stepping Into the Business Spotlight, Why a Risk-Based Cybersecurity Strategy is the Way to Go, The Rise and Fall of Uber CISO and The Future of Cybersecurity Industry, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw280

In an effort to diversify the cybersecurity talent pool and improve cybersecurity literacy, CYBER.ORG created Project Access, a nationwide effort designed to expand access to cybersecurity education for blind and vision impaired students between the ages of 13-21 who are in pre-employment transition (Pre-ETS). Through the Cybersecurity and Infrastructure Security Agency’s Cybersecurity Education and Training Assistance Program (CETAP) grant, CYBER.ORG pioneered a series of camps this past summer in Arkansas, Maine, Virginia, and Michigan to introduce blind and vision impaired students to key cybersecurity topics, help them develop cybersecurity skills, and explore the possibility of a career in a growing industry. This is one of CYBER.ORG’s efforts to improve diversity and inclusion in the cybersecurity industry – starting with K-12 students.

Segment Resouces:

To learn more about CYBER.ORG and Project Access or to get involved, visit: www.cyber.org www.cyber.org/events

www.cyber.org/initiatives/project-access

You can reach Dr. Chuck Gardner, Sr. Director of Government and Non-Profit Engagement for CYBER.ORG at [email protected].

https://www.businesswire.com/news/home/20220627005666/en/CYBER.ORG-Launches-Project-Access-a-National-Effort-to-Increase-Access-to-Cybersecurity-Education-for-Students-with-Disabilities

In the leadership and communications section, Fake CISO Profiles on LinkedIn Target Fortune 500s, Cybersecurity Executive Communication and importance of Metrics, Tips for developing cybersecurity leadership talent, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw279

New fourth-annual research report analyzes ransomware attack patterns that occurred between August 2021 and July 2022 In the past 12 months, Barracuda researchers identified and analyzed 106 highly publicized ransomware attacks and found the dominant targets are still five key industries: education, municipalities, healthcare, infrastructure, and financial. Researchers also saw a spike in the number of service providers that have been hit with a ransomware attack. The volume of ransomware threats detected spiked between January and June of this year to more than 1.2 million per month. Most ransomware attacks don’t make headlines, though. Many victims choose not to disclose when they get hit, and the attacks are often sophisticated and extremely hard to handle for small businesses. To get a closer look at how ransomware is affecting smaller businesses, the report details three examples that researchers have seen through Barracuda SOC-as-a-Service, the anatomy of each attack, and the solutions that can help stop these attacks.

Segment Resources:

Read the full Threat Spotlight blog post: https://blog.barracuda.com/2022/08/24/threat-spotlight-the-untold-stories-of-ransomware/

This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!

In the leadership and communications section, Attention CISOs: The Board Doesn’t Care About Buzzwords, The Best Managers Are Leaders — and Vice Versa, Firing Your Entire Cybersecurity Team? Are You Sure?, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/secweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw278

In the leadership and communications section, Cybersecurity’s Too Important To Have A Dysfunctional Team, In a Crisis, Great Leaders Prioritize Listening, White House Announces Stricter Cybersecurity Guidelines and Rules, and more!

Paul will discuss a risk-based approach to security that prioritizes fixing the most critical issues that will reduce risk in your organization. He'll walk through a three-step cycle that continuously monitors the threat landscape, enables quick response, and measures the metrics that company leadership cares about.

Segment Resources:

https://blog.qualys.com/qualys-insights/2022/05/31/transitioning-to-a-risk-based-approach-to-cybersecurity

https://blog.qualys.com/qualys-insights/2022/07/26/aflac-completes-successful-poc-of-qualys-vmdr-2-0-with-trurisk

www.qualys.com/vmdr

This segment is sponsored by Qualys. Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw277

While applications and APIs are developed with cloud in mind, many organizations must rely on a hybrid architecture and edge computing to deliver their services given the high cost of cloud services. However, many organizations lack the right security stack to protect data and applications in these unique environments, or from threats added through reliance on open source code. With today’s attacks coming from automated threats, organizations need to implement tools to mitigate risks that impact the bottom line, brand reputation, and customer experience without slowing development lifecycles.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw276

In this segment, BARR Advisory founder and president Brad Thies will use real-world examples to discuss how cybersecurity scorecards and KPIs can help organizations measure and manage the effectiveness of their cybersecurity programs. Thies will also reveal which metrics he sees as most valuable in evaluating cybersecurity posture and discuss how to define accountability for security within an organization.

This segment is sponsored by BARR Advisory. Visit https://securityweekly.com/barradvisory to learn more about them!

In the leadership and communications section, 7 Uniquely Personal Bits of Wisdom To Improve Your Leadership, 4 key areas cybersecurity leaders should focus on, Cybersecurity spending strategies in uncertain economic times, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw275

In the leadership and communications section, CISO salaries balloon, likely spurred by demand, 4 Steps to Being an Authentic Leader, Keeping Your Team Motivated When the Company Is Struggling, and more!

In order to run a successful SOC, security leaders rely on tools with different strengths to create layers of defense. This has led to a highly siloed industry with over 2,000 vendors, each with their own specific function and who very seldom work together. To gain an advantage on attackers, we need to start seeing cybersecurity as a team sport––united for a shared mission. In this session, ExtraHop’s Chase Snyder discusses why and how vendors should work together to enable better integrated security for their customers. He’ll answer questions like “what is XDR?” and “how do I get my vendors to work together?”.

This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw274

In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what did that rapid entry into tech entrepreneurship teach him about information security? And how did that lead to a passion for, among other things, cyber philanthropy? SC Media's Jill Aitoro will speak to Newmark about his career, and his own evolution in infosec awareness that came with it.

Among the more challenging phases for a cyber business is transitioning from inspiring startup to successful enterprise, strategically leveraging investment to scale. SC Media's Jill Aitoro will sit down with Dave Dewalt, founder of NightDragon, and Matt Carroll, CEO of NightDragon's newest investment Immuta. Employees are on the move. As tech and security leaders adjust to managing hybrid teams, they should also plan for the loss and replacement of key security talent. Attrition and the increasing length of time needed to find a replacement leaves security programs — and firms — vulnerable. Implementing a formal succession planning process for the security organization mitigates risk and increases employee satisfaction and retention. This report provides steps for starting a succession planning program and real-world examples of companies that are already focused on developing and retaining the next generation of security talent.

Segment Resources:

https://www.forrester.com/report/succession-planning-is-a-business-resilience-imperative/RES177689?ref_search=604835_1658240598764

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw273

In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!

Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw272

Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.

In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw271

In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!

Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitigate risk.

This segment is sponsored by Imperva. Visit https://securityweekly.com/imperva to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw264

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time?

This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!

In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw263

In the leadership and communications section, 5 Cybersecurity Questions CFOs Should Ask CISOs, How Leaders Can Escape Their Echo Chambers, 10 Cybersecurity Compliance Statistics That Show Why You Must Up Your Cybersecurity Game, and more!

Most current security risk assessments are not effective. Doug Landoll joins BSW to explain how we can fIx this. Doug will share 5 Essential Elements of an Effective Security Risk Assessment, including: - Scoping, Scheduling, and Champions - Team Structure - Data and Measurements - Calculations and Analysis - Reporting, Presentation, and Tracking

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw270

In the leadership and communications section, How CISOs can prepare for new and unpredictable cyberthreats, 8 Leadership and Management Principles from Ex-Navy Seal, Practice Transparent Leadership, and more!

IIoT infrastructure protection requires immediate attention. Barracuda just released key findings from a report titled "The state of industrial security in 2022," that covers the following: • The network breaches, ransomware attacks, and other security incidents businesses are facing • The current challenges related to infrastructure protection, remote access security, and digital transformation • The solutions and strategies decision makers are using to close security loopholes and boost the protection of IIoT infrastructure

This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw269

In the Leadership and Communications segment: How to build a cyber capable board, Who Is Legally Responsible for a Cyber Incident?, Building a security culture of 'Yes', and more!

This edition of Security money is a 2 quarter update for both Q1 2022 and Q2 2022. That's what happens when you have a lot of interest and interviews. Although the SW25 Index is down, it's still outperforming the Nasdaq!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw268

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.

Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down a path of compromise and catastrophe, adding to our growing labor and skill deficit. This segment is meant to explore the existing physics and gravitational forces of how we have approached cyber risk management to date, discuss where we are stuck today as well as ideas for a path forward - a reorientation of security operations function so that it is optimized to handle the volume as well as reposition it from an anchor point of continual reaction to one where it can take proactive action in front of the cycle of risk. The heart of these changes is a redefinition of the risk equation we have been using for decades Risk = F (Threat, Vulnerability, Consequence) which while useful initially has created a spray and pray model across most of our organizations. I will explain how to redefine the equation to be Risk = F (Threat, Exploitability, Consequence).

Segment Resources: https://www.uscybersecurity.net/csmag/going-beyond-the-motions-of-cybersecurity/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw267

What does a CISO do all day? Do they eat bon-bons and read the WSJ? Do they read Threatpost or BleepingComputer or Twitter? Why does a company need a CISO, or better still, do they need one? All these questions and more will be answered in this weeks episode.

Segment Resources:

https://www.cbts.com/security/security-services/

https://www.cbts.com/blog/cloud-security-controls-mitigate-risk/

https://www.cbts.com/blog/weighing-risks-benefits-moving-to-the-cloud-part-1/

https://www.cbts.com/blog/what-is-cyber-insurance/

With recent proposed rule making from he SEC, there is increased focus on the Board's involvement in governing and managing cybersecurity. What is changing in how effective CISO's engage with their Board of Directors and what is over the horizon for cybersecurity leaders?

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw266

In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!

Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and the first presidentially appointed Assistant Director of Cybersecurity at the Cybersecurity and Infrastructure Security Agency (CISA) at the Department of Homeland Security (DHS).

This segment is sponsored by LookingGlass Cyber. Visit https://securityweekly.com/lookingglass to learn more about them!

Is the Market Ready for Integrated Cyber Risk Management? Cyber risk management is now a dynamic practice for security teams and leadership. It requires up-to-date risk intelligence across many factors – external, internal, third parties, cloud posture – to inform the right decisions and enable cyber risk quantification and risk modeling to be more dynamic. Victor will discuss what drove him to leave security leadership and start a company to solve the problems he experienced with cyber risk management and how the market is responding.

Segment Resources: https://fortifydata.com/request-an-assessment

This segment is sponsored by Fortify Data! Visit https://securityweekly.com/fortifydata to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw265

This week, we start off with an interview featuring Mike Ernst, VP of Sales Engineering, Worldwide at ExtraHop! Then, in the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more!

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw262

In our first segment: Dave Klein, Cybersecurity Evangelist at Cymulate joins Business Security Weekly to discuss the value of "Extended Security Posture Management"! Then In the Leadership and Communications section for this week: SolarWinds breach lawsuits: 6 takeaways for CISOs, Navy Seals’ 5 Leadership Principles That Will Transform Entrepreneurs Into Influential Leaders, More Powerful People Express Less Gratitude, & more!

This segment is sponsored by Cymulate.

Visit https://securityweekly.com/cymulate to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Show Notes: https://securityweekly.com/bsw261

This week, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues. In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America’s Boardrooms, and more!

Show Notes: https://securityweekly.com/bsw260

Segment Resources:

Blog post: https://www.forrester.com/blogs/our-2022-top-recommendations-for-your-security-program-cisos-get-an-offer-they-cant-refuse/?ref_search=604835_1649953578273

Full report: https://www.forrester.com/report/top-recommendations-for-your-security-program-2022/RES177270?ref_search=604835_1649953578273

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments. In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more! With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever.

Show Notes: https://securityweekly.com/bsw259

Visit https://securityweekly.com/firemon to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques. FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries’ goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware’s methods for attack entirely in some situations. In the Leadership and Communications section: Cybersecurity is IT’s Job, not the Board’s, Right?, Why Some CISOs Fail, How JetBlue creates a culture of security, and more!

Show Notes: https://securityweekly.com/bsw258

Visit https://securityweekly.com/fortinet to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More!

Show Notes: https://securityweekly.com/bsw257

Visit https://securityweekly.com/hpwolf to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more!

Show Notes: https://securityweekly.com/bsw256

Segment Resources:

https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4

https://fismacs.com/blog/

https://portal.fismacs.com/p/p-rmod4cyber

https://fismacs.com/white-paper-mhp-ip4cyber/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The most recent trends in social engineering, the latest methods attackers are using to trick their victims, and the best practices to protect your business from these evolving threats. In the Leadership and Communications section: What the Newly Signed US Cyber-Incident Law Means for Security, How to plan for increased security risks resulting from the Great Resignation, The 5 Pillars of Growth, and more!

Show Notes: https://securityweekly.com/bsw255

Segment Resources: https://assets.barracuda.com/assets/docs/dms/Spear-phishing-vol7.pdf

Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

It doesn't matter how much security technology you have, how much you spend on security: security outcomes are achieved by doing all the little things right. You can spend $10M on network security technology from any vendor, but you will fail to effectively secure your enterprise if you don't properly manage the policy enforced by those firewalls. That sounds really simple, but simple doesn't scale. If you only have a few firewalls with policies consisting of tens of rules, it may be simple. But imagine an enterprise that has 2,000 firewalls, each firewall has a policy with an average of 500 rules, each rule has an average of 15 objects, each source and destination object represent an average of 50 IP addresses. This enterprise is managing, 2,000 firewalls, 1 million rules, 125 million connections, representing over 300 billion access paths. And just 1 wrong rule could expose the network to compromise. In the Leadership and Communications section: CISOs are still chiefs in name only, Defining “Reasonable” Cybersecurity: Lessons from the States, Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage, and more!

Show Notes: https://securityweekly.com/bsw254

Visit https://securityweekly.com/firemon to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Something is seriously wrong with our current approach to cybersecurity––the more we spend, the worse the situation becomes. In an industry plagued by a chronic talent shortage, one thing is clear: simply throwing another tool in the mix isn’t the path to better security. If we’re going to solve the security paradox, we’re going to need a cross-functional, in-depth analysis of the problem and a structured approach to fixing it. Michael McPherson joins Business Security Weekly to share tactical questions that security leaders can ask themselves and their teams in order to build a better overall approach to defense. In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let's see if those align), CISO Checklist for Offboarding Security Staff, and more!

Show Notes: https://securityweekly.com/bsw253

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Ransomware developments we saw over the past year—along with a look ahead at what to expect in 2022. In the Leadership and Communications section, Answer this question to assess your leadership, Partner Across Teams to Create a Cybersecurity Culture, The Future of Cyber Insurance, and more!

Show Notes: https://securityweekly.com/bsw252

Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Business Information Security Officer, or BISO, is relatively new and somewhat controversial role. Does this role act as the CISO's non-technical liaison to the business units or as the CISO's deputy to oversee strategy implementation at a granular level? Is this new role a necessary career path for future CISOs or an entry point into security? The BSW hosts debate! In the Leadership & Communications section for this week: What Is Security?, How to Team Up with IT for Cybersecurity, Executive Cybersecurity Leadership Program launches, and more!

Show Notes: https://securityweekly.com/bsw251

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome John Wheeler, CEO at Wheelhouse Advisors, and Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to discuss why it's Time To Move Away From "G - little R - Big C" (GRC)! In the Leadership and Communications section, 5 Leadership Lessons General Marshall can Teach Us, Cybersecurity incident response: The 6 steps to success, 6 Effective Tips to Politely Say No (that actually work!), and more!

Show Notes: https://securityweekly.com/bsw250

Visit https://securityweekly.com/cybersaint to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ann Marie van den Hurk, Small Business Cybersecurity Champion at Mind The Gap Cyber, to talk about Effective Communications During & After a Cyber Attack! In the Leadership and Communications section, Cybersecurity Policy Creation: Priority One, 5 steps to run a successful cybersecurity champions program, The war for cloud and cybersecurity talent is on! , and more!

Show Notes: https://securityweekly.com/bsw249

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Dan Matthews, Director, Worldwide Sale Engineering from Constella Intelligence, will discuss the challenges with digital risk protection and how to protect your executives, employees, and corporate brand. In the Leadership and Communications section, Cybersecurity increasingly on audit committee agendas, CIO involvement in security grows as CEOs target risk reduction, How Poor Security Culture Leads to Insider Risk, and more!

Show Notes: https://securityweekly.com/bsw248

Visit https://securityweekly.com/constella to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Enabling the business requires a nuanced view of verticalization and what it means to an enterprise. Why is this important as CISO’s think about how to apply cyber to enterprise resiliency? Mark Fernandes, Global Chief Technology Officer, Security, Risk, and Governance Solutions from MicroFocus, joins us to provide an overview of their Galaxy platform that aligns threats to prioritized risk activities.

In the Leadership and Communications section, Mastering Art and Science Is Imperative for CISOs to Be Successful, Seven Ways to Ensure Successful Cross-Team Security Initiatives, 2 Key Cybersecurity Lawmakers Will Not Seek Reelection, and more!

Show Notes: https://securityweekly.com/bsw247

If you want learn more or sign-up and try Galaxy for free, please visit https://www.securityweekly.com/galaxy

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Security Weekly 25 index has finally cooled off, closing at 2226.93 on January 13th, 2022, which is an increase of 122.69% (down from last Q) since inception. The NASDAQ Index closed at 14,806.81 on January 13th, 2022, which is an increase of 123.15% (down from last Q) during the same period. It hit another all-time high of 16,057.44 during the quarter. Then, in the Leadership and Communications segment, Arming CISOs With the Skills to Combat Disinformation, Is the 'Great Resignation' Impacting Cybersecurity?, Ask These 5 Questions to Decide Your Next Career Move, and more!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw246

How cloud resources are architected and utilized is different for every organization, but whether cloud native or cloud traditionalist – security risk and complexity are problems. Concerns over account takeover, overprivileged access and the struggle to keep pace with the dynamism of the cloud are driving demand for a better way to secure access. Hear Colby Dyess, Director of Product at Appgate, discuss how the principles of Zero Trust strengthen and simplify access controls across varying cloud architectures. We’ll address everything from users connecting to multi-cloud resources, secure service-to-service communication and running security as code.

In the leadership and communications section, no, we're not discussing log4j, 2021 recaps or lessons learned, or 2022 new year's resolutions or predictions!

Show Notes: https://securityweekly.com/bsw245

This segment is sponsored by Appgate. Visit https://securityweekly.com/appgate to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Throughout her career, Sandy Dunn has continued to mature and refine her skills. In the early days, she describes her job as a "hostage negotiator", constantly negotiating between the business teams and the security team. But as you mature, so does your approach to security. Now, Sandy talks about simplifying "knowledge management" to make it easy to understand security and becoming a "business listener" to make the right decisions. In the leadership and communications section, The Office of the CISO: A Framework for the CISO, America’s Cyber-Reckoning, How to Include Cybersecurity Training in Employee Onboarding, and more!

Show Notes: https://securityweekly.com/bsw244

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Mike Murray, CEO and Founder at Scope Security, to discuss Why Hospitals Face Unique Security Challenges! In the Leadership and Communications section: 13 traits of a security-conscious board of directors, 7 Strategies for CSO Cybersecurity Survival, 10 Effective Ways You Can Improve Your Communication Skills, and more!

Show Notes: https://securityweekly.com/bsw243

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

We cover a lot of articles about CISO leadership, communications, skills, and yes, transition. This week we discuss the CISO transition from a CISO's perspective. I will interview my co-hosts on why they made moves in 2021, what criteria did they use to analyze their next role, and what are their strategies for a successful transition. In the Leadership & Communications section, 'They Said a CISO Does What?', 5 Tips to be an awesome CISO, 9 tips for an effective ransomware negotiation, and more!

Show Notes: https://securityweekly.com/bsw242

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

As a CISO tasked to present to the Board or other executives, communicating cybersecurity in business context is critical to success. Hear from Kevin Powers, who has taught hundreds of CISOs in his executive education courses how to level-up their presentation skills, metrics, and executive approach. Learn also from Padriac O'Rielly, CPO & Co-Founder of CyberSaint, about how some of the most cutting-edge security leaders are providing actionable, risk-based insights in Boardrooms and beyond to better build resiliency in the digital age. In the Leadership & Communications section for this week: Four Things Your CISO Wants Your Board to Know, 4 in 10 Organizations Do Not Employ a CISO, Creating a Culture of Cybersecurity, & more!

Show Notes: https://securityweekly.com/bsw241

Visit https://securityweekly.com/cybersaint to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Tony Cole, CTO at Attivo Networks, to discuss Protecting Identity Services! Identity Services such as Active Directory is an area that is almost always utilized by the attacker after the initial endpoint is compromised. This is an area lacking critical focus by defenders for a myriad of reasons. Discussion will entail how this attitude can and should change. In the Leadership and Communications section, The Gardener: Four Attributes Of A Great Leader, Unpacking 5 Myths About Management, 5 Cybersecurity Myths That Make You More Vulnerable to Attacks, and more!

Show Notes: https://securityweekly.com/bsw240

Visit https://securityweekly.com/attivonetworks to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The rise in cyberattacks and the switch to remote work has kept security teams busy, but it has also left them isolated by halting their ability to meet with peers and network with industry friends. Suresh Balasubramanian Qualys CMO and Sara Griffith CISO at Euronet Worldwide will discuss the value of in-person cybersecurity events, how attending can reinvigorate teams, the benefits to sharing best practices with peers, and getting up to speed on the latest innovations in cybersecurity through conference presentations. In the Leadership and Communications section, The First 100 Days in A CISO’s Life — Biggest Mistakes and Best Quick Wins, Hybrid work woes: FOMO is real, employees feel disconnected, Breaking Down Cybersecurity's Hiring Problem, and more!

Show Notes: https://securityweekly.com/bsw239

Segment Resources: https://www.qualys.com/qsc/2021/las-vegas/

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Kyle McNulty, Founder and Host at Secure Ventures, to discuss Easy Ways for Businesses to Become More Resilient! More and more, start-ups and small companies have to consider cybersecurity earlier in their growth cycle. Whether for a VC investment or revolutionary customer, cybersecurity can make or break a deal. Kyle will break down key strategies to secure your small company with limited time and resources.

In the Leadership and Communications section, 10 Questions Great Bosses Ask Themselves, 5 cybersecurity personality traits for a successful career, 3 Security Priorities to Support the New Hybrid Workplace, and more!

Show Notes: https://securityweekly.com/bsw238

Segment Resources:

https://podcasts.apple.com/us/podcast/secure-ventures-with-kyle-mcnulty/id1545294976

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Renee Tarun, Deputy CISO at Fortinet, to discuss Fight Fire With Fire: Proactive CyberSec Strategies for Security Leaders! In the Leadership and Communications section for this week: CISOs: Approach the board with precision, simplicity, Layoffs Taught Me To Never Make 3 Powerful Leadership Mistakes, 6 zero trust myths and misconceptions, & more!

Show Notes: https://securityweekly.com/bsw237

Segment Resources:

https://www.barnesandnoble.com/w/fight-fire-with-fire-renee-tarun/1139924071

Visit https://securityweekly.com/fortinet to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The Security Weekly 25 Index hits an all-time high for the third straight quarter! In this segment, Matt, Jason, and Ben break down the cybersecurity market winners and losers, in both the public and private markets! In this episode, we discuss the role of Zero Trust Network Access in strengthening and simplifying access controls for today’s hybrid workforce as they connect from anywhere to multi-cloud, on-premises and even legacy applications. This includes how to reduce the attack surface due to digital sprawl and even reduce complexity for improved user-experience and operational efficiency.

Show Notes: https://securityweekly.com/bsw236

Visit https://securityweekly.com/appgate to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

It is Cybersecurity Awareness Month, but security awareness is a lot tougher than just dedicating a month to awareness activities. Security awareness is a journey, requiring motivation along the way. Brian Reed, Cybersecurity Evangelist from Proofpoint, joins Business Security Weekly to discuss the security awareness journey and how the human elements can help motivate us. Brian will discuss how personalized content and gamification can help achieve better outcomes for organizations and the individual. In the Leadership and Communications section for this week: How to strive and thrive [in a meeting], 5 steps toward real zero trust security, Seven strategies for building a great security team, & more!

Show Notes: https://securityweekly.com/bsw235

Visit https://securityweekly.com/proofpoint to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

With the first recorded death from a Ransomware attack during the Pandemic, it's time to take medical device security seriously. Dan Purvis, CEO at Velentium, joins Business Security Weekly to discuss the challenges of embedded device security, but also the ramifications to public health. Dan will discuss how to address vulnerabilities in code and firmware, plus the importance of secrets and the software bill of materials.

We kick-off Cybersecurity Awareness Month with Alaina Clark, Assistant Director for Stakeholder Engagement at the Cybersecurity and Infrastructure Security Agency (CISA). Jill Aitoro, Editor in Chief at SC Media, joins Business Security Weekly for this special interview covering: CISA's Initiatives, Public-Private Partnerships, Cybersecurity Awareness Month, and their 4th annual Cyber Summit.

Show Notes: https://securityweekly.com/bsw234

Segment Resources: https://www.velentium.com/cybersecurity-training?hsCtaTracking=55e5cb87-6198-4b79-8652-a7ce03738c75%7C94d6bbbb-613b-4377-a95d-b679c8acc53b

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Guillaume Ross, CISO at Finaptic, to discuss Building Security from Scratch: One Year as CISO at a Start-up! We often think "this would be so much better if done properly from the beginning", but the reality is, doing things from scratch comes with different challenges. Managing priorities, deciding what you tackle on from the absolute beginnings of a company in terms of security is a fun challenge. In the Leadership and Communications section, Who actually owns cyber security: CISO vs. CIO, How to Say “No” After Saying “Yes”, Decode different types of business interruption insurance, and more!

Show Notes: https://securityweekly.com/bsw233

Segment Resources: Full session at the upcoming GoSec Conference: https://www.gosec.net/sessions/

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Tom Roeh, Director of Systems Engineering at ExtraHop, to discuss Accelerating 0-Trust Adoption W/ End2End Visibility & Increased Collaboration! In this episode, we discuss important considerations for planning, implementing, operating, and securing a Zero Trust deployment––more rapidly and with lower risk. This includes the vital role end-to-end visibility and frictionless collaboration between IT ops teams play across Zero Trust rollout phases. In the Leadership and Communications section: Boards rethink incident response playbook as ransomware surges, How CISOs and CIOs should share cybersecurity ownership, How CISOs are Building a Modern Cybersecurity Partnership, & more!

Show Notes: https://securityweekly.com/bsw232

Segment Resources:

Visit https://securityweekly.com/extrahopto learn more about them!

Visit https://www.securityweekly.com/bswfor all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Kevin Nolten, Director of Academic Outreach from Cyber.org! Kevin joins Business Security Weekly to discuss how cyber education is the key to solving the skills gap and developing the next generation of cybersecurity professionals. Kevin will share examples of how we, the cybersecurity community, can get involved in K-12 and higher education programs, strategies for developing young talent, and how Cyber.org's curriculum can be used to train your employees!

In the Leadership and Communications section, The SEC Is Serious About Cybersecurity. Is Your Company?, CISA Urges Organizations to Avoid Bad Security Practices, IT leaders facing backlash from remote workers over cybersecurity measures, and more!

Show Notes: https://securityweekly.com/bsw231

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Derek Manky, Chief, Security Insights & Global Threat Alliances at Fortinet's FortiGuard Labs, to discuss the State of Cyber Threats: Tenfold Increase in Ransomware! Looking into the first half of 2021, there are important indicators of what cyber adversaries are planning next. This will be a conversation about cyberthreat trends and looking into takeaways from big name attacks so far this year.

In the Leadership and Communications section, Executives in tech say staff attrition is rising, 7 in 10 Facility Managers Consider OT Cybersecurity a Major Concern, Consumers Concerned About Personal Data Collection, and more!

Show Notes: https://securityweekly.com/bsw230

Segment Resources:

https://www.fortinet.com/fortiguard/labs https://www.fortinet.com/blog/threat-research

Visit https://securityweekly.com/fortinet to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Ben Carr, CISO at Qualys, joins Business Security Weekly to share his views on the evolving role of the CISO. He’ll dive into the ever changing risks and how CISOs need to understand those risks to be truly aligned to the business. He will also discuss the different types of CISOs and how to align your direction and focus with that of a company's needs. In the Leadership and Communications section:10 years later, software really did eat the world, CISOs’ 15 top strategic priorities for 2021, 7 steps to protect against ransomware-related lawsuits, and more!

Show Notes: https://securityweekly.com/bsw229

Visit https://securityweekly.com/qualys to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Fleming Shi, CTO at Barracuda Networks, to discuss Ransomware Trends 2021! In the Leadership and Communications segment, 7 tips for better CISO-CFO relationships, 5 Simple Tips to Help You Write a Powerful Email That Gets Read, 3 Strategies to Secure Your Digital Supply Chain, and more!

Show Notes: https://securityweekly.com/bsw228

Visit https://securityweekly.com/barracudato learn more about them!

Visit https://www.securityweekly.com/bswfor all the latest episodes!

Follow us on Twitter: https://twitter.com.securityweekly

Follow us on Facebook: https://facebook.com/secweekly

This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You! In the Leadership and Communications section for this week, A Chief Executive Officer's Guide to Cybersecurity, Zoom Settlement: An $85M Business Case for Security Investment, CISOs: Do you know what's in your company’s products?, and more!

Show Notes: https://securityweekly.com/bsw227

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://twitter.com/securityweekly

Follow us on Facebook: https://facebook.com/secweekly

This week, we welcome Edward Liebig, CISO at Delviom LLC, to discuss OT Security for Critical Infrastructure and Why It Is Not “Intuitive”! In the Leadership and Communications articles, 10 security tools all remote employees should have, 1 in 4 security teams report to CIOs, but would benefit from CISO leadership, state of cybersecurity survey results, destigmatizing reporting security vulnerabilities and more!

Show Notes: https://securityweekly.com/bsw226

Visit https://www.securityweekly.com/bswfor all the latest episodes!

Follow us on Twitter: https://twitter.com/securityweekly

Follow us on Facebook: https://facebook.com/secweekly

This week, we talk Security Money! Both the Security Weekly 25 Index and the NASDAQ close at record highs on 7/23/2021. See how the security market continues to stay hot.

In the Leadership and Communications section for this week: In modernization, security is a barrier and an incentive, Federal CISO DeRusha Maps FISMA Reform Priorities, Cybersecurity salaries: What 8 top security jobs pay, and more!

Show Notes: https://securityweekly.com/bsw225

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://twitter.com/securityweekly

Follow us on Facebook: https://facebook.com/secweekly

In light of recent events and the pressures of the digital world, the landscape is finally shifting towards risk. The opportunity for cyber risk profiling, standardization, and seamless collaboration between CISOs, CIOs, and business-side leadership has come. Padraic O'Reilly, Co-Founder and CPO of CyberSaint discusses what he's learned from working with members of the Global 500 to achieve truly continuous compliance and risk management, and how CyberSaint is delivering Cyber Risk Automation with it's CyberStrong platform.

In the Leadership and Communications section, How much does a CEO or business leader need to know about cybersecurity, How businesses can drive innovation while delivering operational excellence, 6 resume mistakes CISOs still make, and more!

Show Notes: https://securityweekly.com/bsw224

To learn more about CyberSaint, please visit: https://securityweekly.com/cybersaint

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Every day brings news of more breaches and ransomware attacks. Why are organizations failing to protect themselves, and what can we do to combat these cybersecurity threats? Technological advances, such as XDR and AI-driven threat monitoring, offer a way to thwart attackers in an ever-evolving security landscape. In the Leadership and Communications section, 3 Things Every CISO Wishes You Understood, What is the BISO role and is it necessary?, Cyber insurance costs up by a third, and more!

Show Notes: https://securityweekly.com/bsw223

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jim Richberg, Public Sector Field CISO at Fortinet, to discuss The Year of Hybrid! In the Leadership and Communications section: Cybersecurity today requires greater digital and business understanding, 12 skills business continuity managers need to succeed, SOC burnout is real: 3 preventative steps every CISO must take, and more!

Show Notes: https://securityweekly.com/bsw222

Visit https://securityweekly.com/fortinet to learn more about them! https://www.fortinet.com/blog

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, Ben Higgins and Ted Driggs of ExtraHop join Security Weekly to explore how behavior transparency can give organizations an advantage by distinguishing between expected noise and indications of compromise! Then, in the Leadership and Communications section, What is the hidden cost of maintaining legacy systems?, 10 Leadership Habits of Highly Effective Leaders, 5 Key Ingredients to Finding Satisfaction and Fulfillment in Your Work, and more!

Segment Resources:

https://www.extrahop.com/behaviortransparency

This segment is sponsored by ExtraHop Networks.

Visit https://securityweekly.com/extrahop to learn more about them or visit https://www.extrahop.com/behaviourtransparency to learn more about behavior transparency!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw221

This week, we welcome Jonny Noble, Technical Marketing Team Lead at Cisco Umbrella, to discuss Securing User Connections to Applications! In the Leadership & Communications articles: Attracting Talent During a Worker Shortage, CISOs Say Application Security is Broken, Three Steps to Harden Your Active Directory in Light of Recent Attacks, Demystifying RockYou2021, & more!

Show Notes: https://securityweekly.com/bsw220

Visit https://securityweekly.com/ciscoumbrella to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Travis Isaacson, Technical Expertise Manager at Detectify, to discuss Optimize Buying Criteria to Ensure Success of Your New Security Tools! In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more!

Show Notes: https://securityweekly.com/bsw219

Visit https://securityweekly.com/detectify to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Chris Hallenbeck, CISO, Americas at Tanium, discussing how to Simplify & Accelerate Patch Management! Most people focus on the patch, check that box but they forget the other side of the coin. How do they make sure a bad actor isn't still in their network? This week, in the Leadership and Communications section, CISOs Struggle to Cope with Mounting Job Stress, Corporate Compliance Strategies to Protect Data, Cybersecurity Metrics That Matter, and more!

Show Notes: https://securityweekly.com/bsw218

Segment Resources:

https://site.tanium.com/rs/790-QFJ-925/images/Tanium_SolutionPaper_DistributedWorkforce_FINAL.pdf

https://site.tanium.com/rs/790-QFJ-925/images/PB-Patch.pdf

Visit https://securityweekly.com/tanium to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, It's RSA Conference 2021. In our first segment, we welcome Joe Noonan, General Manager at Unitrends, to discuss "Unified BCDR: Why Backup Alone is No Longer Enough". In our second segment, we welcome Jonathan Nguyen, Vice President, Field CISO Team at Fortinet, to discuss "Building a Unified Security Fabric"!

Show Notes: https://securityweekly.com/bsw217

Visit https://securityweekly.com/fortinet to learn more about them!

Visit https://securityweekly.com/unitrends to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

The shift away from web application security, caused by the pandemic and the focus on remote workforces, resulted in an increased number of web vulnerabilities, as shown in the latest Acunetix by Invicti Web Application Vulnerability Report. In this segment, Ryan will discuss the main results, the trends that might have caused them, and advise how you can protect your organization against vulnerabilities that can negatively impact your business. In the Leadership and Communications section, 6 ways to spur cybersecurity board engagement, 5 key qualities of successful CISOs, and how to develop them, 4 Actions Transformational Leaders Take, and more!

Show Notes: https://securityweekly.com/bsw216

Segment Resources: The Invicti AppSec Indicator, Spring 2021 Edition: Acunetix Web Vulnerability Report https://www.acunetix.com/white-papers/acunetix-web-application-vulnerability-report-2021/

Visit https://securityweekly.com/netsparker to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Graham Keavney, President at Cybersecurity Collaboration Forum, joins us to provide an overview of the Cybersecurity Collaboration Forum and the benefits of CISO peer-to-peer networks. This week, it's my favorite segment, Security Money, where we update you on the latest security funding and performance of the public market. The Security Weekly 25 index is still going strong.

Show Notes: https://securityweekly.com/bsw215

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Cyber accountability is often overlooked by Board of Directors and the C-Suite. They tend to turn a blind eye to their cyber security mandates or avoid the issue. But as Solarwinds, MS Exchange and many other security incidents prove it, it’s not a strategy. In the Leadership and Communications section, Outgunned CISOs navigate complex obstacles to keep rising attacks from turning into breaches, How to write a cyberthreat report executives can really use, Creating and rolling out an effective cyber security strategy, and more!

Show Notes: https://securityweekly.com/bsw214

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Segment Resources:

www.VigiTrust.com

https://forbesbooks.com/mathieu-gorge/

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

When the world went fully remote a year ago, many systems had to migrate from on-premise to the cloud. Now that we're starting to re-open offices, do we move these system back to on-premise or is cloud the new normal? Fleming Shi, CTO from Barracuda Networks, joins us to discuss the ongoing challenges of the hybrid workforce.

In the Leadership and Communications section, Federal Reserve Chairman Says Cyber-Risk a Top Threat to National Economy, What Good Leaders Do When Replacing Bad Leaders, My Ten Rules for Work-Life Balance, and more!

Show Notes: https://securityweekly.com/bsw213

Visit https://securityweekly.com/barracuda to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!

Show Notes: https://securityweekly.com/bsw212

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Nemi George, VP, IT & Information Security Officer at Pacific Dental Services, to discuss How NDR Technology Helps Manage Cybersecurity Challenges! MoNDR technologies such as ExtraHop are the latest tools in the CISO toolbox for combating cybersecurity threats. It enables previously unattainable speed and efficacy in detecting, identifying and responding to anomalies and malicious traffic and network events. In the Leadership and Communications section, Being a CISO in 2021: How to Be a Business Leader in the Boardroom, Skills CISOs Need to Have in 2021, Build your cybersecurity A-team: 7 recruiting tips, and more!

Show Notes: https://securityweekly.com/bsw211

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Christopher Gates, Director of Product Security at Velentium, to discuss the Medical Device Secure Development Lifecycle! How to incorporate security into your existing medical device development process, What artifacts need to be created, & Security activities that are new. In the Leadership and Communication Segment, 5 Reasons Why Cybersecurity Should Be A Priority While Planning Your Business, 3 Key Tasks That Help Me Work Way Less and Accomplish More, Everything You Need to Know About Dictionary Attacks, Is Misinformation Slowing SASE Adoption, & more!

Show Notes: https://securityweekly.com/bsw210

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits. In the Leadership and Communications section, The importance of culture in digital transformation, 4 ways to keep the cybersecurity conversation going after the crisis has passed, 8 new roles today’s security team needs, and more!

Show Notes: https://securityweekly.com/bsw209

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

In 2020, we interviewed Gerald Beuchelt on Enterprise Security Weekly. At that time, he was the CISO at LogMeIn. Now he's the CISO at Sprinklr. What's it like to transition jobs in the middle of a pandemic as the the first CISO of a company? Gerald discusses his transition story and shares his recommendations and lessons learned for other CISOs.

In the Leadership and Communications section, Risky business: 3 timeless approaches to reduce security risk in 2021, Why Less Can Be More When It Comes to Cybersecurity, CISO job search: What to look (and look out) for, and more!

Show Notes: https://securityweekly.com/bsw208

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, David Chamberlin, Managing Director at CRA, Inc., joins Business Security Weekly to discuss preparation for a security incident and how to develop a communications plan that's simple and effective. In the Leadership and Communications section, Financial Targets Don’t Motivate Employees, Texas power outage flags need to revisit business continuity, Security job candidate background checks: What you can and can't do, and more!

Show Notes: https://securityweekly.com/bsw207

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Dutch Schwartz, Cloud Security Strategist at AWS, to discuss cloud's influence on the evolving culture of security. Having worked with many Fortune 500 CISOs and CIOs, Dutch will share his thoughts on risk, aligning to the business, and how cloud can accelerate, but also change the way we approach security. In the Leadership and Communications section, Are businesses underinvesting in cybersecurity?, 4 tips to help CISOs get more C-Suite cybersecurity buy-in, New CISO Priorities of 2021, and more!

Show Notes: https://securityweekly.com/bsw206

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Ben Carr, Global Chief Information Security Officer at Qualys! Ben steps in last minute to talk about his transition from Aristocrat to Qualys and the evolution of the CISO role! In the leadership and communications section, 9 Steps for Effective Cybersecurity Risk Management, The Big 8: How to heighten cybersecurity governance, 7 Super Bowl rings for Tom Brady, and more!

Show Notes: https://securityweekly.com/bsw205

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, it's time for our quarterly segment to review the money of security, including public companies, IPOs, funding rounds and acquisitions from Q4 2020. We'll also update you on our own index that tracks public security companies called, Security Weekly 25! Everyone has heard the GameStop frenzy by now, but what's it all about. How did a group of Reddit users hack the financial system and squeeze the hedge funds? We're going to discuss the details behind r/wallstreetbets and how they hacked the hedge funds!

Show Notes: https://securityweekly.com/bsw204

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Matt Cauthorn, VP Sales Engineering at ExtraHop, to talk about how Everyone missed SUNBURST... or did they? When the SolarWinds Orion SUNBURST attack hit the national newscycle, businesses far-and-wide scrambled to determine whether or not they were affected–unfortunately, many found they couldn't say either way with confidence. And then came the question, "why didn't anyone catch this?" ExtraHop's Matt Cauthorn joins BSW to discuss the SUNBURST attack, why it was so challenging to detect, and share some behavioral analysis insights to shed light on what the attackers were doing post-compromise. In the Leadership and Communications section, Cybersecurity Failure among Highest Risks, warns World Economic Forum, How to reboot a broken or outdated security strategy, A 21st Century Solution to Our Cybersecurity Skills Shortfall, and more!

Show Notes: https://securityweekly.com/bsw203

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Patrick Orzechowski, VP of R&D at deepwatch, to help us learn why deepwatch chose Splunk as it’s one and only SIEM solution to deliver its Managed Detection & Response services to Fortune 2000 customers. Hear how deepwatch is leveraging a variety of Splunk capabilities and advanced API integrations to detect and respond to threats in customer environments.

In the Leadership and Communications section, How BISOs bridge the gap between corporate boards and cybersecurity, 5 questions CISOs should ask prospective corporate lawyers, Good Leadership Is About Asking Good Questions, and more!

Show Notes: https://securityweekly.com/bsw202

Visit https://securityweekly.com/deepwatch to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Todd Fitzgerald, Vice President, Cybersecurity Strategy at Cybersecurity Collaborative, to talk about CISO Stories! Up Your game with the CISO STORIES Podcast! If anything this past year has taught us is that we can not go on our own, and leveraging the experiences from other CISOs is critical to our success. Join Todd as he introduces a new Podcast featuring actionable lessons from top-notch CISOs and Cybersecurity Leaders. In the Leadership and Communications section, 6 board of directors security concerns every CISO should be prepared to address, Four ways to improve the relationship between security and IT, CISO playbook: 3 steps to breaking in a new boss, and more!

Show Notes: https://securityweekly.com/bsw201

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Padraic O'Reilly, Chief Product Officer & Co-Founder at CyberSaint, to talk about Transforming Cyber Risk/Compliance Through Automation! For this final segment of 2020, why pull more articles to review when we all lived it? Instead, let's recap some of the leadership and communications lessons we have learned in a very difficult 2020 and discuss the changes we'll make in 2021 to be better leaders.

Show Notes: https://securityweekly.com/bsw200

Visit https://securityweekly.com/cybersaintbsw to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Sri Sundaralingam joins Security Weekly to discuss the challenges of hybrid workforce and what security professionals should start thinking about as they begin planning for a return to the office in 2021! In the leadership and communications section, Darth Vader Week - Leadership from the Dark Side, Compassionate Leadership Is Necessary — but Not Sufficient, 3 Steps to Run Better and More Effective Meetings, and more!

Show Notes: https://securityweekly.com/bsw199

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, Jeff Capone, CEO and Co-founder at SecureCircle, joins us to discuss how to protect all of your data and stop asking "Where's Your Data?"! If we can protect everything, who cares where it is, as you continue to maintain control! In the Leadership and Communications section,Your Title Doesn't Make You a Leader, The New Nine to Five: How Traditional Hours Are Holding Your Business Back, Building a Better Workplace Starts with Saying “Thanks”, and more!

Show Notes: https://securityweekly.com/bsw198

Visit https://securityweekly.com/securecircle to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, James Gomez, CISO at Cybersec, join us to discuss Cybersecurity & Integrated Risk Management! In the Leadership and Communication Segment we discuss the creative mindset, CMMC challenges, work from home security is still lacking security, you may not get it right the first time, reaching your goals, increasing productivity with music, tackling bottlenecks and more!

Show Notes: https://securityweekly.com/bsw197

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Kevin O'Brien, CEO and Co-Founder at GreatHorn, for a discussion around what Risk Mitigation looks like in email! In the Leadership and Communications section, The CISO’s Dilemma: Balancing Security, Productivity With a Housebound Workforce, Seven cybersecurity predictions for 2021, Avoiding cloud sprawl: 5 considerations for managing a multicloud environment, and more!

Show Notes: https://securityweekly.com/bsw196

Visit https://securityweekly.com/greathorn to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to talk about the Cybersecurity Forecast: Cloudy With a Chance of Turbulence! In the Leadership and Communications section, How to Be a Visionary Leader and Still Have a Personal Life, 5 Mistakes CISOs Make in Their Board Presentations, What are CEOs focused on for next year?, and more!

Show Notes: https://securityweekly.com/bsw195

Visit https://securityweekly.com/redseal to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Marie Ketner, Director of Product at Cybrary, to talk about How to Develop Your Cybersecurity Skills! In the Leadership and Communications section, The Dark Side Of Authentic Leadership, Why CISOs must be students of the business, Top IT certifications and degrees to help you advance your career, and more!

Show Notes: https://securityweekly.com/bsw194

Visit https://cybrary.it/solved to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to talk about Scale Your SOC: Protecting Against Browser-Based Threats! In the Leadership and Communications section, Cybersecurity, a risk to all board of directors, Is The Cybersecurity Industry Selling Lemons? Apparently Lots Of Important CISOs Think it Is, 4 critical strategies for tech leaders in Gartner's CIO agenda, and more!

Show Notes: https://securityweekly.com/bsw193

Visit https://securityweekly.com/authentic8 to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week we update you on the Security Weekly 25 Index! In the Leadership and Communications segment, 96% of Cybersecurity Professionals are Happy With Their Roles, 4 Tips for Effective Virtual Collaboration, What’s Really Happening in Infosec Hiring Now?, 5 Signs That Point to a Schism in Cybersecurity, Tactical vs Strategic: CISOs and Boards Narrow Communication Gap, and CISO Stressbusters: 7 tips for weathering the cybersecurity storms!

Show Notes: https://securityweekly.com/bsw192

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back Dr. Mike Lloyd, CTO at RedSeal, to discuss Navigating Complexity: Orienting Your Security Solutions! In our second segment, Michael Santarcangelo and Matt discuss The 4 C's of Leadership!

Show Notes: https://securityweekly.com/bsw191

Visit https://securityweekly.com/redseal to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Parham Eftekhari, SVP & Executive Director of Cybersecurity Collaborative, to discuss The Power of True Peer-to-Peer Collaboration! In the Leadership and Communications section, What it takes to be a transformational CISO, Put Your Metrics Where Your Mouth Is, 5 Simple Ways to Make Better Decisions, and more!

Show Notes: https://securityweekly.com/bsw190

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Ryan Benson, Director of Service Offerings at deepwatch, to discuss the State of the Managed Detection & Response Market! In the Leadership and Communications section, 6 types of CISO and the companies they thrive in, What are the habits of highly effective CISOs, Cybersecurity is Not a Four-Letter Word, and more!

Show Notes: https://securityweekly.com/bsw189

Visit https://securityweekly.com/deepwatch to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Corey Thuen, Founder of Gravwell, to discuss The Power of Context & Collaboration in a Data Driven World! In the second segment, Michael Santarcangelo and Sam Estrella join us to discuss the anatomy of an acquisition! A listener request, Michael will walk us through the Security Weekly acquisition by CyberRisk Alliance to understand the key criteria, processes, and challenges of an acquisition, especially during COVID-19!

Show Notes: https://wiki.securityweekly.com/bsw188

Visit https://securityweekly.com/gravwell to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome back John Loucaides, VP of Research & Development at Eclypsium, to discuss Cracks in the Foundation: Understanding the New Endpoint Challenge! In the Leadership and Communications section, we're playing 3 questions - Does Your Board Really Understand Your Cyber Risks?, How can the C-suite support CISOs in improving cybersecurity?, Think You're Spending Enough on Security?, and more!

Show Notes: https://wiki.securityweekly.com/bsw187

Visit https://securityweekly.com/eclypsium to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Carlos Becerra, Co-Founder at CB Universal, to discuss Role of the CISO, Why Do You Need a vCISO? In the Leadership and Communications section, the lucky 7's have it: 7 Keys to Effective Leadership in Our New Normal, The 7 elements of an enterprise cybersecurity culture, 7 Quotes from Military Leaders to Help You Win at Life, and more!

Show Notes: https://wiki.securityweekly.com/bsw186

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

Visit https://www.securityweekly.com/bsw for all the latest episodes!

This week, we welcome Ed Amoroso, CEO at TAG Cyber, to discuss Disrupting Traditional Security Research & Advisory! In the Leadership and Communications section, Why Do Your Employees Resist New Tech?, Who’s Responsible for a Safer Cloud?, Publicly Reported Data Breaches Stand at its Lowest Point in 5 Years, and more!

Show Notes: https://wiki.securityweekly.com/bsw185

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, we welcome Jeff Costlow, Deputy CISO at ExtraHop, to discuss the challenges of detecting and patching Ripple20! Ripple 20 is a series of zero-day vulnerabilities in a widely used low-level TCP/IP software library developed by Treck, Inc. In the Leadership and Communications section, CISOs say new problem solving strategies required, How Remote Work is Reshuffling Your Security Priorities and Investments, Security Jobs With a Future -- And Ones on the Way Out and more!

Show Notes: https://wiki.securityweekly.com/bsw184

Visit https://securityweekly.com/extrahop to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly

Like us on Facebook: https://www.facebook.com/secweekly

This week, it's Security Weekly Virtual Hacker Summer Camp, and we have two interviews! First, we welcome Matt Ashburn, Federal Engagement Lead at Authentic8, to discuss "How Security Spending Overlooks the Biggest Risk of All"! Then, we welcome Doug Hubbard, Founder at Hubbard Decision Research, to discuss "The Failure of Risk Management"!

Show Notes: https://wiki.securityweekly.com/bsw183

Learn more on how to quantify risk in terms of dollars and cents in order to build better "business impact" decision makers, visit: https://hubbardresearch.com/

Visit https://www.authentic8.com/bsw to learn more about them!

Join the Security Weekly Discord Server: https://discord.gg/pqSwWm4

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Follow us on Twitter: https://www.twitter.com/securityweekly