Guest: David Hunt, Author
On Linkedin | https://www.linkedin.com/in/david-hunt-b72864200/
On Twitter | https://twitter.com/privateducky
____________________________
Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]
On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin
____________________________
This Episode’s Sponsors
Imperva | https://itspm.ag/imperva277117988
Pentera | https://itspm.ag/penteri67a
___________________________
Episode Notes
In this episode of Redefining Cybersecurity, host Sean Martin engages in a thought-provoking conversation with David Hunt, author of the book, Irreducibly Complex Systems: An Introduction to Continuous Security Testing, to explore the topic presented in the book.
David introduces the concept of irreducibly complex systems, explaining that continuous security testing requires a system where all the individual components must be functioning correctly for the system to work. He uses the analogy of a mousetrap to illustrate this idea, highlighting that removing even one component renders the entire system useless.
The conversation also digs into the challenges of testing in changing environments and the need to understand how defenses perform during specific time frames. They discuss the value of continuous security testing in gaining visibility into the effectiveness of security defenses and shedding light on techniques used by malicious actors.
Sean, having been a software quality assurance engineer in previous roles, and David, having held numerous roles in the commercial, public, and non-profit realms, explore the differences between continuous security testing and traditional security testing. They explain that continuous testing focuses on evaluating how defenses respond to attacks, rather than testing offensive capabilities. Moreover, continuous security testing operates at complete scale on production systems, unlike traditional testing which is often limited to development environments.
They also discuss the importance of overcoming the dichotomy of skill sets required for continuous security testing. David explains that the offensive skills needed to create effective tests and attacks are often separate from the software skills needed to build a safe, high-assurance command and control center.
Throughout the episode, Sean and David provide listeners with valuable insights into the world of continuous security testing and its significance in the evolving cybersecurity landscape. They emphasize the need for organizations to adopt this approach in order to gain better visibility and understanding of their defenses in the face of emerging threats.
There’s a lot to take from this conversation, including an extreme example of how continuous security testing results have redefined cybersecurity in David’s organization.
____________________________
About the book
Continuous security testing (CST) is a new strategy for validating your cyber defenses. We buy security products that promise to protect us, like EDR, but how do we know they're working? CST takes the stance that endpoints are the center of your infrastructure universe. Whether the operating system verticalizes defense or a third party is bolted on, it is the job of the endpoint to protect itself from within. This new concept dictates testing should occur around the clock, in production and at scale. It provides an open model that others can use to approach testing and finally answer the question: Do you know with certainty that your defenses will protect you against the latest threats?
____________________________
Watch this and other videos on ITSPmagazine's YouTube Channel
Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:
📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq
ITSPmagazine YouTube Channel:
📺 https://www.youtube.com/@itspmagazine
Be sure to share and subscribe!
____________________________
Resources
Irreducibly Complex Systems: An Introduction to Continuous Security Testing (Book): https://www.yellowduckpublishing.com/books.html?title=icsd
____________________________
To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:
https://www.itspmagazine.com/redefining-cybersecurity-podcast
Are you interested in sponsoring an ITSPmagazine Channel?
👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network