Sveriges mest populära poddar

Redefining CyberSecurity

Strategies for Effective Cybersecurity Governance and Protection to Better Balance Innovation and Regulation in Cybersecurity | CISO Circuit Series with Mandy Huth and Whitney Merrill | Michael Piacente and Sean Martin | Redefining CyberSecurity Podcast

48 min • 10 oktober 2024

About the CISO Circuit Series

Sean Martin and Michael Piacente will join forces roughly once per month to discuss everything from looking for a new job, entering the field, finding the right work/life balance, examining the risks and rewards in the role, building and supporting your team, the value of the community, relevant newsworthy items, and so much more. Join us to help us understand the role of the CISO so that we can collectively find a path to Redefining CyberSecurity. If you have a topic idea or a comment on an episode, feel free to contact Sean Martin.

____________________________

Guests: 

Michael Piacente, Managing Partner and Cofounder of Hitch Partners

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/michael-piacente

Mandy Huth, Global CISO - VP of Cybersecurity, Kohler Co.

On LinkedIn | https://www.linkedin.com/in/mandyhuth/

Whitney Merrill, Head of Global Privacy & Data Protection Officer, Asana [@asana]

On LinkedIn | https://www.linkedin.com/in/whitney-merrill-5ab05012/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

Imperva | https://itspm.ag/imperva277117988

LevelBlue: https://itspm.ag/attcybersecurity-3jdk3

___________________________

Episode Notes

In this episode of the CISO Circuit series on the Redefining CyberSecurity podcast, co-hosts Sean Martin and Michael Piacente lead an engaging discussion about the current state of cybersecurity leadership, liability, and protection. Their conversation features insights from two distinguished guests: Mandy Huth, an enterprise security leader with over 20 years of experience, and Whitney Merrill, a privacy attorney with a strong background in computer science and legal frameworks around consumer protection.

The discussion opens with an exploration of individual liability for cybersecurity leaders and broader business leadership within organizations. Whitney Merrill argues that regulators like the FTC and SEC are increasingly holding individuals accountable for security and privacy lapses. The conversation highlights notable cases where executives have faced scrutiny, emphasizing the growing expectation for tangible processes and proper security postures within organizations.

Mandy Huth underscores the importance of shared responsibility and accountability within a business, noting that security decisions are not made in isolation. She advocates for a collaborative approach where security leaders outline risks comprehensively to allow for informed decision-making across the executive team. Huth also expresses concern over the proliferation of CYA (Cover Your Ass) practices that prioritize documentation over meaningful risk mitigation, warning that this can dilute the effectiveness of security programs.

Another central theme in the episode centers on the need for standardized frameworks and a common language to articulate risk across an organization. Both guests highlight the need for clear, consistent communication of risks to build a unified understanding among all stakeholders, from the board to individual teams. Piacente and Merrill emphasize that while existing frameworks like NIST and ISO provide a foundation, there is an ongoing need to adapt these frameworks to align with industry-specific contexts and evolving regulatory expectations.

A significant takeaway from the conversation is the role of systemic risk and the potential outsized impact of seemingly minor vulnerabilities. Huth and Merrill caution against underestimating these risks and advocate for continuous improvement and adaptation of security measures. They suggest that prioritizing business-friendly security practices can help foster greater adoption and collaboration across the enterprise.

The episode concludes with reflections on the future landscape of cybersecurity regulation and practice. Whitney Merrill envisions a shift towards democratizing security, making it more accessible and achievable for small businesses through standardized, affordable solutions. Meanwhile, Huth calls for a balance between regulatory clarity and flexibility to ensure innovative small businesses can thrive without being stifled by onerous security requirements.

Overall, the conversation provides valuable insights into the complexities of cybersecurity management, emphasizing the importance of collaboration, clear communication, and adaptability in navigating modern security challenges. These discussions are essential for any business leader or security professional looking to enhance their organization's resilience against cyber threats.

____________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

📺 https://www.youtube.com/@itspmagazine

Be sure to share and subscribe!

____________________________

Resources

____________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Förekommer på
00:00 -00:00