Security Insights securityinsights

The CISO’s role is changing; that is clear enough.
Indeed, constant change and the need to adapt is always a feature of cybersecurity.
And that’s why our guest this week lists curiosity as one of the key attributes for a cybersecurity career.
Mani Nagothu is field CISO at SentinelOne. Before that she headed up IT security for an energy company. That followed a career as a consultant.
But she didn’t start out in cybersecurity, but as an engineer. And the CISO’s role itself is becoming less technical, and more business focused, she says.
In this episode Mani talks to Stephen Pritchard about her career so far, what it takes to be successful as a CISO, and why greater diversity is the key to strengthening our security teams, and so our defences.  

The cybersecurity skills gap is a problem that won't go away.
Worldwide, there are close to 3.5 million vacancies in the industry. The problem seems to be worsening, not least because we are all doing more business online.
And moves to recruit and retain more staff, as well as to widen the talent pool, take time.
In the immediate term this leaves CISOs with gaps to fill. One option is outsourcing. Another is to use “on demand” cyber specialists. But how do these options work with building larger and more effective in-house teams?
Do they go hand in hand, or are the two measures likely to conflict?
In the second of the second of our three part series looking at the evolution of the CISO role, we speak to Victoria Parker, advisory professional services manager at Orange CyberDefense.
We discuss how external experts can help organisations secure their environments now - but how CISOs still need to invest in their own teams, and that critical talent pipeline.

What is a chief business security officer, and what do they do?
IT and data security are increasingly important. But so too are physical security and resilience.
The chief business security officer, though, is a fairly new addition to the security team.
Over the next three episodes of the Security Insights podcast, we’ll look at the changing role of the CISO, the role interim or outsourced security professionals can play in plugging the skills gap.
We’ll cover the role of interim and virtual CISOs, and whether outsourcing parts of security can make up for a growing skills gap.
But first, we ask Anaïs Beaucousin, Chief Business Security Officer at ADP International, about her role, the threats and risks she manages, and what is needed to make the most of a broader security team.

Ransomware now accounts for the vast majority of cyber attacks.
But regulators and law makers are increasingly concerned about the money being paid out to ransomware groups -- often, it is used to fund further crime.
Should paying ransoms be banned? Would a ban improve security, or make matters worse? And what steps can organisations take, to cut the risk of falling victim to a ransomware attack in the first place?
Our guest this week is Ian Thornton Trump, CISO at Cyjax. He believes that calls to ban ransomware are misplaced; a ban gives firms fewer options when it comes to responding to an attack. And fines for paying ransoms is further punishing victims of cybercrime.
He discusses the development of ransomware, why it is so dangerous, and how to counter it with Stephen Pritchard.

In this episode, we look at why a lack of robust identity controls are one of the biggest causes of cloud security failures.
Cloud operators, at least the larger ones, now have robust security in place. But that security is there, first and foremost, to protect their business. The "shared responsibility model" means that users are responsible for their data and applications.
The problem, as our guest this week identifies, is that senior managers fail to understand that point, and expect the cloud to fix everything.
It won't, and as Jennifer Cox, member of the global engineering team at Tenable, and director for Ireland of Women in Cybersecurity, warns "it always makes me a bit nervous when people think that something is foolproof".

Are passwords now a security risk? And if they no longer work, what should replace them?
In this episode, we speak to https://www.linkedin.com/in/johncapps/ at VIDA Digital Identify, and Ev Kontsevoy, CEO of infrastructure access firm Teleport.
They argue that relying on "secrets" and data to prove identity no longer guarantees security. Alternatives, including zero trust, hold out a lot of promise. But moving to zero trust needs the whole organisation behind it -- it's as much about culture as technology.