The Security Show Vicarius

Raffael Marty joins Alona to discuss the state of AI for security systems, why it is important to get the users more involved with security, and how data exploration is still in its infancy.

Highlights


For small enterprises and MSP it’s important for a security product to be easy to use.
The threat landscape is slightly different for small businesses.
The security problems today are still fundamentally the same as 20 years ago despite having more powerful programs.
Understanding how people use their systems is critical to understanding and identifying when there is a deviation.
Many AI systems are being built with poor, biased, or incomplete data.
We cannot solve everything with supervised machine learning.
Data visualization for dashboards has improved but data exploration is still emerging.
Data should be ingested and formatted for anonymity.
Some data is very difficult to make anonymous by the nature of it.
It is imperative to build security into the system from the beginning.
Something like GDPR will most likely be enacted in the United States.

Relevant Links

https://www.linkedin.com/in/raffy/

https://www.connectwise.com/

https://raffy.ch/

https://www.vicarius.io/

Get to Know Raffy

Raffael Marty is SVP of Security Products at ConnectWise. He brings more than 20 years of cybersecurity industry experience across engineering, analytics, research, and strategy to the company. Marty is responsible for developing and executing the ConnectWise cybersecurity strategy.

Prior to Connectwise, Marty was head of research and intelligence at Forcepoint, ran security analytics for Sophos, launched PixlCloud, a visual analytics platform, and Loggly, a cloud-based log management solution. Additionally, Marty held key roles at IBM Research, ArcSight and Splunk and is an expert on established best practices and emerging innovative trends in the big data and security analytics space. Marty is one of the industry's most respected authorities on security data analytics, big data and visualization. He is the author of Applied Security Visualization and is a frequent speaker at global academic and industry events.

Marty holds a master's degree in computer science from ETH Zurich, Switzerland and is a student of the Japanese tradition of Zen meditation.

Dr. Cunningham joins Alona in the studio to talk non-malicious insider threats and how understanding human behavior is critical in successful cybersecurity strategies. She discusses different types of insider threats and what some of the common causes are. Margaret shares with us her personal journey as a woman in cybersecurity, the hurdles she's faced and overcome, and offers insights for women looking to forge a path of their own in tech. Buckle up because we're about to take you on a cross-country cyber road trip!

Highlights


September is National Insider Threat Awareness month.
There are insider threats that are not malicious.
Non-malicious insider threats fall into two categories, accidental and non-accidental
Companies are always thinking about the malicious insiders but are not strategizing enough relative to non-malicious insiders.
Organizations need to understand where their sensitive data lives, but they also need to pay attention to how people in the company are working then they are missing half of the picture.
Working from home can change security habits into less secure actions that an employee would take at work in the office.
Internal employee security training and awareness isn’t good enough to protect your company.
Focus should be on designing a system that can handle the common mistakes or the outcomes from those mistakes.
Understanding is everything and controlling is nothing.
Some non-malicious insiders exist simply because they want to get work done and the current policy or system is slowing them down.
A survey of 3000 people resulted in 47% saying that they use unapproved IT to get their job done.
Oftentimes your best employees are putting you at the most risk.
In some instances we are using technology to do things that it is bad at.
Organizations really need experts on human behavior.
Zero Trust can be effective but there needs to be an “and then what” that needs to be added to encompass the human part.

Relevant Links

https://www.forcepoint.com/company/biographies/dr-margaret-cunningham

https://www.forcepoint.com/blog

https://www.vicarius.io/

Dr. Calvin Nobles, Department Chair and Associate Professor at Illinois Tech College of Computing, joins Alona in the studio to discuss human factors engineering, why cyber policy and awareness needs to be top of mind for senior executives across every department, and the types of policy discussions around preparing the next generation of leaders at Harvard’s Belfer Center.

CISO Hall of Famer Dennis Leber sits down with Alona to discuss human factors engineering in cybersecurity, how cybersecurity literacy needs to be prioritized in leadership positions across the organization, and the ways in which risk assessment needs to evolve to our modern infrastructure.

Brad sits down (digitally, of course) with Alona to chat about the unique challenges blending distinct patch managements processes, the age-old rivalry between IT and security (and what can be done to broker peace), and how we should be viewing vulnerability management instead as risk management.