17 episodes

The Future of Exposure Management podcast is dedicated to helping security professionals tackle real issues in the vulnerability management space. In each episode, NopSec’s CEO Lisa Xu will interview industry experts and leading practitioners about what can be done to prepare for the future of exposure management. This show is brought to you by NopSec.com

Future of Exposure Management NopSec

    • Business
    • 5.0 • 2 Ratings

The Future of Exposure Management podcast is dedicated to helping security professionals tackle real issues in the vulnerability management space. In each episode, NopSec’s CEO Lisa Xu will interview industry experts and leading practitioners about what can be done to prepare for the future of exposure management. This show is brought to you by NopSec.com

    Hussein Syed: Healthcare InfoSec – where we are and where we’re headed

    Hussein Syed: Healthcare InfoSec – where we are and where we’re headed

    In this episode, we talk with Hussein Syed, CISO of RWJBarnabas Health. Hussein has a wealth of experience in computer science, information systems management, regulatory compliance, and more. To him, the security community’s strength is the people, who come from almost any background imaginable. That diverse background has helped Hussein understand and excel in his role in the healthcare industry – being willing to learn new things is his key to success.
    Other topics discussed:
    Understanding how data is stored and shared in the healthcare industry
    How to ensure security helps protect the progress and development of healthcare innovations
    How to prioritize risks according to potential cascading impacts from a breach
    The maturity progression of attitudes and tools over time
    Ways to collaborate with peers to further understand the needs of each stakeholder
    What the future holds and how we can predict the next threats

    • 30 min
    Jason Loomis: Seeing risk from all sides- holistic vulnerability management

    Jason Loomis: Seeing risk from all sides- holistic vulnerability management

    In this episode, we speak with Jason Loomis, CISO of Freshworks. Jason has been in tech for over 20 years, working with various companies in fashion, health, finance, and banking. He is passionate about leadership and team-building, which influences how he approaches vulnerability risk management. Hear him discuss why people and the process are at the root of vulnerability risks and how configurations can help address them, plus more.
    Other topics discussed:
    How system shortcomings from 20 years ago are still creating problems and challenges 
    Understanding that patches are only one solution to preventing exploitation
    How not to get distracted by “celebrity vulnerabilities” and stay focused on the risks that are causing the big problems
    Methods to calculate your metrics to determine accountability and ownership of risks
    What it means to be mature or immature in corporate policies, processes, and reporting
    The importance of CISOs physically talking to people and avoiding screen-only interacting
    How to make the best of your tools and understand how they work (or don’t work)

    • 26 min
    Sailaja Kotra-Turner: How ”happy accidents” led to a career in IT

    Sailaja Kotra-Turner: How ”happy accidents” led to a career in IT

    In this episode we speak with Sailaja Kotra-Turner, who is the Global CISO at Brown-Forman. Sailaja became a leader in IT by a series of “happy accidents” – she landed in the industry unexpectedly, thanks to a manager who saw her as a leader and mentors who have supported her along the way. We get into how vulnerability management spans across multiple industries, while having some common work tools such as computers and IT systems: tools that all have vulnerabilities and different risk footprints.
    Other topics discussed:
    Most common cyber mistakes that companies make and what we need to take more seriously
    Importance of people in vulnerability management and reducing risk
    Why education and awareness among employees are key to cybersecurity
    How to engage stakeholders so they understand why it’s not just about compliance
    Worries and concerns about the future of the industry
    Learning from mistakes and using teamwork

    • 19 min
    Ed Covert: Reducing risk trumps constant patching

    Ed Covert: Reducing risk trumps constant patching

    In this episode we speak with Ed Covert, who is the Head of Cyber Risk Engineering at Bowhead Specialty Underwriters. Ed started in the mid-1990s working for the US military in IT support work, eventually evolving into a cyber role. We get into how he “made the jump” into the cyber vulnerability world by leaving the safety of the federal government, the professional industry that he had always known. 
    Other topics discussed:
    How his wealth of experience has prepared him well for his current role
    Importance of asking why your company may need a particular security tool or technology
    Why reducing a risk in the first place is a better strategy than constantly patching previous vulnerabilities
    Where to place cyber vulnerabilities on the list of priorities
    Understanding your data and how that determines what tools you need
    How to match the skill sets of employees and what your company needs, and whether degrees are a must
    Knowing how your business makes money and cybersecurity enables profits
    Where the world of security fixes and patches is headed

    • 19 min
    Ed Harris: How to enter and thrive in the infosec industry

    Ed Harris: How to enter and thrive in the infosec industry

    In this episode, Ed Harris, Director of Global Information Security at Mauser Packaging, discusses how his 32 years of experience have taught him how to lead cyber security teams and zero in on the what, why, and how of cyber risks. We hash out how you can enter and thrive in the infosec industry, as well as ways to use all your observational skills to provide top-notch vulnerability management services.
    Other topics discussed:
    The relationship between vulnerability management and knowing your environment
    Understanding how vulnerable your data is to identify weaknesses
    Identifying vulnerabilities and how they change over time
    Determining when to install patches with the least disruption and risk
    Communicating and negotiating with businesses about when to apply security patches
    Building relationships and trust with clients
    Managing external exposure when providing security services
    Whether vulnerabilities will ever go away

    • 39 min
    Jim Scott: How to make security and vulnerability management a priority

    Jim Scott: How to make security and vulnerability management a priority

    In this episode we speak with Jim Scott, Manager of Information Security at Insurance Auto Auction (IAA). Jim has more than 15 years of diverse experience leading security projects and corporate information initiatives. We get into his early days of working in cybersecurity, how it has evolved into a passion, and how we can succeed if we see security as more than just a technology problem. 
    Other topics discussed:
    The pushback and challenges of making security a priority
    The long-term value a company can realize by prioritizing security
    How application security and vulnerability management is constantly changing
    Relationships between the business and security, and how to bridge the differences
    Overcoming the perception that security is not a “revenue generator,”
    How to speak to clients in relatable and non-technical terms
    Respecting failure and using it as a tool for learning
    Whether we have enough people working in vulnerability management
    How to measure the ROI of vulnerability management (and whether it is even measurable)

    • 25 min

Customer Reviews

5.0 out of 5
2 Ratings

2 Ratings

Top Podcasts In Business

REAL AF with Andy Frisella
Andy Frisella #100to0
The Dough
Lemonada Media
The Ramsey Show
Ramsey Network
Money Rehab with Nicole Lapin
Money News Network
The Money Mondays
Dan Fleyshman
Most Innovative Companies
Fast Company