Great Security Debate

The Great Security Debate

5.0 (17)
TECHNOLOGY
UPDATED BIWEEKLY

Great Security Debate

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't. Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

MAY 12

Risky Risks: Live from the GTS Security Summit

The Great Security Debate crew recorded a live episode at the GTS Security Summit in Detroit, Michigan with special guest, Zah Gonzalvo, SVP of Financial, Climate, and Operational Risk at Banco Popular. Tune in for a great discussion on risk, risk mitigation, risk prioritisation, and risk in context. Yep, it's all about risk! Takeaways: The evolution of security has shifted from a binary perspective to a more nuanced understanding of risk management, acknowledging the need for flexibility in addressing diverse security challenges. In contemporary discussions, it is increasingly evident that security must be integrated into business strategy, highlighting the imperative for security professionals to communicate effectively with stakeholders. The role of the Chief Information Security Officer (CISO) has transcended traditional technological boundaries, necessitating a comprehensive grasp of business risk and operational efficiency. Effective risk management within organizations requires a shared responsibility model, where every employee contributes to the overall security posture, thus reinforcing the concept that security is a collective endeavor. Scenario analysis is a potent tool in risk management, enabling organizations to anticipate potential threats and understand the implications of various risk scenarios on their operations. Engaging with business units to contextualize security risks in terms of operational impact and financial implications is vital for securing necessary budgets and resources for security initiatives.

48 min
10/21/2024

Fantasy Hacker League

In this episode of The Great Security Debate, Dan, Brian and Erik invent (and copyright) the idea of a Fantasy Hacker League then dig into more serious discussions on deception technology, asset discovery challenges, and resource management. The conversation also delves into the impact of budget constraints on security projects, the mental toll on cybersecurity professionals, and the evolving role of CISOs in digital transformation. Issues such as job stress, burnout, and role mismatches among security leaders are addressed, alongside strategic insights on integrating security within broader business operations. 00:00 Introduction to the Great Security Debate 00:39 Humorous Take on Hacker Recruitment 03:16 Fantasy Hacker League Concept 09:18 Microsoft's Honeypot Strategy 22:58 Challenges in Security Budgets and Resources 31:03 The Reality of Full-Time Positions 31:31 Introverts vs. Extroverts in Leadership 32:06 The Challenges of Being a CISO 33:53 Work-Life Balance and Stress 37:04 The Role of Security in Business 39:36 The Future of Security Leadership 41:00 Adapting to Economic Constraints 59:28 The Importance of Enjoying Your Work 01:00:26 Conclusion and Farewell

1h 2m
09/03/2024

Free Disaster Recovery Tests!

Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emphasizing the lessons learned, the debate also explores the challenges of disaster recovery, business continuity, and balancing risk in an increasingly complex digital landscape. Tune in as the hosts delve into the ramifications of over-consolidation, the implications of vendor lock-in, and the importance of maintaining a culture of quality and robust testing. 00:00 Introduction to the Great Security Debate 00:37 Layers of Technology and Finger Pointing 01:23 Disaster Recovery and Business Continuity 02:34 Market Leaders and Single Points of Failure 08:25 The Complexity of Software and Manufacturing Analogies 14:27 Kernel Access and Security Implications 23:29 BitLocker Keys and Recovery Challenges 28:05 Daily Text File Sharing 28:21 Transitioning BitLocker Management 28:45 Risk Profiles and Encryption Decisions 31:47 Team Collaboration and Lessons Learned 33:38 CrowdStrike Incident Analysis 36:18 The Importance of Response and Culture 44:10 Balancing Speed and Safety in Software 51:41 Closing Remarks and Future Plans

53 min
07/01/2024

To Insure or Not To Insure: It’s Not Even a Question

This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns. Insurance policies, force majeure, and government regulations get some quality discussion and debate time, revealing fears and misconceptions about standardised security controls vs. adaptive security practices. And last up: the practicality and pitfalls of self-insurance, government intervention, and the need for standardised security terminology. Show Links: CISA Secure by Design Pledge | CISACISA Releases Guidance on Single Sign-On (SSO) Adoption for Small and Medium-Sized Businesses: (SMBs) | CISAThe 118th Congress is the third oldest since 1789Book - The End of the World Is Just the BeginningSupreme Court’s ‘Chevron’ ruling means changes for writing laws - Roll CallInsurers Warn Standardizing Cyber Policies Could Limit Future CoverageCyberattacks Disrupt Car Sales by Dealers in U.S. and Canada Help support the podcast: https://ko-fi.com/distillingsecurity Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening! Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links. Thanks for listening! 00:00 Introduction to the Great Security Debate 00:30 The Role of Cyber Insurance 01:49 Manual Processes and Business Continuity 03:09 Manufacturing and Supply Chain Challenges 06:11 Insurance Policies and Cybersecurity 08:00 Standardization and Government Involvement 19:14 The Complexity of Cyber Warfare 22:35 Globalization and Cybersecurity 30:33 Leadership vs. Boss Mentality 33:53 The Role of Communication in Crisis 36:51 The Cost of Compliance 40:30 Global Cybersecurity Challenges 44:22 The Complexity of Online Trust 47:56 Insurance and Cybersecurity 53:07 The Future of Cyber Insurance 01:00:15 Conclusion and Final Thoughts

1h 2m
06/06/2024

Wear a Stop Sign On Your Shirt

In this episode of the Great Security Debate, Brian, Erik, and Dan dive into the latest trends in ransomware including an uptick in attacks against the hypervisor. Speaking of VMWare, we also "discuss" the way that Broadcom has handled the VMWare acquisition and why it both make sense (to them) and doesn't (to many customers). The debate also heads into the impact of AI in cyber threats, and compare strategies for mitigating risk, such as prioritising vulnerabilities and understanding the attack landscape. Additionally, the conversation shifts to business practices in tech acquisitions and the potential future disruptions in the market and importance of balancing security measures with user experience, and the need for adaptive, short-term security roadmaps to stay ahead in an ever-changing environment. And break the big news about an upcoming Distilling Security in-person meet-up in Michigan in July! Help support the podcast: https://ko-fi.com/distillingsecurity Show Notes: episode-links Broadcom execs say VMware price, subscription complaints are unwarranted | Ars TechnicaWhat happened with AI Overviews and next stepsBook - Titan: The Life of John D. Rockefeller, Sr. Thanks for listening! We have got some exciting changes ahead including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening! Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

48 min
06/05/2024

Mine Everything

Sorry about the audio on this one. We have got the tech back on track for the next episode. I promise! Join the Great Security Debate as Brian, Erik, and Dan delve into 'pig slaughtering,' a scam involving rapport building to swindle victims out of money. The discussion explores the intersections of security awareness, blockchain technology, and the ethical implications of digital tracking tools like chain analysis. Featuring real-world cases, including child exploitation traced through blockchain, and the broader debate on privacy versus legality in technology use. Are public blockchain transactions truly private? And how can we balance innovative tech with ethical concerns? Tune in to hear all about it Help support the podcast: https://ko-fi.com/distillingsecurity Show Notes: Movie: OppenheimerAdobe has built a deepfake tool, but it doesn’t know what to do with it - The VergeMovie: Defending Your LifeMicrosoft Edge May Import Your Chrome Tabs Without Your ConsentAdobe content analysis FAQHow the Federal Government Buys Our Cell Phone Location DataPublic By Default - Stories Found in Venmo CommentsChainalaysisBook: Tracers in the DarkPig Butchering Scams: Last Week Tonight with John Oliver7 Months Inside an Online Scam Labor Camp Thanks for listening! Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

45 min
06/04/2024

Spoiler Alert: Leave the World Behind

Join Dan, Brian, and Erik in the latest episode of The Great Security Debate as they explore the impact and implications of the movie 'Leave the World Behind.' Delving into cyber security, societal impacts of technology, and philosophical elements, this discussion touches upon vulnerability management, risk management, and the effect of constant connectivity on modern life. Tune in to hear not only their analysis of the film but also personal reflections on communication, societal changes, and practical steps for improving individual security resilience. This episode also marks the exciting announcement of the Great Security Debate becoming a part of the Distilling Security network. Don't miss out! Help support the podcast: https://ko-fi.com/distillingsecurity Show Notes: episode-links Distilling Security – Consumable security, privacy, and complianceHackers Remotely Kill a Jeep on the Highway—With Me in It | WIREDAugust 2023 Data Incident | U-M Public AffairsRecent power outages in Ann Arbor have multiple causes, DTE Energy saysWatch Leave the World Behind | Netflix Official Site Editor note: This episode was recorded in the final days of 2023... but was lost to technology demons until now. One of those demons made it necessary to show the Zoom screen rather than our usual edited video cast. Sorry for the inconvenience and pain on your eyes. Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate and Distilling Security, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

59 min
01/08/2024

Potpourri of Debate... Now with AI

It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three. A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more. Links to everything we talked about are available in the show notes. Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some big announcements, new shows and conversations, and more! Thanks for listening! Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links.

1h 5m

5

out of 5

17 Ratings

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't. Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

Creator

The Great Security Debate
Years Active

2020 - 2025
Episodes

61
Rating

Clean
Copyright

© 2024 Distilling Security Inc.
Show Website

Great Security Debate