Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't.
Episode 24: Back to Basics
Recently a lot of newsworthy security incidents have taken place. A common thread through many is not that they were sophisticated or required lots of time to plan and execute, or even that the victim had not invested in a lot of whizbang security technology which led to them not noticing the attack. The common thread much more simple: that fundamental security measures were not being taken by the organisation. Things like turning off accounts when people left the organisation, removing disused technology from the network, and the reuse of passwords by staff amongst public-facing and internal systems.
The fundamentals make it easy for attackers to get into networks and systems, both enterprise and personal, and are all things that we can each work on individually and within our organisations to improve and make the attacks that much harder for the bad actors to execute. This week's episode discusses those fundamentals and how to approach them.
The "slide" that is often referenced in the episode comes from a talk that Dan gave to the National Information Standards Organisation (NISO) last week on why it was so important to maintain the security of their systems. The whole presentation deck is available at http://slideshare.net/secratic/security-is-an-enabler-not-securing-is-an-inhibitor-249421889 and the specific slide is on Slide 8.
Thanks for listening. You can subscribe to the podcast on your favourite podcast application or by visiting our website https://www.greatsecuritydebate.net/subscribe. Please let us know what you think by leaving a comment in the podcast application's rating section or emailing us firstname.lastname@example.org
The Phoenix Project: A Novel about IT, DevOps, and Helping Your Business Win: Kim, Gene, Behr, Kevin, Spafford, George: 8601404253799: Amazon.com: BooksAmazon.com: The Unicorn Project: A Novel about Developers, Digital Disruption, and Thriving in the Age of Data eBook: Kim, Gene: BooksHome - Chaos MonkeyThe Great Security Debate Episode 21: Why Does My CISO Hate Me?Presentation: Security Is an Enabler, Not Securing Is an InhibitorTransforming Content Through Transformed Systems | NISO websiteLargest US propane distributor discloses '8-second' data breachPrivate Communication Coaching for Business Leaders & TeamsA CISO's First 100 DaysThe 18 CIS ControlsFive Whys and Five Hows | ASQBeyondCorp Zero Trust Enterprise Security | Google Cloud
Episode 23: It Depends
A wide range of cause and effect discussion in this week's episode.
What happens when a cellphone gets compromised for one purpose and has unrelated, follow-on consequences?
Will there be material impact from the recent decrees, executive orders and vocal support by President Biden that additional focus is required on information security, ransomware and corruption?
What are the downstream impacts of paying, and not paying a ransom and what happens if they are prohibited by law?
Is doing the mininum amount of security OK, or is the minimum not really the required minimum?
And more on the security position on data lakes, too.
Join Erik, Brian and Dan as they count their pieces of flair and determine if we are the right fit to keep working at Flingers.
Episode 22: Sidewalks and AirTags
The news of the week includes discussion about some changes to Amazon's home devices including Echo and Ring with the activation of their Sidewalk Network on all those devices by default and the potential for both ubiquitous connectivity for IoT devices, and the possibiity of abuse of the data that is seen . Brian, Erik and Dan also talk about the impact that the launch of the new Apple Application Tracking Transparency (ATT) program which asks users if they want to be tracked (spoiler alert: they very much do not). This will impact ads and apps that depends on ads pretty heartily, and we debate the pros and cons. Enter the data lakes (troves of data just waiting to be mined by companies to find "interesting things" (or targets for attackers).
We really appreciate your feedback, both through subscribing and rating on your favourite podcast application, and by email to us at email@example.com
Thanks for listening!
Home | Sidewalk LabsAmazon.com Help: Enable or Disable Amazon Sidewalk for Your AccountAmazon's Sidewalk Network Is Turned On by Default. Here's How to Turn It Off | Inc.comAmazon partners with Tile to take on Apple AirTagsAmazon.com: Amazon Sidewalk: Amazon Devices & AccessoriesTile says Apple's behavior is anticompetitive and has 'gotten worse, not better' | ReutersThe Great Security Debate Episode 1: Privacy Drone
Episode 21: Why Does My CISO Hate Me?
We got asked by a listener to help answer the question, "Why Does My CISO Hate Me?" While we may not be privy to the exact situation in play there, we are pretty sure that no one's CISO truly hates them (but they may not be fond of all the things that everyone does all the time). In the debate today, we talk about some of the things that challenge CISOs including:
Security is more than just confidentiality... there's also integrity and availability
Undocumented processes and changes make it hard to figure out where things go wrong
Security is a bidirectional partnership, not an Q&A/task queue from the rest of the organisation, nor the acceptor of risks
Please ask questions if you are concerned about something or want more info, or even if something sort of smells fishy (or phishy). There are no such thing as stupid questions, only unasked ones.
We also highlight a number of the things that CISOs and security teams can improve on to build better and stronger relationships across the organisation, too, such as:
Better listening and asking good questions
Understanding the business through servant leadership
Helping to determine what is most important to the business (and what needs to be protected)
We are all heading toward a common goal, so let's work together to accomplish it!
Thanks for listening. Until next time...
Amazon.com: The Toyota Way: 14 Management Principles from the World's Greatest Manufacturer (8601404279935): Liker, Jeffrey: BooksITSM A Complete Guide - 2020 Edition: Gerardus Blokdyk: 9780655914921: Amazon.com: BooksITIL Foundation, ITIL 4 Edition (ITIL 4 Foundation): AXELOS: 9780113316076: Amazon.com: BooksJocko Willink - Echelon FrontWatch Saturday Night Live Highlight: Nick Burns, Your Company's Computer Guy with Billy Bob Thornton - NBC.com
Episode 20: It All Comes Down to Relationships (Guest Debater: Jessica Burn)
We open season 2 with a new format: guests! Our first guest, Jessica Burn, has been working closely with CISOs and the security industry at Forrester where she is a Senior Analyst covering the role of the CISO, Incident Response, Zero Trust Strategy and Continuous Controls Monitoring.
Dan, Erik, Brian and Jess use a new Forrester report about recommendations for security programs in 2021 as the basis for the discussion (and debate), including a few major themes:
The impacts of the consolidation of technology, both in security and the wider tech arena
Balancing the monitoring and the privacy when tracking employees as they work remotely as a result of the pandemic
Securing what you sell both because you need to, but also because it is good for your business
Where are our inventories and why do we still generally fail at knowing what systems we have
Of course, third party risk management. It's a mandatory "slide 3" on every board presentation, of course.
We still debate, we still discuss, we still shift the discussion to automotive and manufacturing from time to time, but now we have some additional voices to add to the debate, too. Thanks so much, Jess!
Special Guest: Jessica Burn.
So Good They Can't Ignore You: Why Skills Trump Passion in the Quest for Work You Love: Newport, Cal: 8601420220263: Amazon.com: BooksSecurity Recommendations 2021: Taking Stock For The Long TermA CISO's First 100 DaysDeveloper Security Champions Are Needed Now More Than EverFinancial Services Information Sharing and Analysis CenterLegal Services Information Sharing | LS-ISAOOnly 10 Percent of People Are Natural Leaders. The Rest of Us Have to Work on Developing These 3 Qualities | Inc.com
Episode 19: Out of Office: One Year Later
Exactly one year ago, most of the population of the US was given the word to begin to work from home. Security and technology teams were large parts of the preparation for this change, and were also largely able to move their operations to a home office for the duration of the last twelve months. The last year has been one of constant "on", whether due to changing technology requirements that need to be worked on, increasing incident and response, 10 hours per day in front of the camera on Zoom, and filling what used to be commutes with (wait for it) even more work.
Dan, Brian and Erik cover a lot of topics, including security of remote work, the mental health impacts of prolonged working remotely, looking out for ourselves and those in our lives, and reconnecting with those that we may have lost contact with over the years. The guys also share positive and negative observations about work/life from the past year, too.
Please subscribe and leave ratings or feedback in your favourite podcast application! It really helps the podcast out a lot when you do!
MentorCore – Growth and Development at your FingertipsWatch kid 90 Streaming Online | HuluSmarter Faster Better: The Transformative Power of Real Productivity - Kindle edition by Duhigg, Charles. Health, Fitness & Dieting Kindle eBooks @ Amazon.com.Amazon.com: The 7 Habits of Highly Effective People: 30th Anniversary Edition eBook: Covey, Stephen R., Collins, Jim, Covey, Sean: Kindle StoreWhat is KAIZEN™Algorithms of Oppression: How Search Engines Reinforce Racism: Noble, Safiya Umoja: 9781479837243: Amazon.com: Books