40 episodes

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't.
Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

The Great Security Debate Great Security Debate Productions LLC

    • Technology
    • 5.0 • 16 Ratings

Two CISOs and a security-minded friend discuss and debate topics of security and privacy, with a focus on looking at the topic from various angles, both that they support and those they don't.
Sign up for our newsletter to be notified when new episodes drop, or when new projects are announced https://newsletter.greatsecuritydebate.net

    Episode 40: What Got You Here Won’t (Necessarily) Get You There

    Episode 40: What Got You Here Won’t (Necessarily) Get You There

    Dan, Brian and Erik look at how the past informs our security future, and how things we have done in the past may not get us where we need to be in the future. Join us for a live podcast recording with live audience Q&A, direct from the MCWT Executive Connection Summit.


    In the live recording we covered a flurry of topics focused on changing ourselves, refreshing ourselves and renewing ourselves including:



    The barriers to entry to get into the security field
    Experience vs. education requirements in security hiring
    Changes afoot in hiring appetite as recession looms
    Reporting requirements by public companies on breach or security events
    Security beyond just confidentiality
    Improvements that can be made to the hiring process
    And lots more!


    Huge thanks to the wonderful team at the Michigan Council on Women in Technology (https://mcwt.org) for asking us to be part of this great event bringing the Michigan technology community together to build connections.


    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


    Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availability or benefits from these affiliate links.


    Thanks for listening!
    Support The Great Security Debate
    Links:
    The Infinite Game: Sinek, Simon: 9780735213500: Books - AmazonLeaders Eat Last Deluxe: Why Some Teams Pull Together and Others Don't eBook : Sinek, Simon: Kindle StoreMarcus Stefanide - LinkedIn PostBio-IT World Conference & Expo 2022 In Person & VirtualJess Burn · ForresterApple, Google and Microsoft team up on passwordless logins | TechCrunchSEC.gov | SEC Proposes Rule to Provide Transparency in the Securities Lending MarketFuture Crimes: Inside the Digital Underground and the Battle for Our Connected World: Goodman, Marc: 9780804171458: BooksCISO MindMap 2022 - RecommendationsRafeeq Rehman | Cyber | Automation | Digital

    • 45 min
    Episode 39: Program Your Program

    Episode 39: Program Your Program

    This week on The Great Security Debate we have arrived at one of our favourite episodes of the year (and what is and will be an annual thing!) when Forrester Senior Analyst, Jess Burn, returns to the show to share this years recommendations for security programs.


    An overarching theme of the report is to use the captital that the CISO has acquired over the past few years and build out your program to where it needs to be. AKA, “strike while the iron is hot”


    More detailed topics including:



    Career paths and changes in comp methodology for security teams need to change
    Security Awareness needs adjustment for work for anywhere
    Minimum viable security - it’s definitely not just “barely secure”


    And a reminder that Dan, Brian and Erik will be doing a live episode of the podcast at the upcoming Michigan Women in Technology ExecutiveManagement Conference on May 5 in Novi, Michigan. Tickets for the whole conference are now available (https://MCWT.org) and the agenda for the day is great. See you there


    If you want to listen to Jess’s previous episode, check out Episode 20, “It All Comes Down To Relaltionships.” https://www.greatsecuritydebate.net/20


    You can find Jess on LinkedIn (https://www.linkedin.com/in/jessburn), Twitter (https://twitter.com/jess_burn_) and at the Forrester blog (https://go.forrester.com/blogs/author/jess_burn/).


    Thanks for joining us, Jess! And thanks to you for listening and watching.
    Special Guest: Jessica Burn.
    Support The Great Security Debate
    Links:
    Forrester's 2022 Top Recommendations For Your Security ProgramThe Return Of The Forrester Wave™: Cybersecurity Incident Response ServicesStarlink fought off Russian jamming attack faster than the military could

    • 1 hr 2 min
    Episode 38: Laws and Regs

    Episode 38: Laws and Regs

    The Great Security Debate rolls on, this week looking at how governments, regulations and business values are and will shape the security posture of enterprises.



    Is attribution worth pursuing to the end?
    How can state and federal law enforcement help figure out who and what happened after an incident?
    Fast (agile) vs good (quality) vs cheap (cost)
    Are you chasing the right metrics in your organisation? Do they encourage the right behaviour?
    Is regulation required to make good security a greater market force?
    What will the regulations emerging in the US focus on? The “what”, the “why”, the “how”, or the “who”? How will they change when and how companies report material breaches?
    How does attribution of attack correlate to insurance coverage? How do IR firms fit into the equation?


    Erik, Dan and Brian also announce that the podcast is going LIVE and On the road. On May 5, Great Security Debate will be recording a live episode at the MCWT Executive Connection Summit in Novi, Michigan! More info and registration details are at https://mcwt.wildapricot.org/event-4630370. Ticket sales begin on 18 April 2022.


    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


    Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.


    Thanks for listening!
    Support The Great Security Debate
    Links:
    Homepage | CISASEC.gov | SEC Proposes Rules on Cybersecurity Risk Management, Strategy, Governance, and Incident Disclosure by Public CompaniesSenate passes cybersecurity bill amid fears of Russian cyberattacks | The HillCutting Edge Cybersecurity Event Experience - FutureCon EventsCourt denies SolarWinds bid to throw out breach lawsuitAbout the Data Management & Sharing Policies | Data SharingMCWT Foundation - Executive Connection SummitForrester's 2022 Top Recommendations For Your Security ProgramBuffalo Wild Wings Partners With MGM, Will Encourage Sports Betting in Restaurants | The Action NetworkData Management and Sharing Policy | Data SharingThe Great Security Debate Episode 20: It All Comes Down to Relationships (Guest Debater: Jessica Burn)

    • 45 min
    Episode 37: Squality!

    Episode 37: Squality!

    Recently, Brian, Dan and Erik had the great fortune to do a live version of the podcast at the monthly meeting of the SIM Detroit Chapter (https://chapter.simnet.org/detroit/home). At the close of that discussion, the comment was raised as to whether or not security should be used as a competitive advantage by businesses. The topic seemed perfect for The Great Security Debate, so here we are. In this episode, we cover:



    Can security be used as a business differentiator?
    SHOULD security be used as a business differentiator?
    If security is added too deeply into the sales cycle does it incentivise the wrong behaviours just to make a sale?
    How can we quantify the value of security in the purchasing process when it is not easily attributable to direct cost saving or value?
    How do closed systems compare to open systems with regard to security?
    How does the rise of customer trust as a key organisational focus indicate the use of security as a business differentiator?
    Do the fears that using security as a differentiator means that the collaborative nature and history of security will disappear?


    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


    Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.


    Thanks for listening!
    Support The Great Security Debate
    Links:
    SEC Proposes Cybersecurity Rules for Public CompaniesTISAX: Information security for the automotive industry | TÜV SÜDFailure mode and effects analysis - WikipediaBridgestone Americas confirms ransomware attack, LockBit leaks dataQuantitative Information Risk Management | The FAIR InstituteDawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat: Carlin, John P.: 9781541773837: Amazon.com: BooksSaudi Aramco facing $50 million cyber extortion over leaked dataLeaked Conti files reveal life inside ransomware gang • The RegisterKOJIMA INDUSTRIES CORPORATION Company Profile | TOYOTA, AICHI, Japan | Competitors, Financials & Contacts - Dun & BradstreetHigher Education Community Vendor Assessment Toolkit | EDUCAUSEHome Page – CORL TechnologiesHome – CyturusFinancial Services Information Sharing and Analysis CenterAuto-ISAC Summit 2021 – Auto-ISACThe SSO Wall of Shame | A list of vendors that treat single sign-on as a luxury feature, not a core security requirement.The Great Security Debate

    • 1 hr 5 min
    Episode 36: How Do You Sleep At Night?

    Episode 36: How Do You Sleep At Night?

    Current global events have led to increased focus on technology security. In this week's episode we debate to what extent this does or will confirm the rise of the information security roles within organisations. Our thoughts and good wishes go out to the people of Ukraine.



    Do current events confirm that the rise of the CISO organisation was warranted?
    How do CISOs sleep at night considering everything going on?
    How to reply to the question “what else should we be doing?”
    Are the attacks the primary objective or are they a smokescreen?
    How does the game of chess tie into to information security practises?
    What is the CISOs role in reducing FUD (fear, uncertainty, doubt)?
    Will current information it pay for acts of war? Does it raise our collective stature?
    Why is humility so important in the information security world?


    The underlying message is that while it is late in the process now to do all the steps to protect your organisation, it’s never too late to get started!


    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


    Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.


    Thanks for listening!
    Support The Great Security Debate
    Links:
    HermeticWiper | New Destructive Malware Used In Cyber Attacks on Ukraine - SentinelOneThe Untold Story of NotPetya, the Most Devastating Cyberattack in History | WIREDAmazon.com: Sandworm: A New Era of Cyberwar and the Hunt for the Kremlin's Most Dangerous Hackers eBook : Greenberg, Andy: Kindle StoreElon Musk says SpaceX's internet service is available in UkraineDestructive Malware Targeting Organizations in Ukraine | CISAMorris worm - WikipediaAmazon.com: Dawn of the Code War: America's Battle Against Russia, China, and the Rising Global Cyber Threat eBook : Carlin, John P., Graff, Garrett M.: Kindle StoreMoonlight Maze - WikipediaNew Shadow Brokers 0-day subscription forces high-risk gamble on whitehats | Ars TechnicaAn NSA-derived ransomware worm is shutting down computers worldwide | Ars TechnicaFIRST - Improving Security TogetherConti ransomware group announces support for Russian invasion of Ukraine, threatens retaliationMaersk says global IT breakdown caused by cyber attack | ReutersGitHub - Netflix/chaosmonkey: Chaos Monkey is a resiliency tool that helps applications tolerate random instance failures.

    • 1 hr 4 min
    Episode 35: Security Super Agent

    Episode 35: Security Super Agent

    This week’s episode was sparked by a recent TechCrunch article https://techcrunch.com/2022/02/01/free-agent-series-a/ asking whether tech workers should have agents to negotiate their salaries. We took up the debate on this and a few adjacent topics including:



    The Great Resignation’s impact on working habits
    Should security practitioners and leaders be represented by “agents” to negotiate better compensation for roles?
    What are the ways that formal agents exacerbate bias and increase the gaps between levels?
    The importance of networks for getting advice to help you be your own “agent”
    Is it the Great Resignation or the Great Realisation?
    How do ethics and values play into staff’s desire to go to or stay at a company?
    At different levels in one’s career who can help be your agent of change?
We should not be afraid to talk about our salaries and numbers


    And yes, those are Pączki on Brian’s hat. If you are not sure what this about, take a look at the video version on our YouTube channel https://www.youtube.com/watch?v=CAYRL1flZic


    We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


    Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.


    Thanks for listening!
    Support The Great Security Debate
    Links:
    TechCrunchWho Is Driving the Great Resignation?The Great Resignation looks more like The Great Renegotiation : Planet Money : NPRBusiness Roundtable Redefines the Purpose of a Corporation to Promote ‘An Economy That Serves All Americans’ | Business RoundtableThe Infinite Game: Sinek, Simon: 9780735213500: Amazon.com: BooksScott BorasHow to Negotiate the Tech Salary You Deserve – The New StackAmazon.com: Lego Movie 70819 Bad Cop Car Chase : Toys & GamesAmazon.com: Kitchen Confidential: Adventures in the Culinary Underbelly eBook : Bourdain, Anthony: Kindle StoreMentorCore – Growth and Development at your FingertipsHome | CSAGoogle to work with Ford on Detroit research hub - ABC NewsFun Fact | Undeniably Dairy - YouTube

    • 1 hr 2 min

Customer Reviews

5.0 out of 5
16 Ratings

16 Ratings

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
NPR
Jack Rhysider
PJ Vogt
Gimlet