Startup Security Weekly (audio)

In this episode, we interview Jake Wilson, Western Governor University's Security Awareness Evangelist. We'll learn about how he built up and matured WGU's security awareness program, eliminating blind spots, and improving efficacy through data analysis and better reporting. This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! This week in the leadership and communications section: building a feedback-driven culture, letting go of the reins, 25 hard-hitting lessons from 17 years in cybersecurity, and more! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-321

Organizations still struggle with DDoS, ransomware, and personal information exfiltration. In order the prevent these attacks, we first need to understand the ‘types’ of DDoS and emerging threat techniques used by the adversary. In this interview, we explore these attacks in the context of edge computing. As edge computing use cases evolve, organizations need to understand the intersection of edge computing, networking, and cybersecurity. We discuss the risks associated with edge computing, the controls that can mitigate these risks, and how to plan for implementation, including security budgeting. Segment Resources: https://www.akamai.com/blog/security/defeating-triple-extortion-ransomware This segment is sponsored by AT&T Cybersecurity. Visit https://securityweekly.com/attcybersecurity to learn more about them! In the leadership and communications section, Board Members Struggling to Understand Cyber Risks, Cybersecurity Goals Conflict With Business Aims, Navigating Change: The Essence of Agile Leadersh

Managing identities continues to add complexity for granting access to enterprise resources. Between the increasing number and expanding types of identities, including carbon-based, silicon-based, and artificial identities, and the evolution of cloud computing and remote work, managing the perimeter is now an identity problem. What risks do each of these identity types pose and how do you mitigate them? Jeff Reich, Executive Director at Identity Defined Security Alliance (IDSA), joins us to discuss the challenges of digital identities, how to discover risk with digital identities, and how best to mitigate those risks. Segment Resources: IDSA's 2023 Trends in Security Digital Identities: https://www.idsalliance.org/white-paper/2023-trends-in-securing-digital-identities/ Securing Your Remote Workforce Through Identity-Centric Security: https://www.idsalliance.org/white-paper/securing-your-remote-workforce-through-identity-centric-security/   In the leadership and communications section, The importance of CISO

Check out this interview from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on March 15, 2021. In 1989, Stephen Covey first published "The 7 Habits of Highly Effective People," empowering and inspiring leaders for over 25 years. Is there an equivalent or new set of habits for CISOs? George Finney, Chief Security Officer at Southern Methodist University, joins Business Security Weekly to discuss the Nine Cybersecurity Habits. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/vault-bsw-4 

The metaverse is an evolving storytelling environment in which humans have congregated for millennia to experience alternate, immersive, and simulated realities, with or without technology. Storytelling is designed to influence mental and physical perceptions suiting the purposes of the content creators. Metawar is the art of applying science to create and defend against the influence of alternate realities in the metaverse. What if we can longer rely on our senses to determine what is real and what is fiction? Winn's research into Metawar initially focused on metaversal technologies. Unexpectedly, it morphed into an intensely personal experience, triggering Winn's own Metanoia, which had a profound impact on the entire Metawar Thesis. Winn joins Business Security Weekly to share his Metanoia. In the leadership and communications section, A CISO's Actionable Strategy for Success, Security basics aren’t so basic — they’re hard, Building a Culture Where Employees Feel Free to Speak Up, and more!  Visit https://

The Security Weekly 25 Index is still trying to recover. Inflation fears have tampered the recovery and the NASDAQ is outperforming the Index. Fastly replaces Sumo Logic in the Index and Thoma Bravo has not acquired anyone, so hoping the index stays stable for more than a quarter :). Here's the latest list of companies in the index: Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Splunk Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd A10 Networks Inc Ransomware-as-a-Service has contributed to a steady rise in sophisticated ransomware attacks. Ransomware authors are increasingly staying under the radar by launching encryption-less attacks which involve large volumes of data exfiltration. Organizations

In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw-316

On July 31st, 2023, the Biden administration released a national strategy addressing cyber workforce shortages, calling long-standing vacancies a national security imperative. The National Cyber Workforce and Education Strategy focuses on four major pillars: equipping every American with cyber skills, transforming cyber education, expanding and enhancing the national cyber workforce and strengthening the federal cyber workforce. The strategy relies heavily on non-governmental and private sector entities to provide funding, internship and apprenticeship programs to increase the number of workers with cybersecurity skills. One of those entities referenced in the strategy is Dakota State University. Dr. José-Marie Griffiths joins us to discuss education's role in the strategy, but offers other insights, including: - immigration policies and how it limits the current cyber workforce, - diversity, equity, and inclusion initiatives and the reduction of women in the cyber workforce, and - what can the cyber communit

Some organizations are banning ChatGPT and other generative AI models out of fear of the risks they could introduce. While this is understandable, the reality is generative AI is accelerating so fast that, very soon, banning it in the workplace will be like blocking employee access to their web browser. Randy Lariar, Practice Director of Big Data, AI and Analytics at Optiv, will discuss how to embrace the new technology and shift the focus from preventing it in the workplace to adopting it safely and securely. We will discuss the challenges and benefits of generative AI, including: - How to detect AI tools and usage - How to develop policies and procedures for using AI tools - How the protect the models, data, and infrastructure to support AI tools - What are the regulatory requirements that may impact AI tools and usage - What are the benefits of using AI tools Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebo

CYBER.ORG, in partnership with CISA, is helping create a diverse cyber workforce by breaking down the barriers to cybersecurity education by improving access for all K-12 students nationwide. CYBER.ORG’s HBCU feeder program Project REACH was recently highlighted in CISA’s 2022 Year in Review as part of the agency’s commitment to improving diversity and accessibility in the field. Laurie Salvail, Director of CYBER.ORG, joins BSW to discuss: - Why the expansion of K-12 cybersecurity education is the first step toward building a diverse talent pipeline. - How CYBER.ORG has implemented initiatives to drive diversity in cybersecurity including: - Project REACH, the HBCU feeder program launched across the country to build the next-gen workforce, and its plans to expand kickoff events in 2023. - Project Access, a program for the blind and visually impaired who are in pre-employment transition (Pre-ETS), and the summer camps on the horizon. - CYBER.ORG’s plans to expand diversity and inclusion efforts in the coming y

Less than 50% of the Fortune 500 have a Chief Information Security Officer (CISO) or Chief Security Officer (CSO) listed on their executive team. Why is that? Is this role not considered an executive position? In part 1, we debate the role of the CISO/CSO and whether it is or is NOT and executive position. We've made a lot of progress over the last 20+ years, but has the role peaked? Will the role continue to get a seat at the table as a C-level executive or will it atrophy back to a VP or Director role? If the CISO/CSO is still an executive position, then what are the requirements of this role? In part 2, we debate the requirements of the CISO/CSO role and expectations of the organization. To be a true executive role, the CISO/CSO needs to have the decision making authority with the same protections of other officers. Will they get it? We debate. Visit https://www.securityweekly.com/bsw for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www

A golden age is a time of great achievement in a society or industry — a time of innovation and the furthering of new ideas via new mediums or technological advancements. Email security is now entering a golden age after stagnating for the better part of a decade. Is it time to celebrate? Customers have more choice than ever when it comes to protecting how employees, customers, and partners communicate and collaborate. Often, those customers are choosing more than one email security partner in a layered or multilayer approach to protection, as it provides greater efficacy — and peace of mind. But is that sustainable in a consolidating market? Jess Burn, Senior Analyst from Forrester Research, joins us to discuss the results of The Forrester Wave on Enterprise Email Security for Q2 2023. Segment Resources: https://www.forrester.com/blogs/announcing-the-forrester-wave-enterprise-email-security-q2-2023/?ref_search=604835_1688574622533 In the leadership and communications section, CISO as a Business Executive: 5

This week, we welcome Dick Clarke to discuss his new book, The Fifth Domain, and the need for cyber resilience, especially these days! In the Leadership and Communications segment, 4 Behaviors That Help Leaders Manage a Crisis, The Right Way to Keep Your Remote Team Accountable, 15 Steps to Take Before Your Next Video Call, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-3 

In a tight economy, security budgets have been under scrutiny. Vendor consolidation strategies are real, but what are the pros and cons of this strategy? Shawn Surber from Tanium joins us to discuss how vendor consolidation is playing out and what to look for. It's not just an expense exercise, it's also a strategic alignment exercise. This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them! In the Leadership and Communications section, CISO Burnout Prevention: Tips for Work-Life Balance, Maximizing Leadership Potential, The Essence of Effective Management: Commitment, Foresight, and Leadership, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly  Like us on Facebook: https://www.facebook.com/secweekly  Show Notes: https://securityweekly.com/bsw-310

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on October 12, 2020.    We go off script. Michael Santarcangelo joins me for a discussion on leadership. We review the 4 C's of Leadership: 1. Culture 2. Collaboration 3. Communication 4. Cultivation - and Michael shares some of his leadership approaches and ideas.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-2 

The Gartner definition of integrated risk management is a set of practices and processes supported by a risk-aware culture and enabling technologies, that improves decision making and performance through an integrated view of how well an organization manages its unique set of risks. Enterprises typically have a broad coverage of the risks that face the business including cybersecurity risk, however, its 2023 and after more than a decade of requiring training compliance for our people, the Verizon DBIR reports this year that 74% of breaches involved human error. It's clear that compliance is not the answer for where to include the human in an IRM strategy, so what's next? In the leadership and communications section, Only one in 10 CISOs today are board-ready, study says, Why Conflicting Ideas Can Make Your Strategy Stronger, How to Overcome Communication Barriers in Your Teamwork, and more! This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them!

The American Data Privacy and Protection Act introduces oversight of how companies handle the data they collect and process from U.S. citizens, including AI algorithms used to uncover insights that can be monetized. Security professionals should prepare now for the legislation by understanding how to audit algorithms and implement compliance processes. Even if this version of privacy legislation doesn’t pass, similar legislation will likely pass soon.   Segment Resources: Forbes Tech Council article: Why You Need to Prepare Now for Privacy Legislation That May Not Pass https://www.senecaglobal.com/media-mentions/ftc-why-you-need-to-prepare-now-for-privacy-legislation-that-may-not-pass/ Enterprise Security Tech - American Data Privacy Protection Act: What, Who, How https://www.enterprisesecuritytech.com/post/american-data-privacy-protection-act-what-who-how Security Info Watch - What the American Data and Privacy Act means for businesses https://www.securityinfowatch.com/security-executives/article/21295869

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020. Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO... All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-1 

You can rebuild infrastructure. But you can’t un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We’re joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.   Segment Resources: The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform   This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to lea

Medtronic's Security Ambassador program has seen tremendous growth and engagement in recent years. Learn how they gave their program a shot of adrenaline and haven't looked back since.   Cybersecurity teams today are inundated with tools that provide an abundance of alerts and data about threats, gaps, vulnerabilities and everything in between. While security tools are critical to operating a cybersecurity program and produce helpful data, they should never dictate an organization’s cybersecurity strategy. Instead, Amad Fida, CEO & Founder of Brinqa, explains why business priorities should be the foundation for any company’s cybersecurity strategy. This segment is sponsored by Axonius. Visit https://securityweekly.com/axoniusrsac to learn more about them!   Economic uncertainty has forced IT and security leaders to be more cautious than ever when increasing spending and team size. Suh dynamics give CISOs and CIOs an opportunity to demonstrate value by going beyond “merely” defending the organization from