Startup Security Weekly (audio)

In 1995, Craig Newmark started curating a list of San Francisco arts and technology events, which he personally emailed to friends and colleagues. People were soon calling it “Craig’s List.” Most know the rest of the story. But what did that rapid entry into tech entrepreneurship teach him about information security? And how did that lead to a passion for, among other things, cyber philanthropy? SC Media's Jill Aitoro will speak to Newmark about his career, and his own evolution in infosec awareness that came with it.   Among the more challenging phases for a cyber business is transitioning from inspiring startup to successful enterprise, strategically leveraging investment to scale. SC Media's Jill Aitoro will sit down with Dave Dewalt, founder of NightDragon, and Matt Carroll, CEO of NightDragon's newest investment Immuta. Employees are on the move. As tech and security leaders adjust to managing hybrid teams, they should also plan for the loss and replacement of key security talent. Attrition and the incre

In the leadership and communications section, The Number 1 Growth Killer is Leadership Debt, How to Talk to Your Board & C-Suite About Cybersecurity, 5 ways to unite security and compliance, and more!   Zero Trust is the security buzzword of the moment, and while it is a very powerful approach, nearly every enterprise security product on the market – and some that aren’t even security products — are saying they enable Zero Trust. The problem is this: you can’t buy zero trust. It’s an approach, an architecture, and a journey, not software, hardware, or a service to deploy. Zero Trust also provides a rare opportunity in security - to reduce cost, improve security AND enhance end-user and customer experience.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw272

Neal Bridges, CISO at Query.AI and well-known cybersecurity influencer, breaks down the key differences between the CISO role at a startup vs. an enterprise. He also provides best practices to be successful in this changing role.   In the leadership and communications section, CISOs: Embrace a common business language to report on cybersecurity, The Strategic Impact of Verizon's 2022 Data Breach Investigations Report, Make Shy Employees Part of Your Cybersecurity Strategy, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw271

In the Leadership and Communications section, Uber CISO's trial underscores the importance of truth, transparency, and trust, 4 Leadership Strategies to Help Women Advance in the Tech Industry, 5 Best Predictors of Employee Turnover and What Leaders Should Do About Them, and more!   Data is the most valuable resource on the planet; but, as businesses collect and store data at an astonishing pace, data sprawl, volume, and diverse storage environments create a security nightmare. With support for hundreds of data stores across leading cloud providers and thousands of automation and response integrations, Imperva Data Security Fabric modernizes and simplifies data governance, security, and workflow management for data in all forms across multicloud and hybrid environments. The product’s flexible architecture supports structured, semi-structured, and unstructured data across a range of data repositories to ensure security policies are applied consistently everywhere so businesses can quickly understand and mitiga

Boards and CEOs are asking what their cyber risk posture is, and they aren't getting clear answers. Reports produced from assessments oftentimes are built on stale data rather than real-time compliance and risk data. How should C-levels be thinking about cybersecurity posture reporting, and how can they manage cyber risk in real-time as opposed to point-in-time? This segment is sponsored by CyberSaint. Visit https://securityweekly.com/cybersaint to learn more about them!   In the leadership and communications section, CISO MindMap 2022: What do InfoSec Professionals really do?, CISO Shares Top Strategies to Communicate Security's Value to the Biz, Security leaders chart new post-CISO career paths, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw263

In the leadership and communications section, 5 Cybersecurity Questions CFOs Should Ask CISOs, How Leaders Can Escape Their Echo Chambers, 10 Cybersecurity Compliance Statistics That Show Why You Must Up Your Cybersecurity Game, and more!   Most current security risk assessments are not effective. Doug Landoll joins BSW to explain how we can fIx this. Doug will share 5 Essential Elements of an Effective Security Risk Assessment, including: - Scoping, Scheduling, and Champions - Team Structure - Data and Measurements - Calculations and Analysis - Reporting, Presentation, and Tracking   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw270

In the leadership and communications section, How CISOs can prepare for new and unpredictable cyberthreats, 8 Leadership and Management Principles from Ex-Navy Seal, Practice Transparent Leadership, and more!   IIoT infrastructure protection requires immediate attention. Barracuda just released key findings from a report titled "The state of industrial security in 2022," that covers the following: • The network breaches, ransomware attacks, and other security incidents businesses are facing • The current challenges related to infrastructure protection, remote access security, and digital transformation • The solutions and strategies decision makers are using to close security loopholes and boost the protection of IIoT infrastructure   This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https:/

In the Leadership and Communications segment: How to build a cyber capable board, Who Is Legally Responsible for a Cyber Incident?, Building a security culture of 'Yes', and more!   This edition of Security money is a 2 quarter update for both Q1 2022 and Q2 2022. That's what happens when you have a lot of interest and interviews. Although the SW25 Index is down, it's still outperforming the Nasdaq!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw268

There was a time when the perceived wisdom was to buy best of breed security technologies and that would do for your security program. Trouble of is, none of it integrates with each other or your wider IT. With budgets getting tighter, security pros are being asked to look again at big portfolio security providers and work out whether they can use their offerings to slim down. In this session I'll discuss what I'm hearing from our customers, and some of the things we are starting to see people do to balance the need to optimize cost and efficiency without compromising security protection.   Speed, Velocity, and Acceleration. The physics of motion are well documented, and we understand how these scalar and vector quantities differ. In information security and cyber risk management the dynamics are not as well understood which has confused our ability to distinguish between motion and progress. This confusion intensifies our escalating risk cycle by causing a mirage of control that continues to lead us to down

What does a CISO do all day? Do they eat bon-bons and read the WSJ? Do they read Threatpost or BleepingComputer or Twitter? Why does a company need a CISO, or better still, do they need one? All these questions and more will be answered in this weeks episode. Segment Resources: https://www.cbts.com/security/security-services/ https://www.cbts.com/blog/cloud-security-controls-mitigate-risk/ https://www.cbts.com/blog/weighing-risks-benefits-moving-to-the-cloud-part-1/ https://www.cbts.com/blog/what-is-cyber-insurance/   With recent proposed rule making from he SEC, there is increased focus on the Board's involvement in governing and managing cybersecurity. What is changing in how effective CISO's engage with their Board of Directors and what is over the horizon for cybersecurity leaders?   Visit https://www.securityweekly.com/bsw for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekl

In the Leadership and Communications section, Being concerned is not enough – What boards should know and do about cybersecurity, In the Case of Cybersecurity, the Best Defense is Education, Reskilling workers can help meet the cybersecurity staffing challenge, and more!   Defining Cyber Risk With Bryan Ware This year, RSAC is happening amidst the backdrop of major geopolitical tensions with cyber impacts; a continued, lingering pandemic and a potential economic downturn that cyber adversaries can and have leveraged to their benefit; and increasing technological innovation. All of this points toward ever-evolving cyber risk. What are some of the key considerations that executives – both ones with cyber expertise and ones without – should keep in mind as they look to not only define cyber risk but also reduce it and ensure operational resiliency? In this segment, we’ll hear thoughts from Bryan Ware, the new CEO of LookingGlass Cyber Solutions, former CEO of Next5, a business intelligence and advisory firm, and

This week, we start off with an interview featuring Mike Ernst, VP of Sales Engineering, Worldwide at ExtraHop! Then, in the Leadership & Communications section: 6 information governance best practices, The Seven Deadly Sins Of Leadership, Secrets to building a healthy CISO-vendor partnership, & more! This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw262

In our first segment: Dave Klein, Cybersecurity Evangelist at Cymulate joins Business Security Weekly to discuss the value of "Extended Security Posture Management"! Then In the Leadership and Communications section for this week: SolarWinds breach lawsuits: 6 takeaways for CISOs, Navy Seals’ 5 Leadership Principles That Will Transform Entrepreneurs Into Influential Leaders, More Powerful People Express Less Gratitude, & more! This segment is sponsored by Cymulate. Visit https://securityweekly.com/cymulate to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw261

This week, Senior Analyst Jess Burn will go highlight Forrester's eight security program recommendations for 2022 that will help security leaders take full advantage of their political capital — and budget — to resolve perennial problems and tackle emerging issues. In the Leadership and Communications section: What cybersecurity metrics should I report to my board?, Cybersecurity litigation risks: 4 top concerns for CISOs, The SEC Is About To Force CISOs Into America’s Boardrooms, and more!   Show Notes: https://securityweekly.com/bsw260 Segment Resources: Blog post: https://www.forrester.com/blogs/our-2022-top-recommendations-for-your-security-program-cisos-get-an-offer-they-cant-refuse/?ref_search=604835_1649953578273 Full report: https://www.forrester.com/report/top-recommendations-for-your-security-program-2022/RES177270?ref_search=604835_1649953578273   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook:

This week, Tim Woods, VP Technology Alliances at Firemon, joins BSW to discuss how centralized policy management can provide the visibility, enforcement, and compliance of policies across hybrid cloud environments. In the leadership and communications section, 10 Signs of a Good Security Leader, Toxic Leadership: The Four Horsemen of the Apocalypse, Know Them, 3 Ways to Take Control of Your Cyber Security Career in 2022, and more! With an ever expanding perimeter, how do organizations address the challenges of hybrid cloud? New threats, increased complexity, and continued fragmentation of security responsibilities makes it harder than ever.   Show Notes: https://securityweekly.com/bsw259 Visit https://securityweekly.com/firemon to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

By and large, individual malware strains come and go, but to stop attacks more quickly, organizations need to gain a deeper understanding of attack techniques. By analyzing the attack goals of attackers, organizations can better align their defenses to adapt to quickly changing attack techniques. FortiGuard Labs analyzed the functionality of detected malware by detonating the malware samples collected throughout the year. The result was a list of the individual tactics, techniques, and procedures the malware would have accomplished had the attack payloads been executed. The intelligence we gathered indicates that stopping an adversary earlier is critical. Understanding adversaries’ goals is crucial to defending against the flood of changing techniques they may use. By focusing on a few identified techniques, an organization could shut down a malware’s methods for attack entirely in some situations. In the Leadership and Communications section: Cybersecurity is IT’s Job, not the Board’s, Right?, Why Some CISOs

As the world shifted to remote work, then hybrid work, organizations have struggled with legacy technologies to solve the security challenges of this new way of working. But what if you could use the PC platform, coupled with endpoint isolation, to create a highly efficient and productive platform for users? Jonathan Gohstand from HP Wolf joins Business Security Weekly to discuss the challenges and how endpoint isolation can: - improve your overall risk management - reduce the complexity of multiple solutions/agents, and - improve user experience and productivity In the Leadership and Communications section: Leaders Must Build Trust, 600,000 Open US Jobs, Cybersecurity Retention Issues & More!   Show Notes: https://securityweekly.com/bsw257 Visit https://securityweekly.com/hpwolf to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

Every CISO CIO asks the question, what's the risk? Quantitative analysis, mathematical models are designed to answer this question. Understand how they work, when to use them, and what they can tell us. In the Leadership and Communications section: Cybersecurity Threat Level is High; Be Pro-Active, Cyber Risk Quantified is Cyber Risk Managed, 5 Ways Managers Sabotage the Hiring Process, and more!   Show Notes: https://securityweekly.com/bsw256 Segment Resources: https://www.amazon.com/Ensure-Business-Success-Informed-Decisions-ebook/dp/B09Q7R1HY4 https://fismacs.com/blog/ https://portal.fismacs.com/p/p-rmod4cyber https://fismacs.com/white-paper-mhp-ip4cyber/   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

The most recent trends in social engineering, the latest methods attackers are using to trick their victims, and the best practices to protect your business from these evolving threats. In the Leadership and Communications section: What the Newly Signed US Cyber-Incident Law Means for Security, How to plan for increased security risks resulting from the Great Resignation, The 5 Pillars of Growth, and more!   Show Notes: https://securityweekly.com/bsw255 Segment Resources: https://assets.barracuda.com/assets/docs/dms/Spear-phishing-vol7.pdf Visit https://securityweekly.com/barracuda to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

It doesn't matter how much security technology you have, how much you spend on security: security outcomes are achieved by doing all the little things right. You can spend $10M on network security technology from any vendor, but you will fail to effectively secure your enterprise if you don't properly manage the policy enforced by those firewalls. That sounds really simple, but simple doesn't scale. If you only have a few firewalls with policies consisting of tens of rules, it may be simple. But imagine an enterprise that has 2,000 firewalls, each firewall has a policy with an average of 500 rules, each rule has an average of 15 objects, each source and destination object represent an average of 50 IP addresses. This enterprise is managing, 2,000 firewalls, 1 million rules, 125 million connections, representing over 300 billion access paths. And just 1 wrong rule could expose the network to compromise. In the Leadership and Communications section: CISOs are still chiefs in name only, Defining “Reasonable” Cyb