Resilient Cyber

Resilient Cyber w/ Mark Simos - Cybersecurity Anti-Patterns

Oct 17, 2024

In this captivating discussion, Mark Simos, a Microsoft veteran with a wealth of experience in cybersecurity, shares insights from his provocative RSA Conference talk on common security anti-patterns. He emphasizes how a technology-centric mindset often neglects business assets, calls out the harmful 'silver bullet' mentality, and humorously addresses the paradox of blame in security settings. Mark also critiques the office of 'no' that resists new trends, urging a shift towards empathy and collaboration to break these recurring mistakes.

29:30

Episode guests

Mark Simos

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

Technology-centric thinking in cybersecurity overlooks the importance of human behavior and business processes in mitigating risks effectively.

Developing soft skills like communication and empathy enhances collaboration between security teams and business stakeholders, ensuring better security outcomes.

Deep dives

Understanding Technology-Centric Thinking

Technology-centric thinking refers to the misconception that cybersecurity can be solely resolved through technological solutions rather than considering the business context. This mindset often leads organizations to invest in various tools and appliances without acknowledging that many cyber incidents arise from human errors or processes rather than technology failures. For instance, issues like business email compromise illustrate how no technological tool can effectively counteract the human tendency to fall for scams without proper training and process controls. To overcome this, organizations need to focus more on educating and training personnel while integrating security practices into their business processes.

Intro

3min

Understanding Cybersecurity Through Anti-Patterns

2min

Rethinking Cybersecurity: Beyond Technology

15min

The Critical Role of Soft Skills in Cybersecurity Success

4min

Enhancing Cybersecurity Through Communication and Standards

6min

In this episode we sit down with Mark Simos to dive into his RSA Conference talk "You're Doing It Wrong - Common Security AntiPatterns" to dig into several painfully true anti-patterns in cybersecurity and how we often are our own worst enemy.

-

- First off, for those not familiar with you or your background, can you tell us a bit about that.

- So you delivered this talk at RSA, focused on Cybersecurity "Anti-Patterns". How did the talk come about and how was it received by the audience?

We won't be able to name them all, but I would love to discuss some of them.

- You talk about the technology-centric thinking, and how folks believe security is about technology instead of business assets. Can you explain this one?

- The silver bullet mindset was another that jumped out to me. This is thinking a single solution can 100% solve complex and continuous problems. What ways have you seen this one play out?

- The paradox of blame is one that made me laugh because I have seen this play out a lot. You talk about the CYA mentality, how security warns about issues, they are skipped and then security is blamed. This one really stings because I have seen it happen, and in fact, I feel like we're seeing it play out with some of the CISO liability cases and regulations that are emerging.

- Perhaps one of the most well known anti-patterns of security being the office of no or resisting trends. I feel like we saw this with Cloud, Mobile, SaaS and now AI. Why do we keep repeating these mistakes?

Get the Snipd
podcast app

Unlock the knowledge in podcasts with the podcast player of the future.

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Save any
moment

Hear something you like? Tap your headphones to save it with AI-generated key takeaways

Share
& Export

Send highlights to Twitter, WhatsApp or export them to Notion, Readwise & more

AI-powered
podcast player

Listen to all your favourite podcasts with AI-powered features

Discover
highlights

Listen to the best highlights from the podcasts you love and dive into the full episode

Resilient Cyber

Resilient Cyber w/ Mark Simos - Cybersecurity Anti-Patterns

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Technology-Centric Thinking

The Illusion of the Silver Bullet

Navigating the Paradox of Blame

The Importance of Soft Skills in Cybersecurity

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights

Resilient Cyber

Resilient Cyber w/ Mark Simos - Cybersecurity Anti-Patterns

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Understanding Technology-Centric Thinking

The Illusion of the Silver Bullet

Navigating the Paradox of Blame

The Importance of Soft Skills in Cybersecurity

Get the Snipdpodcast app

AI-poweredpodcast player

Discoverhighlights

Save anymoment

Share& Export

AI-poweredpodcast player

Discoverhighlights

Get the Snipd
podcast app

AI-powered
podcast player

Discover
highlights

Save any
moment

Share
& Export

AI-powered
podcast player

Discover
highlights