Cloud Security Podcast by Google EP208 The Modern CISO: Balancing Risk, Innovation, and Business Strategy (And Where is Cloud?)
22 snips
Jan 27, 2025 John Rogers, CISO at MSCI with a rich background in cybersecurity and financial services, shares his insights on the evolving landscape of CISO responsibilities. He discusses the balance between innovative approaches and the real risks faced by organizations, especially in cloud security. The conversation covers the importance of proactive strategies, collaboration between teams, and effective communication with executives. Rogers also emphasizes staying grounded in reality while being forward-looking, advocating for strategic planning to navigate the complex cyber threat environment.
AI Snips
Chapters
Transcript
Episode notes
Shift to Attack Simulation
- Move away from compliance-based security frameworks like NIST and ISO.
- Adopt attack simulation strategies using frameworks like MITRE ATT&CK.
True Cyber Resilience
- True cyber resilience goes beyond typical disaster recovery, focusing on rebuilding from scratch after a cyberattack.
- Many companies equate resilience with cybersecurity or basic disaster recovery, which is insufficient.
AD Dependency Failure
- A company's disaster recovery plan failed because it relied on Active Directory (AD), which was encrypted in the attack.
- This highlights the importance of isolating the disaster recovery environment, including authentication.