Business Security Weekly (Audio) Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault
10 snips
Dec 23, 2024 This discussion dives into the struggles CISOs face with stagnant security budgets and how to create a minimum viable security program. Jon Fredrickson emphasizes essential capabilities like identity management and email protection. The conversation also highlights the significance of asset management in strengthening security posture and integrating risk management into company culture. Additionally, listeners gain insights into the differences between EDR and SIEM solutions and the challenges of adopting security technologies effectively.
AI Snips
Chapters
Transcript
Episode notes
Calling In A Trusted Vendor
- Jon Fredrickson recalled calling Alan Alford for dot-com hosting emergencies when he worked at Blue Cross.
- That prior relationship shaped his view of practical vendor support.
Identity As A High-Impact Foundation
- Identity and privileged access topped the crowd-sourced minimum viable security list.
- MFA, SSO, PIM/PAM and access control form a high-impact foundation for security programs.
Prioritize Assets And Patching First
- Prioritize asset and patch management before buying more detection tooling.
- Know what you own and keep software current so other controls become effective.