Business Security Weekly (Audio)

The American Data Privacy and Protection Act introduces oversight of how companies handle the data they collect and process from U.S. citizens, including AI algorithms used to uncover insights that can be monetized. Security professionals should prepare now for the legislation by understanding how to audit algorithms and implement compliance processes. Even if this version of privacy legislation doesn’t pass, similar legislation will likely pass soon.   Segment Resources: Forbes Tech Council article: Why You Need to Prepare Now for Privacy Legislation That May Not Pass https://www.senecaglobal.com/media-mentions/ftc-why-you-need-to-prepare-now-for-privacy-legislation-that-may-not-pass/ Enterprise Security Tech - American Data Privacy Protection Act: What, Who, How https://www.enterprisesecuritytech.com/post/american-data-privacy-protection-act-what-who-how Security Info Watch - What the American Data and Privacy Act means for businesses https://www.securityinfowatch.com/security-executives/article/21295869/what-the-american-data-and-privacy-act-means-for-businesses   In the leadership and communications section, Cybersecurity Starts with the Board and C-Suite, How CISOs can achieve more with less during uncertain economic times, Why Authentic Leadership Is So Hard, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw-308 

Check out this interview from the BSW VAULT, hand picked by main host Matt Alderman! This segment was originally published on June 8, 2020. Marc French has more than 25 years of technology experience in engineering, operations, product management, and security. Prior to his current role at CISO at Product Security Group, Marc was the SVP & Chief Trust Officer at Mimecast, Inc. and has held a variety of senior security roles at Endurance/Constant Contact, EMC/RSA, Iron Mountain, Digital Guardian, and Dun & Bradstreet. With all this security experience, Marc has created a series of career ladders to help guide infosec professionals with their job journey, including the illustrious CISO position. We will also cover whether you really want to be a CISO... All of the open source career ladders can be found here: https://github.com/product-security-group/Security_Ladders   Visit https://www.securityweekly.com/bsw for all the latest episodes! Show Notes: https://securityweekly.com/vault-bsw-1 

You can rebuild infrastructure. But you can’t un-breach data – Data sits at the core of an organization and is often the most open and vulnerable. This is why data security is the most important and urgent security problem to solve right now. We’re joined by Matt Radolec, Senior Director of Incident Response and Cloud Operations at Varonis, to walk through the blast radius concept – from what it is and how to use it to understand your organization's risk, to how it can serve as a guide to securing data from insiders and external attackers.   Segment Resources: The Great SaaS Data Risk Exposure report: https://info.varonis.com/hubfs/Files/docs/research_reports/Varonis-The-Great-SaaS-Data-Exposure.pdf The Forrester Wave™: Data Security Platforms, Q1 2023 https://reprints2.forrester.com/#/assets/2/1646/RES178465/report Learn more about the Varonis Data Security Platform https://www.varonis.com/products/data-security-platform   This segment is sponsored by Varonis. Visit https://securityweekly.com/varonis to learn more about them!   In the leadership and communications section: Do You Really Need a CISO?, A CISO Employment Contract May Mean the Difference Between Success and Jail, When Your Employee Tells You They’re Burned Out, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw307 

Medtronic's Security Ambassador program has seen tremendous growth and engagement in recent years. Learn how they gave their program a shot of adrenaline and haven't looked back since.   Cybersecurity teams today are inundated with tools that provide an abundance of alerts and data about threats, gaps, vulnerabilities and everything in between. While security tools are critical to operating a cybersecurity program and produce helpful data, they should never dictate an organization’s cybersecurity strategy. Instead, Amad Fida, CEO & Founder of Brinqa, explains why business priorities should be the foundation for any company’s cybersecurity strategy. This segment is sponsored by Axonius. Visit https://securityweekly.com/axoniusrsac to learn more about them!   Economic uncertainty has forced IT and security leaders to be more cautious than ever when increasing spending and team size. Suh dynamics give CISOs and CIOs an opportunity to demonstrate value by going beyond “merely” defending the organization from threats. We can contribute toward the organization’s efforts to constrain costs by looking inward at existing tools and assets to understand deployment, usage, and value. We can do this by ensuring the company is making the most of what it already has – and eliminating the spend that’s not being utilized in the most effective way. This segment is sponsored by Brinqa. Visit https://securityweekly.com/brinqarsac to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw306 

Each year, Forrester tracks the top systemic risks — external events that impact your firm and customers but are out of your control — facing organizations. The impacts of climate change are both short-term, in the form of severe weather, drought, and heat waves, and long-term, in the form of biodiversity loss, sea-level rise, and rising temperatures. Want to see where climate risk ranked on the list? Read The Top Systemic Risks, 2023 (https://www.forrester.com/report/the-top-systemic-risks-2023/RES179156) or listen to this segment on Business Security Weekly.   A resilient cybersecurity strategy is essential to running your business while protecting against security threats and preventing data breaches. For CISOs, partnering with a managed service security provider (MSSP) means you can be in control of your organization’s information and infrastructure security without placing a strain on internal personnel or resources which is critical in today’s uncertain economy. With an MSSP on board, CISOs are better equipped to meet strategic and business goals, while improving operations and reducing expenses. This interview will discuss not only why to consider an MSSP but how to choose the right one for the job. This segment is sponsored by Direct Defense. Visit https://securityweekly.com/directdefensersac to learn more about them!   Insider Risk is a problem that continues to grow - and that companies are still struggling to solve. CISOs state that it is the number one most difficult threat to detect, placing it over malware and ransomware. Code42 President and CEO Joe Payne will explain why the Insider Risk problem is so challenging and will offer guidance on how to solve it. This segment is sponsored by Code42. Visit https://securityweekly.com/code42rsac to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw305 

This week, it's time for Security Money. We recap Q1 2023 with the latest financial results, funding announcements, and layoffs. Don't miss this quarterly update. At the market close on April 28th 2023: - SW25 Index is 1,404.31, which is an increase of 40.43% (up from last Q) since inception. - NASDAQ Index is 12,226.58, which is an increase of 84.27% (up from last Q) during the same period.   CISOs face the complex challenge of protecting organizations against an expanding array of cybersecurity risks. While the role requires constant adaptation to protect against new threats, CISOs often bear the blame when defenses are breached. In this segment Kunal Anand, CTO & CISO, Imperva, discusses the evolution of the role and what aspiring professionals need to know if they want to hold the title. This segment is sponsored by Imperva. Visit https://securityweekly.com/impervarsac to learn more about them!   Today’s security products are evolving to meet the changing attack surface, each one targeting a specific set of risks. For organizations, this typically means that to increase security maturity, they need to implement a number of different solutions, and as the attack surface continues to expand, their tech stack quickly becomes difficult to manage. It’s time for the industry to help security teams achieve a better balance and reduce this operational burden. Segment Resources:  https://www.fortra.com/resources/cybersecurity-education?code=cmp-0000011766&ls=717710002&utm_source=cyberrisk-alliance&utm_medium=video&utm_campaign=ft-rsa-conference This segment is sponsored by Fortra. Visit https://securityweekly.com/fortrarsac to learn more about them!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw304 

We talk a lot about closing the skills gap, but it's harder said than done. So we thought we'd tackle the problem in our 2nd episode os Say Easy, Do Hard. Part 1 will discuss the skills needed, the requirements of the position, and the real qualifications for cybersecurity jobs. We will discuss the practical, realistic expectations of working in cybersecurity, not the hyped stereotypical positions.   After discussing the requirements for working in cybersecurity, part 2 will tackle where to find the talent. We will explore education, apprenticeships, mentorships, and training. We will also identify areas within the business that have resources with skills that are very complementary with cybersecurity that also make great recruiting areas.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw303 

Securing the business can often come at a cost of employee productivity, but it doesn’t have to be this way. Especially in today’s economic climate, the security team cannot be seen as a blocker to business. Aviv discusses how to find that balance in today’s episode. This segment is sponsored by Votiro. Visit https://securityweekly.com/votiro to learn more about them!   In the leadership and communications segment, Security Is a Revenue Booster, Not a Cost Center, How cybersecurity leaders can tackle the skills shortage, Engaged Employees Create Better Customer Experiences, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw302 

Barracuda just released a report on Ransomware findings, here: https://assets.barracuda.com/assets/docs/dms/2023 -Ransomware-insights-report.pdf. Here are a few of the highlighted stats: Barracuda international survey finds 73% of organizations experienced a successful ransomware attack in 2022 — 38% were hit more than once. 42% of those hit three times or more paid the ransom to restore encrypted data — compared to 31% of victims hit just once. 69% of ransomware attacks began with an email. 27% of organizations feel underprepared to tackle ransomware.   Fleming Shi joins Business Security Weekly to discuss the findings and ways to better prepare for these attacks. In the leadership and communications segment, How to Succeed As a New Chief Information Security Officer, Lead by Example: What Army Special Forces Can Teach You About Leadership, How to Take Risks & Conquer Fears, and more!   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw301

Why 300? 300 is a perfect game in bowling, a milestone few have achieved (unless you're Brendan Alderman who has done it twice before the age of 20). 300 podcast episodes is almost 7 years of recording, a milestone most podcasts haven't achieved. So we thought is was worth celebrating! Join current and former BSW hosts to get a brief history of Business Security Weekly, including:   Paul's resignation from Tenable in 2016 to expand the Security Weekly podcast Michael and Paul launching Start-up Security Weekly in 2016 The switch to Business Security Weekly in 2018 Matt's first episode (105) in 2018 as the new CEO of Security Weekly  The premier episode of Security Money (113) in 2019 Jason's first episode (101) in 2018 The sale of Security Weekly to CyberRisk Alliance in 2020 Ben's first episode (231) in 2021 The premier episode of Say Easy, Do Hard (289) in 2023   You ask, we respond. This Ask Me Anything (AMA) segment allows the audience to ask the BSW hosts anything. From leadership skills to career advice or even why Alderman keeps moving, this segment answers the questions you want to know.   Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly   Show Notes: https://securityweekly.com/bsw300