Business Security Weekly (Audio)

It's another holiday week, so enjoy this episode from the BSW archives! This week, we welcome Graeme Payne, President at Cybersecurity4Executives, to discuss Impacts of a Data Breach! During the Equifax 2017 Data Breach, Graeme Payne was Senior Vice President and CIO of Global Corporate Platforms. He was fired the day before the former Chairman and CEO of Equifax testified to Congress that the root cause of the data breach was a human error and technological failure. Graeme would later be identified as the human error . In the Leadership and Communications Segment, CISO position burnout causes high churn rate, 7 Rules for Staying Productive Long-Term, Now Is an Unprecedented Opportunity to Hire Great Talent, and more! Show Notes: https://wiki.securityweekly.com/BSWEpisode172 Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly

How do you manage the human side of cybersecurity? Traditionally, security awareness programs have checked this box from a compliance angle but had minimal impact on cyber risk. Human Risk Management (HRM) is transforming this space by connecting an integrated, data-driven approach with personalized security training to deliver quantifiable results. In this session, we'll define HRM, explore how it is being adopted, and review the business case supporting the change. This segment is sponsored by Living Security. Visit https://securityweekly.com/livingsecurity to learn more about them! In the leadership and communications section, What CISOs Should Know About Hacking in 2023, Getting Employee Buy-In for Organizational Change, Listening — The most important communication skill, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw294

This week, it's Security Money. While the major indexes have improved, the SW25 index has not. Pressures from the macro economic conditions appear to have a greater impact on cybersecurity. We'll dig in and review. In the leadership and communications section, Who Does Your CISO Report To?, 5 CISO Traps to Avoid and Truths to Embrace, How to effectively communicate cybersecurity best practices to staff, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw293

What keeps the cyber C-Suite up at night? What are their main priorities, and how do they articulate them to board? In this session, we'll go behind the screens and find out what CISOs from all over the world really think in terms of making turning cyber risk into business risk. This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them! In the leadership and communications section, Why CISOs Make Great Board Members, Unlock Your Leadership Potential: 12 Must-Read Books to Take Your Skills to the Next Level, How To Get People To Listen To You, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw292

Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview. In the leadership and communications section, 8 Questions to Ask Before Selecting a New Board Leader, How Cybersecurity Leaders Can Build Employee Trust—And Why It Is Important, 7 rules to communicate the business value of IT, and more! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw291

We're aren't recording this holiday week, so enjoy this BSW throwback episode! Main host Matt Alderman selected this episode to share as it's still relevant to the InfoSec business community today. This week, we welcome Jim Routh, Former CSO, Board member, Advisor at Virsec, to discuss The 3 Mistakes All First Time CISOs Make That No One Tells You! Show Notes: https://securityweekly.com/bsw227 Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://twitter.com/securityweekly Follow us on Facebook: https://facebook.com/secweekly

In the leadership and communications section, The CISO Role is Broken, Five Cybersecurity Resolutions CISOs Can Actually Keep In 2023, Are Cyber Attacks at Risk of Becoming 'Uninsurable'?, and more! SolarWinds has been on the journey of Secure by Design since the Sunburst incident in late 2020. Secure by Design is a practical approach to minimizing risk. It involves advanced build systems, an assumed breach model, proactive testing, audit, increased visibility and sharing lessons externally. Segment Resources: https://www.solarwinds.com/secure-by-design-resources Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw290

With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities. With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 2 and focuses on the minimum viable security vendors for our top 6 capabilities: 1. Asset Management 2. Patch Management 3. IAM/MFA/PIM/PAM 4. EDR/MDR/XDR 5. Backup/Recovery 6. Risk Management Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw289

In the Leadership and Communications section, CISOs of the World, Unite!, 8 things to consider amid cybersecurity vendor layoffs, The Best Public Speakers Put the Audience First, and more! Barracuda just finished an email security survey. We start to dig into the results and the impact for 2023, including: - 86% of respondents in all the countries surveyed said third party email security solutions are essential to keep our Microsoft 365 environment secure - This rises to 92% for respondents in the U.S. - And to 91% for companies with between 250 and 499 employees Also: - Just under one in five (19%) of all respondents said their top email security concern with Microsoft 365 was data protection and the risk of data loss - This rises to one in four (25%) among the frontline IT managers and professionals surveyed This segment is sponsored by Barracuda. Visit https://securityweekly.com/barracuda to learn more about them! Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw288

In the leadership and communications section, 5 top qualities you need to become a next-gen CISO, Ego Is the Enemy of Good Leadership, How To Explain Things Better, and more! The U.S. is at an inflection point in terms of cyber threats; Critical infrastructure attacks are growing more frequent and consequential, and the White House recently called the cyber talent gap of nearly 770,000 open positions a "national security challenge." Kelly Rozumalski, SVP at Booz Allen Hamilton leading the firm's national cyber defense business, joins BSW to discuss why upskilling and reskilling are key to closing the cyber talent gap at the federal level and how a collective defense posture across government and private sector can enable us to better secure U.S. critical infrastructure. Visit https://www.securityweekly.com/bsw for all the latest episodes! Follow us on Twitter: https://www.twitter.com/securityweekly Like us on Facebook: https://www.facebook.com/secweekly Show Notes: https://securityweekly.com/bsw287