Redefining CyberSecurity

Digital twin technology, a remarkable innovation, is transforming how industries operate and manage cybersecurity. This edition of The Future of Cybersecurity Newsletter by Sean Martin explores the essence of digital twin technology, its market overview, applications across top industries, its role in cybersecurity, and key considerations for CISOs and the cybersecurity vendors building solutions with digital twin technologies in mind.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Ari Schwartz, Managing Director of Cybersecurity Services and Policy at Venable LLP [@VenableLLP]On Linkedin | https://www.linkedin.com/in/ari-schwartz-484a297a/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of Redefining CyberSecurity, host Sean Martin speaks with Ari Schwartz about the momentum to ban ransomware payments and the path to achieve it. Schwartz, a cybersecurity expert with three decades of experience, discusses his recently published blog post titled "The Path to Banning Ransomware Payments", and unpacks the ways not just businesses, but also governments can respond to this growing threat.Martin and Schwartz delve into significant issues, including the moral, national security, and economic imperatives for banning these payments. The duo further discuss four potential strategies to make not paying ransoms the rational thing to do: requiring victims to report ransom payments, to submit to oversight by a government regulator, to pay fines or face potential criminal charges for refusing to comply.Addressing the practicalities of such a ban, Schwartz believes it’s likely to happen within the next 3 to 5 years but notes the need for passing laws to successfully enforce it. He also examines the critical role of insurance in this scenario and emphasizes the importance of risk mitigation strategies and robust cybersecurity measures.The episode also explores potential exceptions to the ban like potential life-or-death situations or major economic harm, and the need for government intervention during ransom situations. Lastly, they discuss how targeting ransomware can help internal corporate security teams highlight the threats to their leadership and drive investment in robust cybersecurity.Top Questions Addressed:How can we effectively move towards the banning of ransomware payments?How does insurance play a role in this scenario and what should we prepare for in that regard?What are potential exceptions to the ban and how could a government intervene during ransomware situations?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesThe Path to Banning Ransomware Payments (LinkedIn post): https://www.linkedin.com/posts/ari-schwartz-484a297a_the-path-to-banning-ransomware-payments-activity-7142600762722848770-8_-J/The Path to Banning Ransomware Payments: https://www.centerforcybersecuritypolicy.org/insights-and-research/the-path-to-banning-ransomware-payments___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Is the security platform dead? Did it ever live in the first place? Will it ever see the light of day? There are many thoughts on this topic, and Sean Martin wrote a new edition of The Future of Cybersecurity Newsletter to share his initial thoughts.Read the article: https://www.linkedin.com/pulse/balancing-platforms-point-solutions-insights-from-product-sean-martin-f0lae/________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Shawn Tuma, Co-Chair, Data Privacy & Cybersecurity Practice at Spencer Fane, LLP [@SpencerFane]On Linkedin | https://www.linkedin.com/in/shawnetuma/On Twitter | https://twitter.com/shawnetumaOn Instagram | https://www.threads.net/@shawnetuma____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin sits down with cybersecurity data privacy attorney, Shawn Tuma. They delve into a comprehensive discussion on cyber risk, cybersecurity incident response, and cyber insurance. During their discussion, Tuma shares a wealth of knowledge stemming from his deep involvement in thousands of cyber incident responses. He discusses the evolving cyber threat landscape, singling out business email compromises as now topping the list and how the evolution of threat actor tactics has exploited the human element in organizations.The conversation segues into the crucial role of insurance in incident response planning. Tuma goes into detail about the issues that organizations face with insurance, especially when they aren't familiar with the terms stipulated in their policies. He also emphasizes the importance of getting the insurance carrier involved early on and the necessity for businesses to have pre-approved incident response teams.The episode wraps up with Tuma’s advice on building a robust incident response plan and how insurance plays a key part in the strategy.Key Insights Provided:Though cyber threats continue to evolve, business email compromises now top the list over ransomware attacks because threat actors are manipulating the human element in organizations.Insurance carriers play an indispensable role in incident response planning; it's crucial to get them involved early on and for businesses to have pre-approved incident response teams.In building a robust incident response plan, businesses must understand their risk, be familiar with the terms stipulated in their policies, and ensure the implementation of measures that limit their vulnerabilities.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________Resources___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests:Phil Reitinger, President and CEO, Global Cyber Alliance [@GlobalCyberAlln]On Linkedin | https://www.linkedin.com/in/philipreitinger/On Twitter | https://twitter.com/CarpeDiemCyberJoshua Corman, Founder, I am The Cavalry [@joshcorman]On Twitter | https://twitter.com/joshcormanOn LinkedIn | https://www.linkedin.com/in/joshcorman/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with guests Phil Reitinger and Josh Corman to discuss the importance of financial backing and coordinated efforts in maintaining the security of the internet's infrastructure. Both guests emphasize the necessity for systemic approaches to sustain critical online operations, and the need to move from a reliance on generous volunteers towards more strategic, financially supported initiatives.Reitinger and Corman cite several initiatives and organizations they've been involved with, such as Global Cyber Alliance, I Am The Cavalry, and others, illuminating their efforts to address cybersecurity issues. They also express the hope that the collaboration they've begun with the Common Good Cyber initiative, will lead to broad systemic solutions. The podcast brings to light key industry players, from large corporations to governments, and non-profits. The episode serves as a solid call to action, urging everyone to be part of a 'coalition of the willing' to secure the common good of the internet.The Common Good Cyber initiative kicks off with a workshop in Washington DC. The workshop exists as a platform to gather diverse perspectives from cybersecurity stakeholders ranging from government representatives, corporations, to non-profit organizations. It is designed as a three-part effort, starting with understanding the urgency and identifying existing solutions, followed by brainstorming new solutions, and finally merging into a joint action plan to address the identified problems. The entire idea is to transition from simple plans to concrete action, which is the most challenging step. Moreover, the workshop is not just a one-off event but a launchpad for the Common Good Cyber initiative. It aims to understand the most viable solutions from the community, develop coherent strategies, and work on implementation beyond just the initial event.Key insights discussed:There's a recognized gap in funding for critical internet infrastructure security, which has largely been dependent on volunteer efforts and small non-profit organizations.The Common Good Cyber initiative is an effort to bring together multiple stakeholders, including governments, corporations, and non-profits, to brainstorm and implement sustainable solutions to cybersecurity problems.Collaborative efforts, transparency, and a shared purpose are seen as crucial elements in addressing the challenges of internet security and operationalizing security tools and processes.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRWnxWBBf8E2rGm4AaELu1YITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesAbout Common Good Cyber: https://commongoodcyber.org/Workshop Overview: https://commongoodcyber.org/events/Workshop Agenda: https://commongoodcyber.org/wp-content/uploads/2024/02/Common-Good-Cyber-February-Workshop-Agenda.pdfWendy Nather's Cyber Poverty Post: https://www.linkedin.com/posts/wendynather_securitypovertyline-cyberpoverty-cybercivildefense-activity-7165733967113957376-80jy___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests:Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]On Linkedin | https://www.linkedin.com/in/ericparizo/On Twitter | https://twitter.com/EricParizoRichard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.Top questions addressed:What is the current status of cybersecurity platforms in the market and how accepted are they by the enterprise?How is data management influencing the security landscape and what role does AI play in its evolution?How successful and realistic are the efforts towards consolidating security capabilities within organizations?What is the current trajectory of mergers, acquisitions, and consolidation in the market?Companies referenced in this conversation:Palo Alto, Cisco, Fortinet, Azure, Symantec, Google, Chrome, Norton LifeLock, AVG, Amazon, Elastic, Splunk, Snowflake, AWS, Cribl___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring Post: https://www.linkedin.com/posts/ericparizo_omdia-standalone-security-products-outsell-activity-7148426159632826368-Z2jdThere Is No Such Thing As a Cybersecurity Platform: https://www.linkedin.com/posts/stiennon_there-is-no-such-thing-as-a-cybersecurity-activity-7166219637024575489-gAutThe Future of Cybersecurity Newsletter — Balancing Platforms and Point Solutions: Insights from a Product Manager, Industry Analysts, and the Market: https://www.linkedin.com/pulse/balancing-platforms-point-solutions-insights-from-product-sean-martin-f0lae___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guests: Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQJason Nurse, Reader in Cyber Security and Director of Science & Research, University of Kent [@UniKent] and CybSafe [@CybSafe]On Linkedin | https://www.linkedin.com/in/jasonrcnurseOn Twitter | https://twitter.com/jasonnurseOn Mastodon | https://infosec.exchange/@jasonnurse____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the new (first!) episode of the Human-Centered Research Series on the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney from the Human Centered Cybersecurity program at NIST, chat with Dr. Jason Nurse, a reader in cybersecurity at the University of Kent in the UK. The discussion revolves around the role of cyber insurance in organizational risk management.Jason elucidates cyber insurance’s function as a residual risk mitigation tool when dealing with cyber attacks, helping businesses recover and connect with response teams. They discuss how cyber insurance can incentivize better security practices but highlight challenges related to assessing security postures across diverse businesses. While ransomware features heavily in discussions of cyber risks, Jason points out that insurers don't always encourage ransom payments. Julie raises the issue of accessibility of cyber insurance for small businesses and suggests insurers offer 'pre-breach services'.Sean, Julie, and Jason debate the role of human behavior in cyber risk, and how it affects organizations and insurance policies. They underscore the value of research in enhancing security practices and conclude by pondering ways to bridge the gap between academic research and practical implementation in cybersecurity.Key Questions Addressed:What is the role and impact of cyber insurance in organizational risk management?How does cyber insurance interact with a business's cybersecurity practices, and how could it incentivize better measures?How does human behavior factor into cyber risks and insurance policies, especially in the context of ransomware and small-medium enterprises?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesBetween a rock and a hard(ening) place: Cyber insurance in the ransomware era: https://www.sciencedirect.com/science/article/pii/S016740482300072XCyber Insurance and the Cyber Security Challenge: https://kar.kent.ac.uk/89041/1/RUSI-Kent-OP-Cyber-insurance.pdfMapping the coverage of security controls in cyber insurance proposal forms: https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0059-yImpact 2024: https://www.theimpactconference.com/impact-usa/___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Sidney Pearl, Executive Director at AI-ISACOn Linkedin | https://www.linkedin.com/in/sidney-pearl/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesWelcome to a new episode of Redefining CyberSecurity Podcast. In this episode, Sean Martin is joined by Sidney Pearl to discuss the AI-ISAC (Artificial Intelligence Information Sharing and Analysis Center). They talk about the importance of operationalizing security and how communities, such as CISOs and other business executives, play a vital role in information sharing.Sidney Pearl, the newly appointed executive director of AI ISAC, shares his background and experience in cybersecurity. The pair explore the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs. They explain that ISACs were initially formed to develop public and private partnerships between the government and private industry to share information and identify threats to critical infrastructure. Over time, ISACs have evolved into ISAOs, which have members beyond just the government and focus on sharing information across various domains.The conversation then shifts to the AI ISAC and its importance in sharing information about artificial intelligence-related threats. They emphasize that the AI-ISAC is neutral and aims to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence. They discuss the challenges of navigating the rapidly evolving field of artificial intelligence, where bad actors can leverage AI tools for malicious purposes.Sean and Sidney stress the necessity for organizations to proactively understand the trajectory of AI and make informed decisions. They highlight the importance of accessibility to good information for organizations to stay ahead of threats. Trust plays a crucial role in the success of ISACs, and Sidney invites the audience to engage with the AI-ISAC to foster trust and collaboration. Sidney also expresses the AI-ISAC's commitment to working together with the cybersecurity community to adapt to the changes brought by artificial intelligence. He encourages listeners to reach out and participate in the dialogue, emphasizing that we are all in this together.Key Insights Provided:What is the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers)? How have they evolved over time to develop public and private partnerships and share information to identify threats to critical infrastructure?What is the role of the AI-ISAC ? How does it aim to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence? What are the challenges in navigating the rapidly evolving field of artificial intelligence?How can organizations proactively understand the trajectory of artificial intelligence and make informed decisions to stay ahead of emerging threats? What is the importance of accessibility to good information in cybersecurity? How does trust play a crucial role in the success of ISACs, and how can the AI-ISAC foster trust and collaboration within the cybersecurity community?___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesNew Artificial Intelligence Information Sharing Analysis Center (AI-ISAC) Launches at Kennedy Space Center: https://world.einnews.com/pr_news/674452892/new-artificial-intelligence-information-sharing-analysis-center-ai-isac-launches-at-kennedy-space-center___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

In this edition of The Future of Cybersecurity Newsletter, we embark on a journey that connects the groundbreaking innovation of the blue LED with the ever-evolving challenges of cybersecurity. Shuji Nakamura's pioneering work in developing the blue LED not only revolutionized lighting technology but also provides invaluable lessons for tackling the complexities of modern cybersecurity. We explore how the persistence, interdisciplinary approaches, and innovative thinking that led to the blue LED's success can be mirrored in addressing cybersecurity threats.________This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.Sincerely, Sean Martin and TAPE3________Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

Guest: Jack Cable, Senior Technical Advisor at CISA [@CISAgov]On LinkedIn | https://linkedin.com/in/jackcableOn Twitter | https://twitter.com/jackhcableCISA on LinkedIn | https://www.linkedin.com/company/cisagov/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Devo | https://itspm.ag/itspdvweb___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin invites Jack Cable, Senior Technical Advisor at CISA (U.S. Cybersecurity and Infrastructure Security Agency), to discuss the concept of 'Secure by Design' and the importance of incorporating security into the development process of technology products. The episode explores the motivations behind CISA's 'Secure by Design' initiative, which aims to shift the responsibility for cybersecurity from end users to technology manufacturers.During the conversation, Jack highlights the need for long-term investments in cybersecurity and emphasizes the role of business leaders in driving necessary security improvements. The conversation explores the core principles of 'Secure by Design', including technology manufacturers taking ownership of security outcomes for their customers, promoting radical transparency and accountability, and ensuring top business leadership drives security improvements. The episode also touches on the collaboration between CISA and the open-source community to foster greater security improvements in the open-source space.Jack also shares success stories of companies effectively implementing 'Secure by Design' principles and highlights the economic and business factors that will drive a more secure future. The episode concludes with a call-to-action for organizations to adopt the 'Secure by Design' approach and engage with CISA to support the shift towards more secure software.Top Key Insights:The 'Secure by Design' initiative is aiming to shift the burden of cybersecurity from end users to the technology manufacturers, essentially pushing for a more proactive approach to security.Successful adoption of 'Secure by Design' requires buy-in from business leaders who possess the power to allocate budgets and direct the shift towards a secure future, demonstrating that cybersecurity is as much a business issue as a technical one.Collaboration with the open-source community is crucial for improving security in the technology ecosystem. This includes expectaing companies who use open-source software to be responsible consumers and sustainable contributors to the open-source software ecosystem.___________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqITSPmagazine YouTube Channel:📺 https://www.youtube.com/@itspmagazineBe sure to share and subscribe!___________________________ResourcesInspiring LinkedIn Post: https://www.linkedin.com/posts/jackcable_when-a-new-vulnerability-comes-out-its-activity-7135658158726791168-nz9hSecure by Design Overview: https://www.cisa.gov/securebydesignAlert Series Announcement: https://www.cisa.gov/news-events/news/cisa-announces-secure-design-alert-series-how-vendor-decisions-can-reduce-harm-global-scalePrinciples for Package Repository Security: https://repos.openssf.org/principles-for-package-repository-securityRequest for Information: https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for___________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network