Redefining CyberSecurity

Guests:Jay Thoden Van Velzen, Strategic Advisor to the CSO at SAP [@SAP]On LinkedIn | https://www.linkedin.com/in/jay-thoden-van-velzen/On Twitter | https://twitter.com/JayThvVOn Mastodon | https://infosec.exchange/@jaythvvMehran Farimani, CEO at RapidFort [@RapidFortInc]On LinkedIn | https://www.linkedin.com/in/farimani/On Twitter | https://twitter.com/farimaniOn Mastodon | https://infosec.exchange/@farimaniMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesCybersecurity is a vast field with many categories and seemingly countless products and services. Some workflows can be implemented and automated to great effect if the organization understands them. However, many solutions within the cybersecurity space focus on the threat and the response but not on the environment of the organization and its business goals. An overload of options and this lack of understanding lead to an ineffective approach to security and wasted time and money.Inspired by a post on Mastodon, Mehran Farimani and Jay Thoden Van Velzen join Sean Martin and special guest, Marco Ciappelli to discuss the challenges with the alphabet soup that is the cybersecurity industry.____________________________ResourcesInspiring Post: https://infosec.exchange/@jaythvv/109530373418320875Community Containers: https://github.com/rapidfort/community-images____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Dutch Schwartz, Principal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Twitter | https://twitter.com/dutch_26HostsSean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionIn this episode, Dutch Schwartz—a Principal Security Specialist with Amazon Web Services—discusses how CISOs and other cybersecurity leaders need to expand upon their technical skills and include leadership competencies. Doing so allows cybersecurity leaders to connect with other leaders in the organization and their cybersecurity teams. This, in turn, makes it possible for cybersecurity activities to enable the business to knowingly take the risks it wants to take and then manage and mitigate those risks when they become problematic.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Guest: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesIn the last episode on this topic, Matthew gave us some insights into how and where he expected cybersecurity to take us in 2022. During the conversation he said, “Cybersecurity will continue to rapidly gain in both relevance and importance in 2022 as the world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders. Overall, 2022 will be a more difficult and trying year for cybersecurity than its predecessors.”In this episode, we take a look back at the year of cybersecurity that was 2022, including the predictions, the outcomes, and the misses. It's a wild ride that you won't want to miss, even if you experienced some of it first-hand in your own InfoSec programs.____________________________ResourcesPrevious Episode #844 - It Is 2022: Here Are Some Cybersecurity Predictions And Their Impact On Business, Governments, Citizens, And Society: https://itsprad.io/redefining-security-844Original 10 Predictions: https://www.linkedin.com/pulse/10-cybersecurity-predictions-2022-matthew-rosenquist/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestLance SpitznerDirector, SANS Senior Instructor - SANS Technical Institute [@sansinstitute]On LinkedIn | https://www.linkedin.com/in/lance-spitzner-0ab0ba1/On Twitter | https://twitter.com/lspitznerHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsPentera | https://itspm.ag/penteri67aAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________Episode NotesThere are many security frameworks, maturity models, and best practices to leverage when developing ‘user friendly’ security policies to foster greater adoption and behavioral change. How these new policies are effectively communicated to ensure both compliance and collaboration across the organization (including remote workers) is equally important.____________________________ResourcesSANS: https://www.sans.org/NIST CSF: https://www.nist.gov/cyberframework____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Data is dynamic. Data is unique. It's critical for businesses to maintain data security and integrity by treating it differently based on what it is, what it's for, who is accessing it, how it's being used, and the overall context surrounding these things.Join us for a conversation with Terry Ray, SVP Data Security GTM, Field CTO and Imperva Fellow, as we explore:What challenges do businesses face when it comes to protecting data in our modern world?What security risks do insider threats present to an organization and why are they so hard to stop?Why are more organizations moving to agentless data security?How have Imperva Data Security solutions evolved to meet the new challenges of securing data wherever it lives?Note: This story contains promotional content. Learn more.GuestTerry RaySVP Data Security GTM, Field CTO and Imperva FellowOn Linkedin | https://www.linkedin.com/in/terry-ray/On Twitter | https://twitter.com/TerryRay_FellowResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityVideo: Demystifying Data Protection: Steps To Find, Monitor And Control Without ChaosWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Community Member Contributor: William PughSecurity Consultant at AWS [@awscloud]On LinkedIn | https://www.linkedin.com/in/billy-pugh/HostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________Episode DescriptionCompanies looking to strengthen their cybersecurity programs would do well to look toward military veterans who are transitioning to the corporate sector. Veterans come equipped with the necessary experience and a cybersecurity paradigm that sets them up for success in helping protect vital digital assets.A vital part of that paradigm is the ambiguity of cybersecurity. New technologies keep emerging that need protection by applying security controls. At the same time, cybercriminals constantly change their tactics, exploiting known weaknesses and bypassing common controls.Both the military and the corporate world also face a dearth of security talent and often have to throw professionals with little experience at the cybersecurity ambiguity challenges. Private companies and public organizations thus need professionals who are accustomed to working under the pressure of ambiguous scenarios with limited resources to support them.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestsJavvad MalikLead Security Awareness Advocate at KnowBe4 [@KnowBe4]On LinkedIn | https://www.linkedin.com/in/javvad/On Mastodon | https://infosec.exchange/@JavvadOn Twitter | https://twitter.com/J4vv4DOn TikTok | https://www.tiktok.com/@j4vv4dOn YouTube | https://www.youtube.com/infoseccynicMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/penteri67a___________________________Episode NotesSecurity awareness and security culture are talked about a lot in the community. In this episode, we get into the nitty gritty of both of these topics, hearing about them via real-world stories and discussing them in the context of real-life analogies. A program is just a program unless it can be understood, measured, and defended from all angles.As one example discussed in this episode, there's no point in just teaching people to spot a phishing email because phishing now comes in text messages, on social media, direct messages on Twitter or Instagram, on Discord channels, even in your WhatsApp messages. There's no way you can train everyone on every single channel out there. A better option is to teach them about the red flags, give them knowledge about how the bad actors will approach their targets, and what some of the signs are to look out for. Help them understand that if you're careful, then you won't fall victim to it. One analogy used to help illustrate this point comes in the form of the crosswalks in London where information is shared with the street crosser at the point when/where they are crossing as opposed to trying to train the traveler weeks in advance of visiting London.This is one of the many, many points that our guest, Javvad Malik, shares with us during this episode.Enjoy and learn!____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Community Member Contributor: Frank KimCISO-in-Residence at YL Ventures [@ylventures] and Fellow and Curriculum Director at the SANS Institute [@SANSInstitute]On Twitter | https://twitter.com/fykimOn LinkedIn | https://www.linkedin.com/in/frank-kim/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________Episode DescriptionAs businesses migrate more and more applications to the cloud and continue relying on SaaS applications, CISOs are under pressure to ensure every IT environment is secure. This requires a new paradigm in formulating cloud security strategies because the technologies differ from on-premises technologies, and the security aspects vary from one cloud provider to another.In this episode, Frank Kim—a Fellow and a Curriculum Director at the SANS Institute—examines the approach CISOs must take to secure multiple cloud and SaaS environments. Kim also discusses the importance of understanding the differences between on-premises security and the cloud and why the speed of the cloud requires a new security paradigm. Kim then presents why CISOs need to give business units and software developers security options (rather than locking them into one tool) while balancing a combination of governance and technical expertise.Understanding the criticality of protecting access credentials and the needs of all stakeholders is also key to a CISO's success in safeguarding multiple cloud environments.______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestAndy RappaportData Security Architect at iRobot [@iRobot]On LinkedIn | https://www.linkedin.com/in/andyrappaport/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcEdgescan | https://itspm.ag/itspegweb___________________________Episode NotesWe've come a long way in software development, moving from a months-long waterfall model to a software development lifecycle (SDLC) that's all about continuous improvement and continuous delivery (CI/CD). Has security testing kept up, and how can it fit in? Let's find out during this chat with Data Security Architect, Andy Rappaport.____________________________Resources____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestsJerry BellVP and CISO, IBM Public Cloud [@IBM | @IBMcloud] and founder & co-host of the Defensive Security Podcast [@defensivesec]On Mastodon | https://infosec.exchange/@jerry/109302267835657653On Linkedin | https://www.linkedin.com/in/maliciouslink/On Twitter | https://twitter.com/MaliciouslinkMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Mastodon | https://infosec.exchange/@MarcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Mastodon | https://infosec.exchange/@seanmartin____________________________This Episode’s SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/pentera-tyuw___________________________Episode NotesAs turmoil ensues on the bird social platform and we witness the information security community making a mad dash to the InfoSec.Exchange instance operating on Mastodon. In this episode, we bring the creator of InfoSec.Exchange, Jerry Bell, to learn more about the Mastodon platform, the vision for InfoSec.Exchange, and what the cybersecurity community can do to ensure this platform continues to reach its potential.____________________________ResourcesInfosec.Exchange on Mastodon: https://infosec.exchange/homeVolunteer for InfoSec Exchange: https://infosec.exchange/@jerry/109302267835657653Donate to InfoSec Exchange: https://liberapay.com/Infosec.exchange/ Jerry's Blog: https://infosec.engineering/Defensive Security Podcast: https://defensivesecurity.org____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network