Redefining CyberSecurity

In the first episode of this two-part series, we looked at the history of privacy law and regulation and we explored how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business. We also dissected the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.In this second episode, we take a closer look at actionable strategies and steps organizations can take to operationalize data privacy compliance and how to leverage data privacy initiatives to create a stronger security posture. As we explore these challenges, we begin to uncover the realities of the increased complexity that comes with each decision the business makes to create, collect, store, process, and share sensitive information throughout multiple business systems, applications, and geographies. While there is a clear need to protect the data from being inappropriately accessed by authorized or unauthorized users, a better strategy can be found in the simplification of the business systems and processes thereby avoiding (or at least reducing) the exposure to compliance and security risk.Whatever the drivers are behind your business outcomes and IT operations decisions, having an outcome in mind for privacy and security will give you something to shoot for. Whether it's creating the strongest posture possible or simply checking the boxes for compliance, at least you know where you're going and can begin to head down that path.  Clarity and consistency in action brings improved preparedness and increased confidence to the conversation, which leads to more positive outcomes all the way around.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

GuestScott SchoberPresident and CEO of Berkeley Varitronics Systems [@BVSystems]On Linkedin | https://www.linkedin.com/in/snschober/On Twitter | https://twitter.com/ScottBVSOn Facebook | https://www.facebook.com/scott.schober.585HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsAsgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcPentera | https://itspm.ag/pentera-tyuw___________________________Show NotesWhat is a cybersecurity best practice anyway? And which company is it “best” for? In this conversation, Scott Schober and Sean Martin break down common cybersecurity practices and how businesses of all sizes (especially SMBs/SMEs) can dissect what matters most for their business and how the organization as a whole can adopt the most appropriate cybersecurity practices.Scott also shares his personal story of being targeted by cyber activists and cybercriminals, along with the details for how his personal compromise became a vector to the business being threatened. This is a serious conversation that many don’t talk about. However, hearing this story sheds some much-needed light on how threats and attacks become reality — targeted or not.____________________________ResourcesBooks | Hacked Again Cybersecurity is Everybody’s Business: https://scottschober.com/cybersecurity-is-everybodys-business/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

The large ratio gap in the availability of IT security professionals to open positions existed long before COVID-19. And that gap has grown even bigger thanks to the great resignation that has continued to take place in the IT industry since the pandemic. This has created a huge challenge for CISOs and other security leaders in their efforts to recruit and retain skilled security teams.In this episode, Megan McCann—CEO & Founder of the IT recruitment firm McCann Partners—presents creative approaches CISOs and hiring managers can apply to go beyond scanning resumes to finding prospects who can offer true value. McCann also discusses what CISOs can do to nurture their own careers._______________________Community Member Contributor: Megan McCannCEO & Founder at McCann Partners [@McCannPartners]On Twitter | https://twitter.com/meganpmccannOn LinkedIn | https://www.linkedin.com/in/meganpmccann/Hosts: Sean Martin and Marco CiappelliOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestsLeAnn CarySenior Director - Advanced Fusion Center Practice Leader, Optiv [@Optiv]On Twitter | https://twitter.com/leanncaryOn Linkedin | https://www.linkedin.com/in/leanncary/Yolanda CraigDirector, Business Strategy and Development, IC at Raytheon BBN [@RaytheonIntel]On Linkedin | https://www.linkedin.com/in/yolanda-c-r-craig/Sunday Oludare OgunlanaSecurity Incident Management Team, Citi [@Citi]On Linkedin | https://www.linkedin.com/in/sogunlana/On Twitter | https://twitter.com/abovejordanJay Jay DaveySOC Client Lead, Bridewell [@bridewellsec]On Linkedin | https://www.linkedin.com/in/biggingerhoneypot/On Twitter | https://twitter.com/NoxCyberHostsSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society PodcastOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli____________________________Episode IntroductionThe SOC is changing. Cybersecurity teams are investing in AI-driven security technologies and planning to outsource many of the Tier-1 and Tier-2 analyst responsibilities to combat talent shortages—enabling in-house teams to become much more focused on threat intelligence. In this panel, SOC professionals from MSSPs and in-house teams will come together to discuss dividing and conquering responsibilities to keep organizations secure.Want more on this topic? Be sure to watch the live stream of the Second Annual SOC Analyst Appreciation Day: https://itspm.ag/devo2p8iFor more SOC Analyst Appreciation Day  Event Coverage podcast and video episodes visit: https://itspmagazine.com/second-annual-soc-analyst-appreciation-dayTo see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestsDeborah BlythExecutive Public Sector Strategist at CrowdStrike [@CrowdStrike]On Linkedin | https://www.linkedin.com/in/deborah-blyth/On Twitter | https://twitter.com/debbiblythMerlin NamuthCISO at REPAY [@REPAYholdings]On Linkedin | https://www.linkedin.com/in/merlin-namuth/HostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Edgescan | https://itspm.ag/itspegweb___________________________Show NotesWhen security leaders are preparing to speak with executive-level leaders and the board of directors, it's important to "know your audience" — but there is so much more to it than that.Join us as we discuss how to learn more about the board of directors, what they care about, how to connect with them, and how to get what you want and need from them to succeed. Equally important is what you can do for them for the business and the greater good of the business world ... we're all connected at some level.Each and every conversation is important and potentially nerve-wracking. None more so than the  very first time you are going to present to the board. Thankfully, Debbi and Merlin share some insights on this stage-setting activity as well.Enjoy!____________________________ResourcesLinkedIn Post | Why Cybersecurity Should be a Board-Level Discussion: https://www.crowdstrike.com/blog/why-cybersecurity-should-be-a-board-level-discussion/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Over 100+ countries and counting (along with a growing number is U.S. states) have enacted data privacy legislation, creating a super-complex global data privacy landscape. Unless, of course, you approach the situation with a different mindset.Join us to explore the relationship between privacy, security, compliance, and ethics as organizations try to find the perfect balance in data creation, collection, storage, usage, and collaboration.Don’t worry, we’ll set the record straight for the differences between the “DPO” and the “DPO” … as well as the participation and responsibilities of security, privacy, engineering, legal, compliance, and more.In this first episode, we look at the history of privacy law and regulation and we explore how the definitions and requirements are expanding for the benefit of consumers and the impact and challenges they create for the business.We also get into the differences between data privacy, compliance, and security and how organizations can determine what its data privacy posture will look like in comparison/contrast to its security posture.Is it a one-size-fits-all approach? As an engineer turned legal professional turned privacy executive, you might be surprised to hear what Kate’s recommendations are.Note: This story contains promotional content. Learn more.GuestKate BarecchiaDeputy General Counsel & Global Data Privacy Officer at Imperva [@Imperva]On Linkedin | https://www.linkedin.com/in/kate-barecchia-82759a14/ResourcesLearn more about Imperva and their offering: https://itspm.ag/imperva277117988Product: Imperva Data Security FabricData Discovery Solution: Data discovery and classificationData Security Solution: Sensitive and personal data securityWebinar: What Security Professionals Need to Know About Privacy in 2023Whitepaper: A data-centric cybersecurity framework for digital transformationAre you interested in telling your story?https://www.itspmagazine.com/telling-your-story

Global supply chains have grown much more complex than simply figuring out how to get products and services from Point A to Point B. Companies also depend on second-tier, third-tier, and even nth-tier vendors they don’t know and have no relationship with for the services and components they require to operate.Cyberattacks on software across these complex supply chain ecosystems have resulted in disruptions, defects, and diversions that are difficult to identify and resolve—one weak link in the chain can bring the entire ecosystem to a halt.In this episode, Mark Weatherford—CSO at AlertEnterprise and Chief Strategy Officer at the National Cybersecurity Center—examines the importance of understanding vendor cybersecurity postures, not only primary suppliers but also their suppliers as well. Weatherford also discusses how enterprise software components can come from vendors all over the world and how global events can impact supply chains. Weatherford then presents why the jobs of CISOs are so difficult in defending supply chains, along with a few tips for organizations to protect their operations._______________________Community Member Contributor: Mark WeatherfordCSO at AlertEnterprise [@AlertEnterprise] and Chief Strategy Officer at the National Cybersecurity Center [@NATLCyberCenter]On Twitter | https://twitter.com/marktwOn LinkedIn | https://www.linkedin.com/in/maweatherford/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

GuestsWilliam KilmerVenture Investor | Company Builder | Author | Innovation StrategistOn Linkedin | https://www.linkedin.com/in/wkilmer/On Twitter | https://twitter.com/wkilmerMarco CiappelliCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast [@ITSP_Society]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelliOn Linkedin | https://www.linkedin.com/in/marco-ciappelli/On Twitter | https://twitter.com/marcociappelliHostSean MartinCo-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martinOn Linkedin | https://www.linkedin.com/in/imsmartinOn Twitter | https://twitter.com/sean_martin____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vc___________________________In the business of security, the market can be viewed as driven by 3 things: advancing threats, innovative solutions, and the intersection of these two things to the business. It's this last point that many forget when we look at how a sector can grow, survive, and thrive: how well does it fit into the target customer's business model, financial model, staffing model, operational model, and more.Our guest, William Kilmer, spearheaded interviews with roughly 40 cybersecurity professionals to hear where they thought the market was going. One thing William heard, as an example, was the interest in seeing new operating and business models for cybersecurity beyond the traditional SaaS/recurring software subscription model. As we dig into this point, we get into how and where we can expect budget for cyber for new products will derive — will they be flat, grow, or decline?We also look to see if there are other industries with “similar” challenges that have been transformative where there have been signs of people thinking in a transformative fashion.In the business of security, we must remember the outcome we are trying to achieve. Are we, the collective cybersecurity community, doing what we need to do to meet — or possibly change — the desired outcome?____________________________ResourcesPodcast: Book | Transformative | Being Innovative Is No Longer Enough. To Win, You Need To Be Transformative. | Redefining Technology With William Kilmer | https://itsprad.io/redefining-technology-746Article referenced: https://news.crunchbase.com/cybersecurity/founders-apple-strategic-cybersecurity-startups-kilmer-c5-capital/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

Aerospace and the satellite ecosystem is comprised of several systems — a system of systems, in fact. Does the sector offer enough transparency to ensure each one operates securely while supporting the core objectives of reliance, resiliency, and recoverability? The team behind the hack-at-sat CTF says we need to do more.Join us as we discuss the core elements that make up a satellite ecosystem, the difficulties in gaining access to real-world systems to analyze their cyber risk, and the work the team is doing with the hack-a-sat capture the flag (CTF) event to help secure these critical environments.____________________________GuestsLogan FinchPrincipal Engineer at Cromulence [@cromulencellc]On Linkedin | https://www.linkedin.com/in/logan-finch/On Twitter | https://twitter.com/hack_a_satJason WilliamsCo-Founder and CEO of Cromulence [@cromulencellc]On Linkedin | https://www.linkedin.com/in/jason-williams-5858c3On Twitter | https://twitter.com/hack_a_sat____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Asgardeo | https://itspm.ag/asgardeo-by-wso2-u8vcAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network____________________________ResourcesHack-a-Sat CTF Website: https://hackasat.com/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

CISOs and InfoSec teams in charge of product security realize how the drive for innovation can speed up their organization's product release philosophy. Software development teams want applications to continuously expand functionality to solve more customer pain points and go to market before the competition.But it’s just as vital for CISOs and InfoSec teams to be product security advocates for customers—to ensure their accounts and sensitive data are safe from bad actors.In this episode, Alex Kreilein, a Senior Technical Program Manager for Microsoft, discusses what it takes for CISOs and InfoSec teams to become security advocates for customers by ensuring the safety of software products. Kreilein also examines the importance for CISOs and InfoSec teams to understand the objectives of the software development team and to interject product security early into the software development lifecycle. Kreilein then presents why accuracy in security testing is more important than finding vulnerabilities and how it’s critical to establish one team across security and developer teams—by making success metrics transparent and allowing team members to hold each other accountable._______________________Community Member Contributor: Alex KreileinSenior Technical Program Manager, Microsoft [@Microsoft / @msftsecurity]On Twitter | https://twitter.com/AK3R303On LinkedIn | https://www.linkedin.com/in/alexkreilein/Host: Sean MartinOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin______________________For more podcasts from Crucial Conversations with The Blue Lava Community, visit: https://www.itspmagazine.com/crucial-conversations-podcastTo access the full collection of Blue Lava Community resources, visit: https://itspm.ag/blclog22To learn more about Blue Lava, visit: https://itspm.ag/blue-lava-w2qs______________________Are you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network