Redefining CyberSecurity

Do you think you know all of the cybersecurity vendors on the market? Think again. Need help getting a clear view for how they all fit into the bigger InfoSec picture in your org? Have a listen.In today's episode, long-time industry analyst, Richard Stiennon, takes us on a journey down memory lane into the world of cybersecurity and the ever-growing landscape of innovation, technology, features, products, solutions, and more.About the bookSecurity Yearbook 2020 was launched at RSA Conference 2020 on February 24 and has been identified as One of the Best Cybersecurity Books of 2021 by Ben Rothke!The 2021 directory has been completely updated. 300 small vendors and two abject failures stopped supporting their websites in 2020. 600 new vendors were added, although only 13 high profile startups are listed. The Directory now contains 2,615 vendors of security products.Two new stories of the pioneers of the cybersecurity industry have been added. Renaud Deraison, creator of Nessus, and Amit Yoran founder of Riptech and CEO of Tenable contribute their stories.A new section has been added to track the performance of 21 publicly traded security vendors like Crowdstrike, Zscaler, Fortinet, and Palo Alto Networks.Thanks to AGC Partners, Security Yearbook 2021 contains a complete listing of M&A activity for 2020.There were over $10 billion in new investments in high-flying security vendors. A complete list and analysis of these deals is included.The biggest difference in the directory  this year is that the percent change in headcount is listed for each vendor. This is probably the most important metric for quickly assessing a vendor’s health. Successful vendors grow.Having known each other for years, Richard and Sean reminisce and they talk about the past, present, and future of the entire cybersecurity field.____________________________GuestRichard StiennonChief Research Analyst at IT-Harvest [@cyberwar]On Twitter | https://twitter.com/stiennonOn LinkedIn | https://www.linkedin.com/in/stiennon/On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSecurity Yearbook | A Complete History And Directory Of The Entire Cybersecurity Industry- 2021 edition: https://it-harvest.com/shop/security-yearbook-2021/- 2022 edition: https://it-harvest.com/shop/security-yearbook-2022/Connect with Richard at IT-Harvest: https://it-harvest.com/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As the CISO role has revolved from chief security engineer to cyber risk advisor, successful CISOs are focusing on culture, strategy, and leadership.  Let's discuss some real-world observations and explore some tips for what can prove to be successful across a variety of industries.In addition to the fantastic conversation, there are a ton of resources that Rock and Dutch have provided. Have a listen, and then dig into the articles and reports to keep the learning going.____________________________GuestsDutch SchwartzPrincipal Security Specialist, Amazon Web Services (AWS) [@AWSSecurityInfo]On Twitter | https://twitter.com/dutch_26On LinkedIn | https://www.linkedin.com/in/dutchschwartzOn Clubhouse | @dutchzillaRock LambrosCEO at RockCyber [@rockcyberllc], Cybersecurity Leader, and Co-Author of "The CISO Evolution: Business Knowledge for Cybersecurity Executives"On Twitter | https://twitter.com/rocklambrosOn LinkedIn | https://www.linkedin.com/in/rocklambros/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesCulture feels "squishy" post on LinkedIn: https://www.linkedin.com/posts/dutchschwartz_unicornsecuritysquad-ciso-cybersecurity-activity-6850499679394807808-Mc7YThe Role Of A CISO In Creating A Strong Security Culture: https://www.eccu.edu/the-role-of-a-ciso-in-creating-a-strong-security-culture/Use Networks to Drive Culture Change: https://sloanreview.mit.edu/article/use-networks-to-drive-culture-change/Why Does Culture 'Eat Strategy For Breakfast'?: https://www.forbes.com/sites/forbescoachescouncil/2018/11/20/why-does-culture-eat-strategy-for-breakfast/The EI Advantage: Driving Innovation and Business Success through the Power of Emotional Intelligence: https://hbr.org/sponsored/2019/08/the-ei-advantage-driving-innovation-and-business-success-through-the-power-of-emotional-intelligenceBuilding a Model of Organizational Cybersecurity Culture by Identifying Factors Contributing to Cybersecure Workplaces: http://web.mit.edu/smadnick/www/wp/2020-05.pdfThe Leader’s Guide to Corporate Culture: https://hbr.org/2018/01/the-leaders-guide-to-corporate-cultureWhy Every Executive Should Be Focusing on Culture Change Now: https://sloanreview.mit.edu/article/why-every-executive-should-be-focusing-on-culture-change-now/____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

There's a cyber crisis brewing. Not the first. Definitely not the last. But current. Here's some advice as seen on social media (paraphrased)... "take your years of strategizing, planning, budgeting, staffing, and procuring … and do it all within a few days." How is that helpful?It isn't. It could actually be counter-productive.With the rising concerns over the growing threat of cyberattacks from well-funded, highly-skilled, and aggressively-motivated bad actors, there's been a mad rush for offerings of advice and products and services from all around the web. While the intentions may be good, the expected outcomes may not match reality in some cases.That's where the post I saw from Mick Douglas comes in ... a post of organized thoughts with actionable steps organizations can consider given their day-to-day playbook probably isn't going to hold to the intensity of a widespread cyber attack. There's a lot in the thread; we cover a good portion of it, but not all of it. There's also some discussion outside of the original post to help frame the conversation.____________________________GuestMick DouglasInfoSec Innovations | SANS Principal Instructor | IANS FacultyOn Twitter | https://twitter.com/bettersafetynetOn LinkedIn | https://www.linkedin.com/in/mick-douglas/____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebArcher: https://itspm.ag/itsphitweb____________________________ResourcesInspiring Tweet: https://twitter.com/bettersafetynet/status/1496496087741480960National Council of ISACs: https://www.nationalisacs.org/Other social posts mentioned:https://www.linkedin.com/posts/rocklambros_mick-douglas-on-twitter-activity-6902610864369664000-KaBdhttps://twitter.com/hackinglz/status/1497035113170886656____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

If the goal is to fill a role and keep it filled, we may be missing the point of hiring and retaining top talent.More than ever, investing in the human element of cybersecurity is paramount. How we staff and maintain our cyber teams will determine the success of the individuals, the team, and the program.In today's conversation, we connect with two authors, Leeza Garber and Scott Olson, to talk about this topic in-depth, as we explore the catalyst behind the writing of their book, Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity.About the BookCyberthreats evolve at a staggering pace, and effective cybersecurity operations depend on successful teams. Unfortunately, statistics continue to illustrate that employers are not finding the people they need.The Can. Trust. Will. system guides the C-Suite, HR professionals and talent acquisition to build unbeatable cybersecurity teams through advanced hiring processes and focused on-boarding programs. Additionally, this book details how successful cybersecurity ecosystems are best built and sustained, with expert analysis from high-level government officials, Fortune 500 CSOs and CISOs, risk managers, and even a few techies.Those already in the field (and newbies) will glean invaluable knowledge about how to find their most effective position within a cybersecurity ecosystem. In a tech-driven environment, cybersecurity is fundamentally a human problem: and the first step is to hire for the human element.Are you looking to fill roles? Or are you looking for people? This nuanced difference can make all the difference.Listen in.____________________________GuestsLeeza GarberFounder, Leeza Garber Esq Consulting LLC & Can. Trust. Will. LLCOn Twitter | https://twitter.com/leezagarberOn LinkedIn | https://www.linkedin.com/in/leeza-garber/Scott OlsonCo-Founder, Can. Trust. Will. LLCOn LinkedIn | https://www.linkedin.com/in/scottolsonexec/____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesBook: Can. Trust. Will. Hiring for the Human Element in the New Age of Cybersecurity: https://www.amazon.com/Can-Trust-Will-Element-Cybersecurity-ebook/dp/B09H1V8LHL/Cyber Seek: https://www.cyberseek.org/Previous podcast with Scott Olson: Be Fascinated: What It Takes To Find Fulfillment And To Be A Good Leader | Redefining Security With Scott Olson____________________________To see and hear more Redefining Security content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-securityAre you interested in sponsoring an ITSPmagazine Channel?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Many organizations are ill-prepared when it comes to making sure their hospital is protected from risk, both from an organizational and IT standpoint. It's increasingly important to have a concrete risk assessment strategy, one that explicitly includes utilizing third-party (vendor) risk management. When our guest, Jesse Fosolo, joined St. Joseph’s Health in August of 2014, he's completely flipped the risk assessment and IT protocols at the hospital on its head, partnering with the legal team—more specifically, General Counsel/Chief Operating Officer, Ebony Riley. This connection between the CISO and legal counsel has proven to be a huge win for risk management throughout the organization, mapping risks through various security frameworks, including HIPAA, NIST CSF, HITRUST, and others.Listen in to get some third-party risk management insights from this New Jersey-based, 1000+ provider, 150+ location network healthcare organization created a Vendor Risk Management strategy as this dream team discuss their journey down risk management lane.____________________________GuestsEbony RileyAssociate Council, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/ebonyriley/Jesse FasoloDirector, Technology Infrastructure & Cyber Security, Information Security Officer, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/jessefasolo/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As is common for the Redefining Security show, conversations are often inspired by a social post. This one about standards is no different. However, what you think about standards may be different after you listen to this episode.Some of the social comments we discuss:For a standard to be good it has to align with current capabilities and business objectives. When they don't, problems arise.Security without usability is useless.The best thing about standards at $currentEmployerName is that there are so many to choose from.What are your views on the value of standards?____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerAccidental CISOOn Twitter | https://twitter.com/AccidentalCISO____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebArcher: https://itspm.ag/rsaarchweb____________________________ResourcesInspiring Tweet | https://twitter.com/AlyssaM_InfoSec/status/1479210767513755648____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The sea is broad and deep. So is the information that is created by and for the maritime vessels floating around and underneath the surface. What is this information used for? And how can it be misused?Some OSINT should give us a few answers. Let's hear from a hacker with a passion to explore this world of open source intelligence generated by the maritime industry - commercial, defense, and otherwise.All aboard!____________________________GuestRae BakerOn LinkedIn | https://www.linkedin.com/in/rae-baker-7668644b/On Twitter | https://twitter.com/wondersmith_raeOn YouTube | https://www.youtube.com/channel/UCdPwaG4HiqFR8nV2jg_IXBw____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesOSINT on the Ocean: Maritime Intelligence Gathering Techniques - https://wondersmithrae.medium.com/osint-on-the-ocean-maritime-intelligence-gathering-techniques-2ee39e554fe1Maritime OSINT: Port Analysis - https://wondersmithrae.medium.com/maritime-osint-port-analysis-d09b4531728dYouTube: Layer 8 2020: OSINT On The Ocean: Maritime Intelligence Gathering - https://www.youtube.com/watch?v=mfHYE5XanfwYouTube: Layer 8 2021: Illuminating Maritime Supply Chain Threats using OSINT: A Suez Canal Post Mortem - https://www.youtube.com/watch?v=GGIuP6fMZ2g____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

It's time to change the way we think about cyber security training. Evidently, the cybersecurity community agrees — just look at the post made recently by Eric Thomas (you can find it in the resources section).To help us with this endeavor, Eric, a practitioner and training professional, takes us on a journey into the past, present, and future of bringing the next wave of cybersecurity professionals to market.____________________________GuestEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4Extra____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesInspiring post: https://twitter.com/TheEis4Extra/status/1419154490435964929____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Back in 2013, I wrote a piece for TechTarget (sadly, it’s no longer online). It focused on mobile security and app security and referenced a report that included some interesting open source software stats that showed one particular shared library’s use outpacing the others by a longshot. Can you guess which one? 🤔Eight years later, that same library is making the news again — arguably, on a much grander scale.Let's discuss. Let's learn. Let's enjoy this much-needed no-FUD, no-BS conversation. We recorded this one live - which you can watch here if you like.Ready? GO! 📺🎙🤘____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerOn LinkedIn | https://www.linkedin.com/in/alyssam-infosec/On Twitter | https://twitter.com/AlyssaM_InfoSecKatie NickelsOn LinkedIn | https://www.linkedin.com/in/katie-nickels-631a044/On Twitter | https://twitter.com/likethecoinsEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4ExtraMark NunnikhovenOn LinkedIn | https://www.linkedin.com/in/marknca/On Twitter | https://twitter.com/marknca____________________________This Episode’s Sponsors ____________________________ResourcesWatch the live recorded webcast: https://youtu.be/4gZoHp5LYVESimple overview video from Mark: https://www.linkedin.com/feed/update/urn:li:activity:6876932435272101888/  https://twitter.com/marknca/status/1471187984741507073____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

It seems that nearly every enterprise is in the midst of a cloud transformation. This begs the question, how and where does information security transformation fit into this bigger IT and business picture?That's exactly what we get to discuss with our guest, Helen Oakley, as she shares some thought-provoking insights regarding secure cloud transformation strategies, roadmaps, and best practices. We get to dig into her Sector CA session, Epic journey of an enterprise cloud transformation, as well.____________________________GuestHelen OakleyOn LinkedIn | https://www.linkedin.com/in/helen-oakley/On Twitter | https://twitter.com/e2hln____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/epic-journey-of-an-enterprise-cloud-transformation-while-building-security/More about Leading Cyber Ladies: https://leadingcyberladies.com/On Twitter | https://twitter.com/LadiesCyberOn LinkedIn | https://www.linkedin.com/company/leading-cyber-ladies____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships