Redefining CyberSecurity

The problem is not the problem, it is the way you think about the problem. Get outside the box.Fear, manipulation, influence, and deceit are some of the most powerful tools in the arsenal used by nation-state attackers and criminal actors. The most significant breaches have not occurred just because of flaws in software, or lack of proper controls. They have occurred because of the flaws in our way of thinking about the problems. Determined adversaries will use every tool in order to gain an advantage whether it’s hardware, software or wetware.Join us as our guest, Morgan Wright, takes us into the mind of the attackers from a non-technical view and explore the psychology of cybersecurity.GuestMorgan WrightOn LinkedIn | https://www.linkedin.com/in/morganwright150/On Twitter | https://twitter.com/morganwright_us____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/what-elon-musk-and-spacex-can-teach-us-about-ransomware-and-cybersecurity/More from Morgan: https://www.morganwright.us/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Product Management: the team responsible for new product development. Information Security: the team responsible for ensuring systems and data are protected from inaccessibility, loss, theft, and misuse. How and where do these two teams collide? Let's find out.In today's episode, we catch up with information security leader Christie Chaffee. We dig into what product management is compared to security product management, looking at the connection (or disconnection, as is the case for many organizations) between the two. Tune in to hear about overlapping goals, common challenges, best practices, and more.GuestChristie ChaffeeOn LinkedIn | https://www.linkedin.com/in/ciecee/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.From The LinkedIn PostI don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.____________________________GuestBrian BoboOn LinkedIn | https://www.linkedin.com/in/brianbobo/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Leadership can make or break an organization's chance for success, and eventually, it will.  It doesn't matter what company, organization, or community teams you lead—all you do and how you do it matters for the end result.Given the nature of the function within the cybersecurity industry, someone may think that their style needs to be more decisive than most; that maybe they even and get some "wild cards" due to the uniqueness of their role. The truth is that there is no "uniqueness" in this industry, and the basic rules of effective leadership work the same for all. You are either a good leader, or you are not.Today's conversation extends well beyond cybersecurity as our guest, Scott Olson, brings to bear the realities of what it takes to be a leader in any industry, in any function, and find fulfillment in a leadership position. Becoming a leader doesn't happen magically. It also doesn't require you to excel in the roles you lead or know what it feels like to be in any position you oversee. Instead, it involves understanding and embracing the big picture and transitioning your sense of self-worth when needed."The mistake that we make in the leadership industry is that we think behaviors correlate to performance: here are the ten things that great leaders do; here are the five things that great leaders avoid. I'm an influenced leader. I'm a charismatic leader. I'm a servant leader. People don't follow you because you're a specific type of leader. People don't even follow because they like you. What I've found is that people follow you if they know you like them if they know that you value them, that you see who and what they are, that you appreciate what they're capable of, and that you appreciate that they are doing what you need." —Scott OlsonWhat does "being fascinated" have to do with good leadership? Have a listen to find out.____________________________GuestScott OlsonOn LinkedIn: https://www.linkedin.com/in/scottolsonexec/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesThe book, Can.Trust.Will. Hiring For The Human Element in the New Age of Cybersecurity., will be published here: https://www.businessexpertpress.com/Podcast | Trust, Gratitude, Mentorship And Other Lessons From A Spy Recruiter | A Conversation With Robin Dreeke | Tech Done Different With Ted Harrington: https://itspmagazine.simplecast.com/episodes/trust-gratitude-mentorship-and-other-lessons-from-a-spy-recruiter-a-conversation-with-robin-dreeke-tech-done-different-with-ted-harrington____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

So what's it like to be a CISO? We came across a thread on Twitter posted by now Deputy (and then acting) CISO of a billion-dollar crypto company that in the role for three months during the spring bull run. Aside from the burnout, what else can we glean from J.M. Porup's experience?____________________________GuestJ.M. PorupOn Twitter 👉 https://www.twitter.com/toholdaquill____________________________ResourcesInspiring thread on Twitter: https://twitter.com/toholdaquill/status/1424421690143019008____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Our guest, Robin Smith, Head of Cyber and Information Security, Aston Martin Lagonda, is a self-proclaimed advocate for lean cybersecurity. But does lean cybersecurity equate to weak cybersecurity? Only if you let it be defined that way. Robin doesn't let it be defined that way.Based on years of experience, Robin posits that cybersecurity has become key to protecting the value streams of any organization. So, for Aston Martin, it's essential that the vehicles are designed, protected, and updated to address any risk issues that could impact the business. That's a value stream. That's a security value stream.When the organization has a mindset toward cybersecurity that is predicated not just on the financial cost but on the value that can be amplified by better security, that's a critically important move forward for the organization's leaders and the industry at large.____________________________GuestRobin SmithOn Twitter 👉https://twitter.com/@machinatrilogy____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Security teams are very technical and tactical by nature, often looking at risk through a specific lens they've developed over time. But, of course, the reality is that the possible security incident can — and likely will be — much more extensive and require different teams and expertise. One bad mishandle and an event or incident could become an even more significant risk.Successfully managing risk is not just about InfoSec; it's not just business operations, and it's not just a legal risk either. The truth is, an incident is a business risk that requires the synergy of many teams within the organization — this includes the general counsel.As you listen to this episode, hopefully, you will start thinking a little more about how legal was (and should be) involved — or not, in some cases — in the information security program planning and incident response handling.____________________________GuestsJames YarnallOn Linkedin 👉https://www.linkedin.com/in/jamesyarnall/Cody WamsleyOn Twitter 👉https://twitter.com/codywamsleyOn Linkedin 👉https://www.linkedin.com/in/codywamsley/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

While it may seem appealing — and you can certainly try — sorry, but you can't tech your way out of ethics issues.In this episode we speak to co-authors of a research paper to critique existing governance in cyber-security ethics as they did so in providing an overview of some of the ethical issues facing researchers in the cybersecurity community and highlighting shortfalls in governance practice as part of their research work and resulting publication, Ethics in cybersecurity research and practice.____________________________GuestsDr Kevin MacnishOn Twitter 👉https://twitter.com/KMacnishOn Linkedin 👉https://www.linkedin.com/in/kevinmacnish/Dr Jeroen van der HamOn Twitter 👉https://twitter.com/1sand0sOn Linkedin 👉https://www.linkedin.com/in/vdham/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesInspiration — Ethics in cybersecurity research and practice: https://www.sciencedirect.com/science/article/pii/S0160791X19306840Smart Information Systems in Cybersecurity: An Ethical Analysis: https://www.sciencedirect.com/science/article/pii/S2515856220300080?via%3DihubCode of Ethics for Incident Response and Security Teams (ethicsfIRST): https://ethicsfirst.org/University of Twente and NCSC-NL: https://www.ncsc.nl/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

What is an architecture? Is it a document? A process? A policy? A map? A discipline? A mindset? When you hear what it is, you may have to re-evaluate how you approach your cybersecurity program. Are you ready?“The ideal architect should be a man of letters, a skillful draftsman, a mathematician, familiar with historical studies, a diligent student of philosophy, acquainted with music, not ignorant of medicine, learned in the responses of jurisconsults, familiar with astronomy and astronomical calculations.” ― VitruviusAbout the BookCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.GuestsDiana KelleyOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/diana-kelleyEd MoyleOn Twitter 👉 https://twitter.com/securitycurveOn Linkedin 👉 https://www.linkedin.com/in/edmoyle/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesBook — Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects: https://www.amazon.com/Practical-Cybersecurity-Architecture-implementing-cybersecurity/dp/1838989927____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Threat intelligence automation should be how we share, not how “Intel” is produced.Yet, we continue to create more data - generate more noise - introduce more false positive - require more analysis - increase the need for correlation - which, in turn, forces the need for more automation.GuestsCyberSquarePeg (aka Rebecca Ford)On Twitter 👉 https://twitter.com/CyberSquarePegAndy PiazzaOn Twitter 👉 https://twitter.com/klrgrzOn Linkedin 👉 https://www.linkedin.com/in/andypiazza/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesWhat's Wrong with Cyber Threat Intelligence: https://www.tandfonline.com/doi/full/10.1080/08850607.2020.1780062CTI is Better Served with Context: Getting better value from IOCs: https://klrgrz.medium.com/cti-is-better-served-with-context-getting-better-value-from-iocs-496343741f80Considerations for Leveraging Cyber Threat Feeds Effectively: https://klrgrz.medium.com/considerations-for-leveraging-cyber-threat-feeds-effectively-1d1cfa9fb140Inspiring tweet thread: https://twitter.com/klrgrz/status/1382412354063831040____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships