Brain Cycles – BSW #219
Full Audio
View Show IndexSegments
1. Optimize Buying Criteria to Ensure Success of Your New Security Tools – Travis Isaacson – BSW #219
CISOs know the power of security as a driver of business, but other stakeholders often equate security with compliance. Security shouldn’t be viewed as a controlling organ - then it will stall innovation and become a blocker for deploying new techniques. Implemented and evaluated correctly, new security tools should speed up the development processes and enable innovation.
So how do you measure success in app sec?
There are several methods that define the success of a new tool. New tools have to live up and in most instances exceed the existing solutions in place and should help developers to do their job more efficiently.
Here we can discuss the relevance of pre-planning and the definition of clear success criteria to get the most out of any solution decided upon. We draw parallels to real world examples of companies that have found success by optimising the time spent on evaluating and implementing new tools.
This segment is sponsored by Detectify.
Visit https://securityweekly.com/detectify to learn more about them!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Security Weekly is more than happy to announce that we will be at InfoSec World 2021 IN PERSON October 25th-27th, 2021! This year, our annual partnership with InfoSec World is extra special, as we are both business units under the CyberRisk Alliance brand! What does that mean for Security Weekly listeners & InfoSec World attendees? You will get to see and hear from many of the Security Weekly team at the event AND you will save 20% off on your world pass! Visit https://securityweekly.com/isw2021 to register using our discount code!
Guest
Travis Isaacson is Technical Expertise Manager at Detectify, where he helps customer security teams utilize the latest crowdsourced vulnerability research in their automated security practices and keep web apps secure. Travis has a background in supply chain logistics and digital AdTech. Outside of office hours, he enjoys dabbling in ethical hacking and bug bounties.
Hosts
2. 3 Ways + 4 Measures + 5 Approaches + 5 Myths = 17 Questions – BSW #219
In the Leadership and Communications section, 3 Effective Ways To Improve Your Internal Communication To Boost Employee Engagement, 4 Immediate Measures to Execute After a Cyberattack, 17 cyber insurance application questions you'll need to answer, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Security Weekly is ecstatic to announce that Security Weekly Unlocked will be held IN PERSON this December 5-8 at the Hilton Lake Buena Vista! Call for presentations & early registration for Security Weekly listeners is open now! Visit securityweekly.com/unlocked to submit your presentation & register for the early registration price before it expires!
Hosts
- 1. 4 Immediate Measures to Execute After a CyberattackOrganizations should have an incident response plan in place to get the compromised networks back and recover from the damage as early as possible. Here are the four immediate steps to follow when dealing with a cyberattack: 1. Contain 2. Report 3. Investigate and Recover 4. Remediate
- 2. CISO’s Guide to a Modern AppSec ProgramA guide for CISOs and security leaders to enable a business with Application Security and a shift left approach starts with: 1. Cybersecurity influence on Organizational Culture Change 2. The Product and Application Security Program Checklist 3. Building out AppSec Focus Areas
- 3. The Evolving CISO: From Naysayer to EnablerChief Information Security Officers (CISOs) are not typically perceived as business enablers. Their core responsibility is to safeguard the company’s sensitive information and operational services, which makes us naturally risk-averse. Business innovation tends to require some level of experimentation, failure, and recalibration. But for the CISO, a single instance of failure can be catastrophic. The good news is that many of the same technologies used to lock down environments can be repurposed to enable innovative new use cases with significant potential for business transformation. Additionally, new capabilities continue to emerge. Let me highlight three possibilities below: 1) Creating secure sandboxes for development teams to innovate freely 2) Using machine learning to dramatically improve application time to market 3) Freeing the value of data
- 4. 5 Cybersecurity Approaches All Businesses Should ConsiderCybersecurity forces us to stay sharp and is continually challenging us to be better at what we do. The top five cybersecurity approaches you should consider are: 1. Teams/Slack Notifications for Critical Issues 2. Start Learning Incident Response 3. Harden Your Critical Infrastructure
- 5. 17 cyber insurance application questions you’ll need to answerRecent high-profile security incidents have tightened requirements to qualify for cyber insurance. These are the tougher questions insurance carriers are now asking, including: 1. Do you perform regular backups and store them in a secure off-site location? 2. Do you limit remote access to all computer systems by using two-factor authentication? 3. How many PII records are held on your network? 4. Do you provide periodic anti-fraud training to employees? 5. Are processes in place to request changes to bank account details including account numbers, telephone numbers, or contact information? 6. Are you using Office 365? 7. Can users access email through a web application on a non-corporate device? 8. Do you strictly enforce SPF on incoming emails? 9. Are your backups encrypted and kept separate from the network whether offline or with a specialist cloud service? 10. Do you use endpoint protection in the network? What brand? 11. How long does it take to install critical, high severity patches? 12. Do you have a SOC? 13. What steps are you taking to detect and prevent ransomware attacks? 14. Have you implemented a hardened baseline configuration across servers, laptops, desktops, and managed mobile devices? 15. How do you implement local administrator rights? 16. Do you provide users with a password manager software? 17. Are end-of-life or out-of-support hardware and systems segregated from the rest of the network?
- 6. 3 Effective Ways To Improve Your Internal Communication To Boost Employee EngagementHere are three ways companies can show they value their employees through effective communication. 1. Maximize Communication Channels And Techniques 2. Dismantle The Red Tape And Have An Open-Door Policy 3. Give Employees A Seat At The Table
- 7. 5 Myths About Flexible WorkWe believe fear has created stumbling blocks for many organizations when it comes to flexibility. Companies either become frozen by fear or they become focused by fear. It is focus that can help companies pivot during challenging times. In the years that we’ve been working with companies on flexibility, we’ve heard countless excuses and myths for why they have not implemented a flex policy. In fact, the Diversity & Flexibility Alliance has boiled these myths down to the fear of losing the 5 C’s: Loss of control Loss of culture Loss of collaboration Loss of contribution Loss of connection