BSW #269 – Mike Goldgof
Full Audio
View Show IndexSegments
1. The State of Industrial Security in 2022 – Mike Goldgof – BSW #269
IIoT infrastructure protection requires immediate attention.
Barracuda just released key findings from a report titled "The state of industrial security in 2022," that covers the following:
• The network breaches, ransomware attacks, and other security incidents businesses are facing • The current challenges related to infrastructure protection, remote access security, and digital transformation • The solutions and strategies decision makers are using to close security loopholes and boost the protection of IIoT infrastructure
Segment Resources Coming Soon This segment is sponsored by Barracuda Networks. Visit https://securityweekly.com/barracuda to learn more about them!
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Mike Goldgof is Vice President at Barracuda focused on the company’s Data Protection, Network, and Application Security products. Mike has broad technical and industry knowledge that spans information security, networking, and telecom.
Hosts
2. 8 Leadership Principles, 8 Changes to Cybersecurity, & 6 Tips for Hiring – BSW #269
In the leadership and communications section, How CISOs can prepare for new and unpredictable cyberthreats, 8 Leadership and Management Principles from Ex-Navy Seal, Practice Transparent Leadership, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. A ‘CISO evolution’ means connecting business value to securityAs cybersecurity has changed, so has the CISO role. 'The CISO Evolution: Business Knowledge for Cybersecurity Executives' aims to help security leaders succeed in the C-suite.
- 2. How CISOs can prepare for new and unpredictable cyberthreatsCISOs often ask, “How do I avoid being hit by the next major cyberattack?” The problem is, that’s the wrong question. CISOs must focus on three core areas: 1. Strengthen the resilience of your security program 2. Build flexibility into security designs 3. Engage executives with the business value of cybersecurity readiness
- 3. 8 Leadership and Management Principles from Ex-Navy Seal?—?Jocko WillinkIn his book titled Extreme Ownership: How US Navy Seals Lead and Win, he explains some key leadership concepts that he learned from his time in the seal teams and how he use them to coach leaders in the corporate world as part of his corporate leadership consulting practice: 1. It’s My Responsibility 2. Belief 3. Prioritize and Execute 4. Decentralized command 5. Lead down the chain of command 6. Leading up the chain of command 7. Being decisive amidst uncertainty and execute 8. Discipline equals freedom
- 4. Practice Transparent LeadershipHere’s what it takes to be a transparent leader: 1. Be Honest 2. Be Open And Accessible 3. Ask Questions And Show Interest 4. Confront Difficult Situations 5. Provide Access To Information 6. Involve People In Decision-Making
- 5. How to Move from Strategy to ExecutionThree out of every five companies rate their organization as weak on strategy execution. When you dig into the potential barriers to implementation, there is a general lack of understanding of the various factors at play, resulting in the inevitable managerial justifications — “poor leadership,” “inadequate talent,” “lack of process excellence,” etc. This article suggests three key steps to build the right execution system: 1) a good strategy, 2) the right organization, and 3) effective management. With these three ingredients in place, human ingenuity can be unleashed, and employees can collectively deliver on the company’s strategic goals.
- 6. Gartner: 8 Ways Cybersecurity Will Change CompaniesFrom zero trust flops to possible limits on ransomware payments, Gartner outlines its security-related predictions for 2022-2023: 1. ‘Through 2023, government regulations requiring organizations to provide consumer privacy rights will cover 5 billion citizens and more than 70 percent of global GDP.’ 2. ‘By 2025, 80 percent of enterprises will adopt a strategy to unify web, cloud services and private application access from a single vendor’s SSE platform.’ 3. ‘60% of organizations will embrace zero trust as a starting point for security by 2025. More than half will fail to realize the benefits’ 4. ‘By 2025, 60 Percent of organizations will use cybersecurity risk as a primary determinant in conducting third-party transactions and business engagements.’ 5. ‘Through 2025, 30 Percent of nation states will pass legislation that regulates ransomware payments, fines and negotiations, up from less than 1 Percent in 2021.’ 6. ‘By 2025, threat actors will have weaponized operational technology environments successfully to cause human casualties’ 7. ‘By 2025, 70 Percent of CEOs will mandate a culture of organizational resilience to survive coinciding threats from cybercrime, severe weather events, civil unrest and political instabilities.’ 8. ‘By 2026, 50 Percent of C-level executives will have performance requirements related to risk built into their employment contracts.’
- 7. 6 tips for effective security job postings (and 6 missteps to avoid)With demand for security professionals outstripping supply, employers need to ensure their job postings hit the mark. Here’s how to write a security job posting that attracts qualified candidates: 1. Do: Detail what the position requires. Don’t: Think of your ad as a wish list. 2. Do: Be realistic about how much one person can accomplish. Don’t: Ask for excessive amounts of experience. 3. Do: Indicate traits that would lead to success. Don’t: Ask for excess education, either. 4. Do: Be clear about your culture, mission. Don’t: Downgrade positions. 5. Do: Sell the position and the organization. Don’t: Use buzzwords or vague catchphrases. 6. Do: Be strategic about where you place your posts. Don’t: Outsource the task of writing the job posting.