Risk Management in the Cloud Starts with Identities – Eric Kedrosky – BSW #322
As we move more infrastructure into the cloud, the traditional concepts of risk start to change. It's no longer just about networks and servers, but also needs to address identities and not just human identities. Cloud infrastructure introduces additional identity types that need to be addressed as part of your risk management program. Eric Kedrosky, CISO at Sonrai Security, joins us to discuss how to think differently about risk in the cloud.
Eric Kedrosky is CISO at Sonrai Security. Over the last two decades, Kedrosky has honed his knowledge of Security Program Development, Security Strategy, Security Assessment, Research & Policy Development, and Leadership Development. Kedrosky’s passion for collaborating with customers and executives has made him a crucial member of the Sonrai Security team. Few people have the combination of technical and communication skills that have pushed him to the forefront of cloud security assessment and development. Kedrosky graduated from Carleton University in Ottawa, Canada, with a Bachelor of Computer Systems Engineering.
Security Weekly Listeners: We are celebrating the milestone of reaching over 1,000 members of our CISO community. The Cybersecurity Collaboration Forum is a one-stop shop for executive collaboration comprised of CISOs across various industries. If you want to be part of this growing community of CISOs, join us as a member or technology partner. To learn more, visit: securityweekly.com/cybersecuritycollaboration
The CISO Carousel’s Effect While Struggling to Get Budgets and Feel Free to Disagree – BSW #322
In the leadership and communications section, The CISO Carousel and its Effect on Enterprise Cybersecurity, CISOs are struggling to get cybersecurity budgets, Respectfully, I Disagree, and more!
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Matt Alderman
- Companies are already feeling the pressure from upcoming US SEC cyber rules
New Securities and Exchange Commission cyber incident reporting rules don't kick in until December, but experts say they highlight the need for greater collaboration between CISOs and the C-suite
- The CISO Carousel and its Effect on Enterprise Cybersecurity
CISO churn is a hidden cybersecurity threat. Major security initiatives or implementations can take longer than the residency of a single CISO, and constant churn can leave cracks or gaps in security.
- CISOs are struggling to get cybersecurity budgets: Report
After years of rapid growth, cybersecurity spending is starting to taper among enterprises, with a 65% fall in budget growth in the 2022-2023 budget cycle as global instability and inflationary pressures start to pinch, according to a study by IANS Research.
- Leading CISO Creates Model for Ransomware Payment Decisions
Organizations who pay a ransom to cyber-criminals following a cyber-attack are highly likely to suffer a subsequent attack. It is against this backdrop that one leading CISO has developed a new method to help business leaders decide whether to pay.
During the Gartner Security & Risk Management Summit, Lorraine Dryland, CISO at First Sentier Investors presented her quantitative decision-aid. The model has been developed by Dryland and her colleagues to enable executives to make informed choices during time-critical ransomware incident scenarios.
- How to Be a Better Leader Amid Volatility, Uncertainty, Complexity, and Ambiguity
More than three decades ago, the U.S. Army War College developed a framework for understanding how leaders succeed during times of volatility, uncertainty, complexity, and ambiguity. The framework, known as VUCA, has been widely discussed and adopted since, but it turns out to be better at describing what successful leaders do than teaching all leaders how to succeed. The authors present an updated approach that has generated positive outcomes in military, business, and sports contexts.
- How effective is your communication?
These 4 methods make your communication more effective. Most are instant, some take more time.
- Practice active listening.
- Be clear and concise.
- Cultivate empathy.
- Reflect and improve.
- Respectfully, I Disagree.
Speaking up shouldn't equate to conflict; it's an opportunity for dialogue. However, there's an art to doing it effectively.
Know Your Stuff: If you're going to disagree, make sure you have facts, data, or clear reasoning to back up your viewpoint.
Be Respectful: Diplomacy wins the day. Being able to voice your opinion without attacking someone else's is a skill worth mastering.
Choose the Right Time: The middle of a presentation may not be the best moment. Gauge the room and decide when it's appropriate to interject.
Be Open to Dialogue: After you've voiced your opinion, be prepared for feedback and willing to engage in a constructive discussion.
