We want to trust our employees and contractors working within our organizations. For the most part, people are doing their jobs with integrity every day. What happens when an employee decides to leave the organization and start their own business – with our Intellectual property or customer lists? Or when an employee downloads material to work at home? Join this podcast to learn how to build an insider risk program to mitigate these threats.
To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASSDawnCappelli_Article.pdf
Cappelli, D. 2019. Mitigate the Risk of Insiders Stealing Company Confidential Information. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 187. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.
This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
Dawn Cappelli is a recognized thought leader in ICS/OT security and insider risk mitigation. She has worked with global industry, government, and intelligence community leaders on strategic cybersecurity issues since 2001. Dawn is Director of OT-CERT at Dragos, after retiring as CISO of Rockwell Automation in 2022, where she started as Director of Insider Risk. Dawn was Founder and Director of the CERT Insider Threat Center at the Carnegie Mellon Software Engineering Institute and started her career as a software engineer programming nuclear power plants for Westinghouse. Dawn co-authored “The CERT Guide to Insider Threats: How to Prevent, Detect, and Respond to Information Technology Crimes”, which was inducted into the Cybersecurity Canon – a list of must-read books for all cybersecurity practitioners.
Dawn is a Certified Information Systems Security Professional, holds a BS in Computer Science and Mathematics from the University of Pittsburgh, is co-founder of the Open Source Insider Threat information sharing group and is a member of the RSA Conference Program Committee and the CyberWire Hash Table. She was awarded the Pittsburgh Technology Council’s 2022 CIO Choice Lifetime Achievement Award, inducted into the ISSA Hall of Fame in 2021, honored as a member of the 2021 CISOs Top 100 CISOs, 2020 Global CISO 100, and named Pittsburgh CISO of the Year in 2018.
