Fake CISO Profiles, Executive Communication, and Developing Cybersecurity Leadership – BSW #279
In the leadership and communications section, Fake CISO Profiles on LinkedIn Target Fortune 500s, Cybersecurity Executive Communication and importance of Metrics, Tips for developing cybersecurity leadership talent, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
Matt Alderman
Chief Product Officer at CyberSaint
- 1. Fake CISO Profiles on LinkedIn Target Fortune 500sSomeone has recently created a large number of fake LinkedIn profiles for Chief Information Security Officer (CISO) roles at some of the world’s largest corporations. It’s not clear who’s behind this network of fake CISOs or what their intentions may be. But the fabricated LinkedIn identities are confusing search engine results for CISO roles at major companies, and they are being indexed as gospel by various downstream data-scraping sources.
- 2. What CISOs Want to See From NIST’s Impending Zero Trust GuidelinesThe goals of the government’s zero trust push are familiar to chief information security officers (CISOs) steeped in the details of zero trust: - End reliance on securing perimeter defenses. Clear perimeters no longer exist for most organizations thanks to remote work, cloud computing, mobile devices and the Internet of Things. - Make sure both access for authorized parties and security aren’t tied to location. That means insiders aren’t automatically allowed and outsiders aren’t automatically excluded. Gaining access to one resource doesn’t mean other lateral resources open up without further authorization. - Other elements include strong data encryption, increased centralized visibility into who is accessing what and improved cybersecurity practices across the board.
- 3. White House Releases Software Supply Chain Security GuidanceThe White House published a memo requiring agencies to comply with guidance from the Office of Management and Budget (OMB) which aims to improve software supply chain integrity and security. Signed by OMB Director Shalanda Young, the memo builds on Executive Order (EO) 14028, Improving the Nation’s Cybersecurity from May 2021, which is focused on the security and integrity of the software supply chain. The recent memo, published on September 14, requires each federal agency to comply with the NIST guidance when using third-party software on the agency’s information systems or otherwise affecting the agency’s information.
- 4. Cybersecurity Executive Communication and importance of MetricsEight Essential Components of Communication: Source <-> Message <-> Channel <-> Receiver <-> Feedback Environment — Context — Interference
- 5. Tips for developing cybersecurity leadership talentNavigating the skills gap from an employer's perspective starts with investing in talent. Get advice on how to develop and hire emerging leaders from an industry analyst.
- 6. 4 Tactics that Backfire When Dealing with a Difficult ColleagueWhen you’re at your wit’s end with a challenging colleague and it feels like you’ve tried everything, well-meaning friends and coworkers may tell you to “just ignore it” or to “suck it up” and move on with your life. But suppressing our emotions rarely helps. In this piece, the author outlines four tactics that are tempting to try — but often backfire — when dealing with a difficult colleague. Another one to avoid: waiting to see if your difficult colleague will just leave on their own. Your dream that they’ll walk out the door may come true, but there’s no guarantee that the culture will shift or that you’ll get along with their replacement. Ultimately you’re better off trying to create a workable situation with your colleague now. And remember: even small improvements can make a big difference.
Tyler Robinson
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element