Redefining CyberSecurity

enMarch 13, 2024

organizational culture

Book | Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age | A Conversation with Author, Frank McCourt | Redefining CyberSecurity and Society with Sean Martin and Marco Ciappelli

Guest: Frank McCourt, Executive Chairman and Founder, Project Liberty [@pro_jectliberty]

On LinkedIn | https://www.linkedin.com/in/frank-h-mccourt/

Project Liberty on LinkedIn | https://www.linkedin.com/company/projectliberty/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Host: Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast & Audio Signals Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

___________________________

Episode Notes

In this thought-provoking and potentially life-changing conversation with hosts Sean Martin and Marco Ciappelli, Frank McCourt discusses the necessity of prioritizing personhood in the face of increasing Internet surveillance. The trio discuss the deceptive practices of companies that extract user data under the alluring guise of free services. They explore the fundamental need for society to determine how to harness and utilize technology, which currently exists as an all-powerful, autocratic surveillance entity beyond individual control.

Recognizing the necessity of cultural shift to reclaim liberty, humanity, and dignity in the digital age, Frank emphasizes the urgency for society to take action. He presents Project Liberty as a conscious initiative to course-correct the trajectory of the Internet's effect on society and calls on individuals to raise their hopeful voices and make discerning choices. The narrative sheds light on how McCourt envisions restructuring internet governance, espousing a people-centric approach, ultimately promoting a more secure democratic digital world. To further this mission McCourt presents several ideals from his book 'Our Biggest Fight', emphasizing the necessity to reclaim control over personal data.

This is a conversation that must be heard — a discussion you want to be part of.

Key Questions Addressed

What is the importance of recognizing personhood on the internet?
What is the potential impact of technology on society and democracy?
How can society influence the direction of the internet and promote individual data ownership?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age (Book): https://www.projectliberty.io/our-biggest-fight

Our Biggest Fight: Reclaiming Liberty, Humanity, And Dignity In The Digital Age (Pre-Order Book): https://www.penguinrandomhouse.com/books/743398/our-biggest-fight-by-frank-h-mccourt-jr-with-michael-j-casey/

The proceeds from the book will be donated to the Project Liberty Foundation, a 501(c)(3) organization working to advance the responsible development of technology and ensure that tomorrow’s internet is designed and governed for the common good.

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

enMarch 12, 2024

BlackCloak Exposes a Surge in Cyber Attacks Targeting Crypto-Invested Venture Capital and Private Equity Firms | A BlackCloak Brand Story with Chris Pierson

In the recent installment of Brand Stories with BlackCloak, co-hosts Marco Ciappelli and Sean take a journey into the escalating issue of cyber threats facing venture capitalists, private equity professionals, and affluent individuals invested in cryptocurrency. This episode stands out for its insightful analysis into how cybercriminals are increasingly targeting high-net-worth individuals, employing sophisticated strategies to breach their privacy and security and to steal their cryptocurrency. The discussion, enriched by the expertise of Chris Pierson, CEO and founder of BlackCloak, along with in-depth research from his team, highlights the imperative for tailored cybersecurity solutions in an era where financial investments intersect with digital vulnerability.

The conversation begins with an overview of the emerging trend where cybercriminals meticulously target individuals at the apex of financial and technological investments. Pierson’s input paints a detailed picture of the advanced tactics these nefarious actors use, ranging from social engineering to advanced phishing and hacking methods. These tactics are not random; they are precisely aimed at exploiting the unique lifestyles and the consequent vulnerabilities of high-net-worth individuals, making the need for customized cybersecurity measures more critical than ever.

A significant portion of the episode is dedicated to discussing the necessity of concierge-style cybersecurity services. Pierson emphasizes that BlackCloak’s approach is far from generic; it offers bespoke protection plans that cater to the individual’s specific lifestyle and risk profile. This personalized approach is crucial, as the assets and digital footprints of high-net-worth individuals are far from ordinary and require specialized protection strategies.

Pierson further outlines essential mitigating controls and risk reduction tactics that are pivotal in safeguarding against cyber-attacks. The focus here is on creating a multi-layered defense system that protects personal devices, secures network connections, and minimizes vulnerabilities related to one's digital presence. This strategy is not only about defending against current threats but also about being agile enough to adapt to new risks as they emerge.

A key insight from the discussion is BlackCloak’s proactive stance in anticipating future cybersecurity challenges. The cyber threat landscape is dynamic, with criminals continuously innovating to find new ways to breach defenses. BlackCloak’s methodology is centered on staying ahead of these threats through anticipation and preparation, ensuring their clients remain protected against both current and future vulnerabilities.

This episode goes beyond traditional cybersecurity discussions, focusing on the nuanced challenges faced by individuals whose financial success makes them prime targets for cybercriminals. It underscores the importance of investing in advanced, personalized cybersecurity solutions in today’s digital age. For venture capitalists, private equity professionals, and cryptocurrency investors, the message is clear: sophisticated, tailored cybersecurity and privacy protection is not an option but a necessity.

The insights provided in this episode of Brand Stories with BlackCloak offer a comprehensive look into the complexities of protecting high-net-worth individuals in the digital realm. It serves as a crucial resource for anyone involved in high-stakes investment sectors, highlighting the need for vigilance, sophisticated security measures, and a proactive approach to cybersecurity in the face of evolving threats.

Note: This story contains promotional content. Learn more: https://www.itspmagazine.com/their-infosec-story

Guest: Chris Pierson, Founder and CEO of BlackCloak [@BlackCloakCyber]

On Linkedin | https://www.linkedin.com/in/drchristopherpierson/

On Twitter | https://twitter.com/drchrispierson

Resources
Learn more about BlackCloak and their offering: https://itspm.ag/itspbcweb

Are you interested in telling your story?
https://www.itspmagazine.com/telling-your-story

enMarch 12, 2024

cyber risk management

Cyber Investigations: Methodology over Tools | A Conversation with Christopher Salgado | Redefining CyberSecurity Podcast with Sean Martin

Guest: Christopher Salgado, CEO at All Points Investigations, LLC

On Linkedin | https://www.linkedin.com/in/christophersalgado/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of Redefining CyberSecurity Podcast, host Sean Martin converses with Christopher Salgado about the critical yet overlooked aspects of cyber investigations. Salgado's rich experiences, from being an insurance investigator in Chicago to working on Facebook's global investigations division and being a key player amidst the Cambridge Analytica crisis, lay the foundation for this engrossing dialogue.

Salgado elaborates on the unique challenges posed by cyber investigations—being analytical, yet organic; thorough, yet flexible—straddling between rigidity of process and fluidity of response. Pragmatism and diligent investigation are pitched alongside the usefulness of AI tools, which, as per Salgado, can be both ally and adversary.

Highlighting the importance of operating within established processes, Salgado presses on the need for standardization and streamlining, without compromising on the inherently organic nature of investigative work. He underscores how modifiable Standard Operating Procedures (SOPs) can uphold consistency and enable comprehensive learning, while staying legally sound and economically feasible.

Salgado also draws attention to the flip-side of AI-tools—potential data-leaks and the threat of manipulated AI-platforms. Corporations employing AI must weigh their usage against the risks, envisaging issues of data-privacy, information-misuse, and disinformation before rolling out (or permitting vendors to use) AI-based systems.

In a nutshell, this enlightening conversation delves into the complexities of cyber investigations, the indispensable role of AI, and the necessity of solid processes, making it a must-listen for cybersecurity enthusiasts and cyber sleuths alike.

The 'Security Show': Identifying the Real Truman for Transformative Business Excellence | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

This edition of The Future of Cybersecurity Newsletter by Sean Martin draws a parallel between cybersecurity in businesses and "The Truman Show," highlighting the transformative impact of embedding cybersecurity into core business strategies. It discusses the challenges and potential of redefining traditional cybersecurity roles to foster innovation, enhance efficiency, and gain a competitive edge.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

Sean Martin is the host of the Redefining CyberSecurity Podcast, part of the ITSPmagazine Podcast Network—which he co-founded with his good friend Marco Ciappelli—where you may just find some of these topics being discussed. Visit Sean on his personal website.

TAPE3 is the Artificial Intelligence for ITSPmagazine, created to function as a guide, writing assistant, researcher, and brainstorming partner to those who adventure at and beyond the Intersection Of Technology, Cybersecurity, And Society. Visit TAPE3 on ITSPmagazine.

enMarch 10, 2024

Book | Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware | A Conversation with Cassie Crossley | Redefining CyberSecurity Podcast with Sean Martin

Guest: Cassie Crossley, VP, Supply Chain Security, Schneider Electric [@SchneiderElec]

On LinkedIn | https://www.linkedin.com/in/cassiecrossley/

On Twitter | https://twitter.com/Cassie_Crossley

On Mastodon | https://mastodon.social/@Cassie_Crossley

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin chats with Cassie Crossley, Vice President for Supply Chain Security at Schneider Electric, and author of the book "Software Supply Chain Security". Crossley emphasizes the need for increased awareness and understanding of software supply chain security, not just among technology companies but also in the broader business sector including procurement, legal, and MBA graduates.

Crossley highlights the intricate complexities involved in securing IT, OT and IoT ecosystems. These include dealing with decades-old equipment that can't easily be upgraded, and accounting for the constantly evolving nature of cybersecurity threats, which she likens to a 'Wild West' environment.

Crossley brings attention to the importance of businesses understanding the risks and impacts associated with cyber vulnerabilities in their supply chain. She touches on the potential vulnerabilities of pre-installed apps on iPhones, the need for more memory-safe languages, and the complexities of patch management in OT environments.

Additionally, Crossley talks about the potential for cyber disasters and the importance of robust disaster recovery processes. Discussing the EU Cyber Resilience Act, she raises an important issue about the lifespan of tech devices and the potential impact on the security status of older devices.

To help businesses navigate these challenges, Crossley’s book provides a holistic overview of securing end-to-end supply chains for software, hardware, firmware, and hardware; it is designed to serve as a practical guide for anyone from app developers to procurement professionals. She aims to enlighten and equip businesses to proactively address supply chain security, rather than treating it as an afterthought.

Key Questions Addressed:

What is the importance of software supply chain security in businesses?
What are the challenges presented by OT environments when implementing cybersecurity measures?
How can businesses proactively navigate these challenges and strengthen their supply chain security?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Software Supply Chain Security: Securing the End-to-end Supply Chain for Software, Firmware, and Hardware (Book): https://amzn.to/47m6gIg

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

software supply chain security

enMarch 08, 2024

supply chain security

Diversity in Depth: From FBI Special Agent to Corporate Leader to Cybersecurity Advocate | A Minorities in Cybersecurity Conference Coverage Conversation with Mary N. Chaney

Guest: Mary N. Chaney, Chairwoman, CEO and President, Minorities in Cybersecurity

On LinkedIn | https://www.linkedin.com/in/marynchaney/

____________________________

Hosts:

Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

Marco Ciappelli, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining Society Podcast

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/marco-ciappelli

____________________________

Episode Notes

Join hosts Sean Martin and Marco Ciappelli for this new On Location event coverage episode along with Mary Chaney, a lawyer and seasoned professional in the cybersecurity field, as they focus on the pivotal topic of diversity and inclusion in the cybersecurity industry. Chaney highlights the creation and purpose of the Minorities in Cybersecurity organization and annual conference, emphasizing leadership development, empowerment, and creating safe spaces for professional growth.

The episode explicitly explores the importance of diversity in depth, promoting tangible actions to support retention and advancement of minority leaders. It also discusses the diverse range of topics covered in the conference, sessions on crisis management, financial planning, and cultural change within organizations. The episode concludes with a call to action for listeners to participate in the conference and support the mission of minorities in cybersecurity. During the discussion, Mary Chaney clearly demonstrates a commitment to fostering a more inclusive and diverse cybersecurity landscape.

JavaScript is Often the Most Common Resource to be Compromised and Exploited | Let's See How Client-Side Security Can Help Successfully Navigate the Application Threat Landscape | An Imperva Brand Story with Lynn Marks: Sr. Product Manager

Understanding the complexities around client-side security is more important than ever. As businesses and individuals, we are all 'people of the web', and protecting web transactions and user-data becomes our collective responsibility. On this episode of the Brand Story Podcast, hosts Sean Martin and Marco Ciappelli discuss these complexities with Lynn Marks, Senior Product Manager from Imperva.

The conversation begins with a key question: What is client-side protection?

Marks explains that modern engineering teams often place much of the applicational logic into the client-side, utilizing third-party JavaScript extensively. But as the prevalence of JavaScript increases, so does its vulnerability to being hijacked. A major concern is ‘form-jacking,’ where bad actors compromise JavaScript to skim sensitive information one record at a time. Due to the slow, low, and under-the-radar nature of these attacks, they often go unnoticed, emphasizing the need for proactive detection and robust prevention methods.

Marks highlights that many organizations are currently blind to these client-side attacks and require visibility into their online activity. This is where Imperva’s Client-Side Protection product comes in. It enables organizations to start gaining visibility, insights, and the ability to either allow or block the execution of certain actions on their client-side applications. The goal is to streamline their compliance processes, manage the auditing stages effectively, and facilitate them to make data-driven, informed decisions.

Marks also discusses the importance of adhering to PCI-DSS (Payment Card Industry Data Security Standard)—specifically version 4.0. As this standard applies to all organizations processing payment information, it plays a significant role in helping organizations build programs capable of combating these attacks. Imperva’s Client-Side Protection product aligns with this framework, providing necessary visibility and insights while streamlining the auditing and compliance processes.

For Imperva WAF customers, the Imperva client-side solution can be activated with just one click, removing any constraints and giving back control to the security teams. As organizations implement these security measures into their regular processes, they gain the ability to forecast and manage potential threats better.

Maintaining client-side security is undoubtedly a complex task, especially with the ever-increasing and evolving use of JavaScript. However, with comprehensive visibility, robust solutions, and readily-available compliance with industry standards, organizations can efficiently manage these threats and ultimately protect the end-users. By fostering a proactive stance towards cybersecurity, we can maintain the integrity of our online experiences and embrace our roles as responsible people of the web.

Cyber Governance Alliance and the Effort to Fight for CISO Liability Protections | A Conversation with Emily Coyle, Dr. Amit Elazari, and Andrew Goldstein | Redefining CyberSecurity Podcast with Sean Martin

Guests:

Emily Coyle, President & Founding Partner, Cyber Governance Alliance

On LinkedIn | https://www.linkedin.com/in/emily-elaine-coyle-a8243328/

Dr. Amit Elazari, Co-Founder & CEO, OpenPolicy

On LinkedIn | https://www.linkedin.com/in/amit-elazari-bar-on/

On X | https://www.twitter.com/AmitElazari

Andrew Goldstein, Chair of Global White Collar Defense and Investigations Practice, Cooley LLP [@CooleyLLP]

On LinkedIn | https://www.linkedin.com/in/andrew-d-goldstein/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

___________________________

Episode Notes

In the episode of Redefining CyberSecurity Podcast, host Sean Martin discusses the issues surrounding the SEC's precedent-setting decision to charge the CISO of SolarWinds, Tim Brown, in the aftermath of the Sunburst cyberattack. Joining Sean are Emily Coyle, the founder of Cyber Governance Alliance, Andrew Goldstein from law firm Cooley and Amit Elazari from OpenPolicy.

Emily elucidates on the work of the Cyber Governance Alliance, aiming to lobby for methodology change by bringing the best practices of cybersecurity into the legal framework. The Alliance is seeking to provide cyber security professionals with the protections they need to carry out their role, including limitations on liability and protection against the chilling effect of litigation.

Andrew speaks to the potential impacts their arguments could have on the wider cyber security field. A pressing concern he highlights is the effect of the SEC's decision on aspiring cyber security professionals and their willingness to engage in the field, potentially exacerbating an already vulnerable shortage of professionals.

Amit points out the contradictions between best practice standards for cybersecurity, enshrined in legislation, and the SEC’s decision. She puts a call to action to the cyber community to collectively support the renewal of the amicus, around furthering discussions with policy makers to create a balanced decision.

The group concludes that the lawsuit sets a challenging precedence for cybersecurity professionals. They argue that aligning legal and policy frameworks with cybersecurity practices should be a priority. They also encourage the community to engage the policymakers in discussion, starting with commenting on and signing the next amicus brief being drafted. Collectively they emphasize the urgency and importance of the cybersecurity community's involvement in shaping the future of cybersecurity policy and governance before it's set in stone.

Key Questions Addressed

What has been the impact, thus far, of the SEC's decision to charge the CISO of SolarWinds, Tim Brown, after the Sunburst cyberattack?
How can conflicting policies potentially impact the sustainability of effective cybersecurity practices and what is the call to action for the cybersecurity community?
How is the Cyber Governance Alliance challenging the current cybersecurity legal framework and what protections are they seeking for cybersecurity professionals?

Top Insights from the Conversation

The SEC's decision to charge the CISO of SolarWinds has far-reaching implications for the cybersecurity community and can deter aspiring professionals for a long time to come.
Through the Cyber Governance Alliance, there's an ongoing effort to integrate the best practices of cybersecurity into the legal framework and provide basic liability protections for cybersecurity professionals.
Despite the contradictions in cybersecurity policies, there's an urgent call for the cybersecurity community to unify and shape the future of cybersecurity policies and governance.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

The amended amicus is due March 29th. Cooley will be hosting a webinar with Latham & Watkins (SolarWinds & Tim Brown outside counsel) to discuss:

Date: Monday, March 11th
Time: 4:00 - 4:30 EST
Zoom Link: https://cooley.zoom.us/j/99323354217

To learn more about signing on to the updated amicus, contact Open Policy ( info@openpolicygroup.com ) or the team at Cooley via https://forms.office.com/Pages/ResponsePage.aspx?id=vqaHcH1e6Eme5Tx__T8eZbG7QNlB75pMoakNn09c-C5UMDBDNUVRVU8yUzFKV09HNjk5MTc0V0taSS4u.

To learn more about Cyber Governance Alliance and their efforts to fight for cyber professionals in Washington, contact the team at ( info@cybergovernancealliance.org) or check out https://cybergovernancealliance.org/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring this show with an ad placement in the podcast?

Learn More 👉 https://itspm.ag/podadplc

enMarch 06, 2024

regulatory compliance

information sharing

Transforming Cybersecurity Governance: The Role of Enterprise Risk Management (ERM) in the Context of the SEC Incident Reporting Rule | A Conversation with Keyaan Williams | Redefining CyberSecurity Podcast with Sean Martin

Guest: Keyaan Williams, Founder and Managing Director of CLASS-LLC [@_CLASSllc]

On LinkedIn | https://www.linkedin.com/in/keyaan/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, hosted by Sean Martin, we are joined by guest Keyaan Williams to discuss the impact of the Securities and Exchange Commission (SEC) Incident Reporting Rule on organizations and its far-reaching implications. The wide-ranging discussion covers the shift in responsibility from a single Chief Information Security Officer (CISO) to the entire organization, the necessity for companies to have situational awareness to rapidly determine the materiality of cyber security incidents, and how these rules affect the company's enterprise risk management strategy.

Enterprise Risk Management (ERM) is integral to the way organizations protect themselves and manage risk. Contrary to focusing exclusively on cybersecurity and cyber-related risk, ERM takes an holistic approach and considers all risks across the company. This comprehensive approach ensures that companies make well-informed decisions about how they allocate resources, prioritize risks, and choose specific areas to mitigate. ERM also distributes the burden of risk oversight, reducing the intense pressure on CISOs or any single department and making risk management a collective responsibility. In an era of increasing regulatory oversight, such as the new rules from the SEC, ERM also aims to help companies demonstrate that they are taking all necessary precautions and addressing regulatory requirements effectively.

Williams also emphasizes the need for businesses to prepare for the increasing regulatory scrutiny by maintaining a robust governance structure and adopting a team-based approach for managing cyber security risks. They predict the possibility of additional rule-making concerning cybersecurity in the future, thus viewing the current phase as the calm before the storm.

Williams ends the conversation with an invitation for listeners to provide feedback, reinforcing the theme of the episode: collective engagement in cybersecurity management.

Key Questions Addressed:

What is the impact of the new SEC reporting rule on CISOs and their teams?
How can Enterprise Risk Management contribute to overcoming cybersecurity challenges?
How does the SEC reporting rule change the role of a CISO within an organization?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

enterprise risk management

enMarch 04, 2024

cybersecurity

business risk

cyber risk

cybersecurity governance

regulatory compliance

cyber threat landscape

risk management strategy

sec regulatory activity

Digital Twin Technology: Revolutionizing Industries and Redefining Cybersecurity | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

Digital twin technology, a remarkable innovation, is transforming how industries operate and manage cybersecurity. This edition of The Future of Cybersecurity Newsletter by Sean Martin explores the essence of digital twin technology, its market overview, applications across top industries, its role in cybersecurity, and key considerations for CISOs and the cybersecurity vendors building solutions with digital twin technologies in mind.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

enMarch 02, 2024

artificial intelligence

A Path to Banning Ransomware Payments | A Conversation with Ari Schwartz | Redefining CyberSecurity Podcast with Sean Martin

Guest: Ari Schwartz, Managing Director of Cybersecurity Services and Policy at Venable LLP [@VenableLLP]

On Linkedin | https://www.linkedin.com/in/ari-schwartz-484a297a/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of Redefining CyberSecurity, host Sean Martin speaks with Ari Schwartz about the momentum to ban ransomware payments and the path to achieve it. Schwartz, a cybersecurity expert with three decades of experience, discusses his recently published blog post titled "The Path to Banning Ransomware Payments", and unpacks the ways not just businesses, but also governments can respond to this growing threat.

Martin and Schwartz delve into significant issues, including the moral, national security, and economic imperatives for banning these payments. The duo further discuss four potential strategies to make not paying ransoms the rational thing to do: requiring victims to report ransom payments, to submit to oversight by a government regulator, to pay fines or face potential criminal charges for refusing to comply.

Addressing the practicalities of such a ban, Schwartz believes it’s likely to happen within the next 3 to 5 years but notes the need for passing laws to successfully enforce it. He also examines the critical role of insurance in this scenario and emphasizes the importance of risk mitigation strategies and robust cybersecurity measures.

The episode also explores potential exceptions to the ban like potential life-or-death situations or major economic harm, and the need for government intervention during ransom situations. Lastly, they discuss how targeting ransomware can help internal corporate security teams highlight the threats to their leadership and drive investment in robust cybersecurity.

Balancing Platforms and Point Solutions: Insights from a Product Manager, Industry Analysts, and the Market | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

Is the security platform dead? Did it ever live in the first place? Will it ever see the light of day? There are many thoughts on this topic, and Sean Martin wrote a new edition of The Future of Cybersecurity Newsletter to share his initial thoughts.

Read the article: https://www.linkedin.com/pulse/balancing-platforms-point-solutions-insights-from-product-sean-martin-f0lae/

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

enFebruary 27, 2024

Securing your Business Against The Latest Cyber Threat Trends: Incident Responses and Insurance Essentials | A Conversation with Shawn Tuma | Redefining CyberSecurity Podcast with Sean Martin

Guest: Shawn Tuma, Co-Chair, Data Privacy & Cybersecurity Practice at Spencer Fane, LLP [@SpencerFane]

On Linkedin | https://www.linkedin.com/in/shawnetuma/

On Twitter | https://twitter.com/shawnetuma

On Instagram | https://www.threads.net/@shawnetuma

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin sits down with cybersecurity data privacy attorney, Shawn Tuma. They delve into a comprehensive discussion on cyber risk, cybersecurity incident response, and cyber insurance.

During their discussion, Tuma shares a wealth of knowledge stemming from his deep involvement in thousands of cyber incident responses. He discusses the evolving cyber threat landscape, singling out business email compromises as now topping the list and how the evolution of threat actor tactics has exploited the human element in organizations.

The conversation segues into the crucial role of insurance in incident response planning. Tuma goes into detail about the issues that organizations face with insurance, especially when they aren't familiar with the terms stipulated in their policies. He also emphasizes the importance of getting the insurance carrier involved early on and the necessity for businesses to have pre-approved incident response teams.

The episode wraps up with Tuma’s advice on building a robust incident response plan and how insurance plays a key part in the strategy.

Key Insights Provided:

Though cyber threats continue to evolve, business email compromises now top the list over ransomware attacks because threat actors are manipulating the human element in organizations.
Insurance carriers play an indispensable role in incident response planning; it's crucial to get them involved early on and for businesses to have pre-approved incident response teams.
In building a robust incident response plan, businesses must understand their risk, be familiar with the terms stipulated in their policies, and ensure the implementation of measures that limit their vulnerabilities.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

business email compromise

enFebruary 26, 2024

cyber threat landscape

operationalizing security

From Ad-hoc Solutions to Systemic Approaches to Securing the Internet's Infrastructure: Introducing The Common Good Cyber Initiative | A Conversation with Phil Reitinger, Josh Corman | Redefining CyberSecurity Podcast with Sean Martin

Guests:

Phil Reitinger, President and CEO, Global Cyber Alliance [@GlobalCyberAlln]

On Linkedin | https://www.linkedin.com/in/philipreitinger/

On Twitter | https://twitter.com/CarpeDiemCyber

Joshua Corman, Founder, I am The Cavalry [@joshcorman]

On Twitter | https://twitter.com/joshcorman

On LinkedIn | https://www.linkedin.com/in/joshcorman/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages with guests Phil Reitinger and Josh Corman to discuss the importance of financial backing and coordinated efforts in maintaining the security of the internet's infrastructure. Both guests emphasize the necessity for systemic approaches to sustain critical online operations, and the need to move from a reliance on generous volunteers towards more strategic, financially supported initiatives.

Reitinger and Corman cite several initiatives and organizations they've been involved with, such as Global Cyber Alliance, I Am The Cavalry, and others, illuminating their efforts to address cybersecurity issues. They also express the hope that the collaboration they've begun with the Common Good Cyber initiative, will lead to broad systemic solutions. The podcast brings to light key industry players, from large corporations to governments, and non-profits. The episode serves as a solid call to action, urging everyone to be part of a 'coalition of the willing' to secure the common good of the internet.

The Common Good Cyber initiative kicks off with a workshop in Washington DC. The workshop exists as a platform to gather diverse perspectives from cybersecurity stakeholders ranging from government representatives, corporations, to non-profit organizations. It is designed as a three-part effort, starting with understanding the urgency and identifying existing solutions, followed by brainstorming new solutions, and finally merging into a joint action plan to address the identified problems. The entire idea is to transition from simple plans to concrete action, which is the most challenging step. Moreover, the workshop is not just a one-off event but a launchpad for the Common Good Cyber initiative. It aims to understand the most viable solutions from the community, develop coherent strategies, and work on implementation beyond just the initial event.

Key insights discussed:

There's a recognized gap in funding for critical internet infrastructure security, which has largely been dependent on volunteer efforts and small non-profit organizations.
The Common Good Cyber initiative is an effort to bring together multiple stakeholders, including governments, corporations, and non-profits, to brainstorm and implement sustainable solutions to cybersecurity problems.
Collaborative efforts, transparency, and a shared purpose are seen as crucial elements in addressing the challenges of internet security and operationalizing security tools and processes.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllRWnxWBBf8E2rGm4AaELu1Y

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

About Common Good Cyber: https://commongoodcyber.org/

Workshop Overview: https://commongoodcyber.org/events/

Workshop Agenda: https://commongoodcyber.org/wp-content/uploads/2024/02/Common-Good-Cyber-February-Workshop-Agenda.pdf

Wendy Nather's Cyber Poverty Post: https://www.linkedin.com/posts/wendynather_securitypovertyline-cyberpoverty-cybercivildefense-activity-7165733967113957376-80jy

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

enFebruary 23, 2024

cybersecurity

public-private partnerships

cybersecurity community

global cyber alliance

internet infrastructure

phil reitinger

common good cyber

operationalizing security

redefining cybersecurity podcast

A Reality Check: Platforms vs. Standalone Solutions and Their Place in an Expanding and Contracting Cybersecurity Market | A Conversation with Eric Parizo and Richard Stiennon | Redefining CyberSecurity Podcast with Sean Martin

Guests:

Eric Parizo, Managing Principle Analyst at Omdia [@OmdiaHQ]

On Linkedin | https://www.linkedin.com/in/ericparizo/

On Twitter | https://twitter.com/EricParizo

Richard Stiennon, Chief Research Analyst at IT-Harvest [@cyberwar]

On Twitter | https://twitter.com/stiennon

On LinkedIn | https://www.linkedin.com/in/stiennon/

On YouTube | https://www.youtube.com/channel/UCJbNLvhmVGnRerhrSU1mFug

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin engages in an enlightening dialogue with industry analysts and cybersecurity veterans, Eric Parizo and Richard Stiennon. The trio explored various aspects of the vendor space in cybersecurity, discussing topics like vendor consolidation, market contraction, and the state of M&A inundating an already-overwhelmed IT environment with complex products.

Parizo, a managing principal analyst, counters the narrative of large vendors, stating that most companies desire best-of-breed solutions that offer better integration and measurable outcomes. However, he sees challenges in getting standalone solutions to work together efficiently. To tackle this, Parizo envisages a shift from product integration to data integration, enabling enterprises to handle security data in centralized repositories like Amazon Security Lake.

Stiennon, a chief research analyst, points out that security will always be a subpart of the next big thing. Despite the increase in intelligent security systems and development in DevSecOps, Stiennon expresses doubt about a total transformation in security due to the potential disruption to business productivity. Instead of seeking transformation in security, he urges CISOs to first identify and reduce the number of redundant products they pay for, as vendors often progressively add features that might already be available in their product pool.

Parizo and Stiennon both offered unique insights into the future of cybersecurity platforms. Parizo acknowledged the merits of the platform approach but challenged the assertion made by large vendors about the superiority and cost-effectiveness of cybersecurity platforms over standalone solutions. He suggested most companies prefer best-of-breed solutions due to enhanced integration and measurable performance outcomes. Conversely, Stiennon expressed skepticism about cybersecurity platforms becoming predominant in the market, asserting that new threats and ongoing innovation make it impossible for one vendor to fully secure an enterprise. Both analysts indicate that, although cybersecurity platforms offer some benefits, the continually evolving security landscape ensures that no single platform approach will dominate the market.

Ultimately, Parizo and Stiennon believe that, while consolidation and platform approaches have some benefits, the key to organizational security lies in continuous innovation, knowing the full capabilities of products, and utilizing comprehensive data management to communicate more effectively and make better decisions. Despite the inherent challenges, both experts also remain optimistic about the evolving role of data and AI in driving efficient cyber security practices.

How Risk Management and Human Behavior Shape Security Strategies: The Untold Impact of Cyber Insurance on Businesses | Human-Centered Cybersecurity Series with Co-Host Julie Haney | Redefining CyberSecurity Podcast with Sean Martin

Guests:

Julie Haney, Computer scientist and Human-Centered Cybersecurity Program Lead at National Institute of Standards and Technology [@NISTcyber]

On Linkedin | https://www.linkedin.com/in/julie-haney-037449119/

On Twitter | https://x.com/jmhaney8?s=21&t=f6qJjVoRYdIJhkm3pOngHQ

Jason Nurse, Reader in Cyber Security and Director of Science & Research, University of Kent [@UniKent] and CybSafe [@CybSafe]

On Linkedin | https://www.linkedin.com/in/jasonrcnurse

On Twitter | https://twitter.com/jasonnurse

On Mastodon | https://infosec.exchange/@jasonnurse

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the new (first!) episode of the Human-Centered Research Series on the Redefining CyberSecurity Podcast, host Sean Martin and co-host Julie Haney from the Human Centered Cybersecurity program at NIST, chat with Dr. Jason Nurse, a reader in cybersecurity at the University of Kent in the UK. The discussion revolves around the role of cyber insurance in organizational risk management.

Jason elucidates cyber insurance’s function as a residual risk mitigation tool when dealing with cyber attacks, helping businesses recover and connect with response teams. They discuss how cyber insurance can incentivize better security practices but highlight challenges related to assessing security postures across diverse businesses. While ransomware features heavily in discussions of cyber risks, Jason points out that insurers don't always encourage ransom payments. Julie raises the issue of accessibility of cyber insurance for small businesses and suggests insurers offer 'pre-breach services'.

Sean, Julie, and Jason debate the role of human behavior in cyber risk, and how it affects organizations and insurance policies. They underscore the value of research in enhancing security practices and conclude by pondering ways to bridge the gap between academic research and practical implementation in cybersecurity.

Key Questions Addressed:

What is the role and impact of cyber insurance in organizational risk management?
How does cyber insurance interact with a business's cybersecurity practices, and how could it incentivize better measures?
How does human behavior factor into cyber risks and insurance policies, especially in the context of ransomware and small-medium enterprises?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Between a rock and a hard(ening) place: Cyber insurance in the ransomware era: https://www.sciencedirect.com/science/article/pii/S016740482300072X

Cyber Insurance and the Cyber Security Challenge: https://kar.kent.ac.uk/89041/1/RUSI-Kent-OP-Cyber-insurance.pdf

Mapping the coverage of security controls in cyber insurance proposal forms: https://jisajournal.springeropen.com/articles/10.1186/s13174-017-0059-y

Impact 2024: https://www.theimpactconference.com/impact-usa/

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

enFebruary 22, 2024

How the Newly-Formed AI-ISAC is Protecting Businesses from Emerging Cybersecurity Threats by Building Cross-Industry Trust and Collaborating with Other ISACs | A Conversation with Sidney Pearl | Redefining CyberSecurity Podcast with Sean Martin

Guest: Sidney Pearl, Executive Director at AI-ISAC

On Linkedin | https://www.linkedin.com/in/sidney-pearl/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

Welcome to a new episode of Redefining CyberSecurity Podcast. In this episode, Sean Martin is joined by Sidney Pearl to discuss the AI-ISAC (Artificial Intelligence Information Sharing and Analysis Center). They talk about the importance of operationalizing security and how communities, such as CISOs and other business executives, play a vital role in information sharing.

Sidney Pearl, the newly appointed executive director of AI ISAC, shares his background and experience in cybersecurity. The pair explore the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs. They explain that ISACs were initially formed to develop public and private partnerships between the government and private industry to share information and identify threats to critical infrastructure. Over time, ISACs have evolved into ISAOs, which have members beyond just the government and focus on sharing information across various domains.

The conversation then shifts to the AI ISAC and its importance in sharing information about artificial intelligence-related threats. They emphasize that the AI-ISAC is neutral and aims to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence. They discuss the challenges of navigating the rapidly evolving field of artificial intelligence, where bad actors can leverage AI tools for malicious purposes.

Sean and Sidney stress the necessity for organizations to proactively understand the trajectory of AI and make informed decisions. They highlight the importance of accessibility to good information for organizations to stay ahead of threats. Trust plays a crucial role in the success of ISACs, and Sidney invites the audience to engage with the AI-ISAC to foster trust and collaboration. Sidney also expresses the AI-ISAC's commitment to working together with the cybersecurity community to adapt to the changes brought by artificial intelligence. He encourages listeners to reach out and participate in the dialogue, emphasizing that we are all in this together.

Key Insights Provided:

What is the structure of ISAOs (Information Sharing and Analysis Organizations) and ISACs (Information Sharing and Analysis Centers)? How have they evolved over time to develop public and private partnerships and share information to identify threats to critical infrastructure?
What is the role of the AI-ISAC ? How does it aim to help all ISACs and ISAOs gain insight into the threat landscape associated with artificial intelligence? What are the challenges in navigating the rapidly evolving field of artificial intelligence?
How can organizations proactively understand the trajectory of artificial intelligence and make informed decisions to stay ahead of emerging threats? What is the importance of accessibility to good information in cybersecurity? How does trust play a crucial role in the success of ISACs, and how can the AI-ISAC foster trust and collaboration within the cybersecurity community?

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

New Artificial Intelligence Information Sharing Analysis Center (AI-ISAC) Launches at Kennedy Space Center: https://world.einnews.com/pr_news/674452892/new-artificial-intelligence-information-sharing-analysis-center-ai-isac-launches-at-kennedy-space-center

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

enFebruary 19, 2024

artificial intelligence

Illuminating Cybersecurity: A Wave Of Revelations From The Blue LED Revolution | A Musing On the Future of Cybersecurity and Humanity with Sean Martin and TAPE3 | Read by TAPE3

In this edition of The Future of Cybersecurity Newsletter, we embark on a journey that connects the groundbreaking innovation of the blue LED with the ever-evolving challenges of cybersecurity. Shuji Nakamura's pioneering work in developing the blue LED not only revolutionized lighting technology but also provides invaluable lessons for tackling the complexities of modern cybersecurity. We explore how the persistence, interdisciplinary approaches, and innovative thinking that led to the blue LED's success can be mirrored in addressing cybersecurity threats.

________

This fictional story represents the results of an interactive collaboration between Human Cognition and Artificial Intelligence.

Enjoy, think, share with others, and subscribe to "The Future of Cybersecurity" newsletter on LinkedIn.

Sincerely, Sean Martin and TAPE3

________

enFebruary 16, 2024

Incorporating Security from the Start for a More Secure Future: Exploring the 'Secure by Design' Initiative and the Ongoing Secure by Design Alert Series | A Conversation with Jack Cable | Redefining CyberSecurity Podcast with Sean Martin

Guest: Jack Cable, Senior Technical Advisor at CISA [@CISAgov]

On LinkedIn | https://linkedin.com/in/jackcable

On Twitter | https://twitter.com/jackhcable

CISA on LinkedIn | https://www.linkedin.com/company/cisagov/

____________________________

Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]

On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin

____________________________

This Episode’s Sponsors

___________________________

Episode Notes

In this episode of the Redefining CyberSecurity Podcast, host Sean Martin invites Jack Cable, Senior Technical Advisor at CISA (U.S. Cybersecurity and Infrastructure Security Agency), to discuss the concept of 'Secure by Design' and the importance of incorporating security into the development process of technology products. The episode explores the motivations behind CISA's 'Secure by Design' initiative, which aims to shift the responsibility for cybersecurity from end users to technology manufacturers.

During the conversation, Jack highlights the need for long-term investments in cybersecurity and emphasizes the role of business leaders in driving necessary security improvements. The conversation explores the core principles of 'Secure by Design', including technology manufacturers taking ownership of security outcomes for their customers, promoting radical transparency and accountability, and ensuring top business leadership drives security improvements. The episode also touches on the collaboration between CISA and the open-source community to foster greater security improvements in the open-source space.

Jack also shares success stories of companies effectively implementing 'Secure by Design' principles and highlights the economic and business factors that will drive a more secure future. The episode concludes with a call-to-action for organizations to adopt the 'Secure by Design' approach and engage with CISA to support the shift towards more secure software.

Top Key Insights:

The 'Secure by Design' initiative is aiming to shift the burden of cybersecurity from end users to the technology manufacturers, essentially pushing for a more proactive approach to security.
Successful adoption of 'Secure by Design' requires buy-in from business leaders who possess the power to allocate budgets and direct the shift towards a secure future, demonstrating that cybersecurity is as much a business issue as a technical one.
Collaboration with the open-source community is crucial for improving security in the technology ecosystem. This includes expectaing companies who use open-source software to be responsible consumers and sustainable contributors to the open-source software ecosystem.

___________________________

Watch this and other videos on ITSPmagazine's YouTube Channel

Redefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

📺 https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYq

ITSPmagazine YouTube Channel:

https://www.itspmagazine.com/redefining-cybersecurity-podcast

Be sure to share and subscribe!

___________________________

Resources

Inspiring LinkedIn Post: https://www.linkedin.com/posts/jackcable_when-a-new-vulnerability-comes-out-its-activity-7135658158726791168-nz9h

Secure by Design Overview: https://www.cisa.gov/securebydesign

Alert Series Announcement: https://www.cisa.gov/news-events/news/cisa-announces-secure-design-alert-series-how-vendor-decisions-can-reduce-harm-global-scale

Principles for Package Repository Security: https://repos.openssf.org/principles-for-package-repository-security

Request for Information: https://www.federalregister.gov/documents/2023/12/20/2023-27948/request-for-information-on-shifting-the-balance-of-cybersecurity-risk-principles-and-approaches-for

___________________________

To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:

Are you interested in sponsoring an ITSPmagazine Channel?

👉 https://www.itspmagazine.com/sponsor-the-itspmagazine-podcast-network

enFebruary 14, 2024

cybersecurity

cisa

business principles

application development