HomeCISO Series Video ChatBest Moments from "Hacking Process" - CISO Series Video Chat

Best Moments from “Hacking Process” – CISO Series Video Chat

Here’s six minutes full of highlights from CISO Series Video Chat: “Hacking Process: An hour of critical thinking about delivering and receiving the right information to the right people at the right time.”

Watch the full video here.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Kenna Security

This image has an empty alt attribute; its file name is KennaBanner2.png

Best Bad Ideas

Congratulations to Masako Long, senior sales executive, DefenseStorm for winning this week’s Best Bad Idea

Other honorable mentions go to:

“Print all of your processes on paper then put them through the shredder… Take the shredded paper and combine it at random to define your processes.” – Craig Hurter,  direction security operations, Colorado Governor’s Office of Information Technology

“All processes are “choose your own adventure” books. No matter your choices, the final page of any process states: “Sorry, you died while waiting to gain alignment and approvals for your process. Start again.” – Dutch Schwartz, principal security specialist, AWS

Best Strategies

“Leverage organizational culture to capitalize on processes that work and then socialize that to the enterprise” – Craig Hurter,  direction security operations, Colorado Governor’s Office of Information Technology

“Document, document, document. Build a Process Taxonomy that fits your organization and is not cumbersome. Clearly state process ownership and stewardship.” – Brian Colt, information security engineer, DASH Financial Technologies

“Build good relationships with the employees of all business units that you’re responsible for, especially the stakeholders. People are more likely to help you out and fix vulnerabilities when you’re easy to work with.” – Phil Guimond, principal cloud security architect, ViacomCBS

“Apply Risk Management principles to Process Management, ensure the Process owner understands the risks, mitigations, and accepts the residual risk and that the accepted residual risk aligns with the organization’s risk tolerance” – Brian Colt, information security engineer, DASH Financial Technologies

Quotes from the chatroom

“Stop trying to fit in. You are a key component of the organization. They do not need to comply with you. You need to align with them.” – Jeff Reich, peacemaker, Alation

“1. Start by assessing what type of culture you have (there are good models for this), 2. Use the levers you have (values, attitudes, beliefs) to shape culture by hiring and by socializing, 3. Measure your progress.” – Dutch Schwartz, principal security specialist, AWS

“If you describe security as quality, it tends to be more embraceable by other teams.” – Dutch Schwartz, principal security specialist, AWS

“I spent about six months earning the trust of a couple of Devs at a former job- it started incredibly adversarial but was worth the time spent. In the end, our deliverables were far more solid and the rework went way down.” – Kevin Kentner, program manager, CrowdStrike

“Relationships are built on trust and trust is earned over time through consistently demonstrating caring (sympathy/empathy) toward the individual, dependability and trustworthiness. If you can do this most folks will walk the wire for you.” – Mathew Biby, CISO, Satcom Direct

RELATED ARTICLES

Most Popular