Here are five minutes of our best moments from Super Cyber Friday “Hacking Prioritization: An hour of critical thinking about which security holes need to be filled, and which ones don’t.”
Our guests for this discussion were:
- Ed Bellis (@ebellis), CTO and co-founder, Kenna Security (now part of Cisco)
- Ben Sapiro, head of technology risk and CISO, Canada Life
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Kenna Security
Best Bad Idea
Congrats to Valarie Apperson, digital web copywriter, NowSecure for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Prioritize by cost of solution, starting with most expensive first.” – Kevin Kentner, senior security advisor, CrowdStrike
“Make everything top priority.” – Hadas Cassorla, CISO, m1 Finance
“Only prioritize the risks that are disclosed in the media.” – Craig Hurter, director security operations, Colorado Governor’s Office of Information Technology
“Ask your Uber driver to decide. They use apps all the time so they would know.” – Valarie Apperson, digital web copywriter, NowSecure
Quotes from the chat room
“Prioritizing after compromise probably indicates previous prioritization was based on audio checkboxes only.” – Kevin Kentner, senior security advisor, CrowdStrike
“Blame seeking is a sign of a toxic leadership environment.” – Kevin Kentner, senior security advisor, CrowdStrike
“The rule of thumb is to assume you are hacked or compromised. Learn to live in the chaos.” – Cliff Ziarno, business information security leader – strategic advisor, CZ Consulting Services
“I have always encountered issue with prioritization around conflicting perceptions in the upper leadership and the money folks who have to approve the budgets.” – Kevin Kentner, senior security advisor, CrowdStrike
“Following the media for vulns is actually an exercise in the herd mentality.” – Ian Poynter, vCISO, Kalahari Security