Best moments from “Hacking Secure Access” – CISO Series Video Chat

Here is a six-minute video of highlights from CISO Series Video Chat: “Hacking Secure Access: An hour of critical thinking about how to easily and safely connect to services and apps.”

Our guest from this discussion were:

Watch the full video

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor Banyan Security

This image has an empty alt attribute; its file name is Banyan-SecureRemoteAccess-600x100.png
Today, 75% of enterprises are using some form of hybrid-cloud deployment. Unfortunately, traditional network-centric security solutions like VPNs are not designed to meet the scale, performance, and usability needs of modern organizations, especially those with dynamic hybrid- and multi-cloud environments.

Replace your traditional network access boxes – VPNs, bastion hosts, and gateways – with a cloud-based zero trust remote access solution and enable a safe and reliable “work from anywhere” environment. Visit for more information.

Best Bad Idea

Congrats to Duane Gran, director, information systems and security, Blue Ridge ESOP Associates for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Disallow unique passwords by having the UI tell users if another user has already used that password.” – Phil Guimond, principal information security architect, ViacomCBS

“Give everyone in your organization the same access as it will be easier to manage.” – Nancy Hunter, VP, CISO, Federal Reserve Bank of Philadelphia

“Ban remote access and make everyone come into the office again.” – Ian Poynter, virtual CISO, Kalahari Security

“Outsource every business function so that far fewer employees need secure access. Transfer risk to vendors.” – Kevin Hakanson, sr. solutions architect, AWS

“Build apartments in your office building and require employees to live there.” – Kevin Hakanson, sr. solutions architect, AWS

10 percent better

“Start by classifying your data, and then set access control policies based on role, and need to access.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“Dynamic policy generation for remote access, requiring either manual or risk based approvals.” – Kevin Hakanson, sr. solutions architect, AWS

“Use a tool to intercept password changes which match already breached passwords.” Jason Dance, systems architect, Greenwich Associates

Quotes from the chatroom

“Naturally if your workforce is very distributed the value of geo-ip blocking goes down fast.” – Duane Gran, director, information systems and security, Blue Ridge ESOP Associates