How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and…
"Defense in Depth"
Defense in Depth: Privacy Is An Uphill Battle
Defense in Depth: Privacy Is An Uphill Battle
Privacy is an uphill battle. The problem is those gathering the data aren’t the ones tasked with protecting the privacy of those users for whom that data represents. Check out this post for the basis for our conversation on this week’s episode…
Defense in Depth: Legal Protection for CISOs
Defense in Depth: Legal Protection for CISOs
What’s the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO…
Defense in Depth: XDR: Extended Detection and Response
Defense in Depth: XDR: Extended Detection and Response
Is XDR changing the investigative landscape for security professionals? The “X” in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more…
Defense in Depth: Calling Users Stupid
Defense in Depth: Calling Users Stupid
Many cybersecurity professionals use derogatory terms towards their users, like calling them “dumb” because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn’t foster a stronger security…
Defense in Depth: Is College Necessary for a Job in Cybersecurity?
Defense in Depth: Is College Necessary for a Job in Cybersecurity?
Where is the best education for our cyber staff of the future? Where does college fit in or not fit in? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO…
Defense in Depth: When Red Teams Break Down
Defense in Depth: When Red Teams Break Down
What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it’s not closed? Check out this post for the basis for our…
Defense in Depth: What Cyber Pro Are You Trying to Hire?
Defense in Depth: What Cyber Pro Are You Trying to Hire?
Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What’s breaking down? Check out this post for the basis for our…
Defense in Depth: Junior Cyber People
Defense in Depth: Junior Cyber People
There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security? Check out this post for the basis…
Defense in Depth: Trusting Security Vendor Claims
Defense in Depth: Trusting Security Vendor Claims
Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they’re buying? Check out this post and the Valimail survey for the basis of our conversation on this…