Are you expecting a little intrusion into your network any day now? You better be prepared. Are there some vulnerabilities you should have managed, but didn’t? Don’t worry, first time security professionals are always scared about their first incident.
Thanks to this week’s podcast sponsor, Nucleus Security
Got feedback? Join the conversation on LinkedIn.
On this week’s episode
There’s got to be a better way to handle this
We constantly hear security leaders talk about “people, process, and technology”. Overwhelmingly, most security vendors are selling technology, then after a very steep drop there is the sale to managing people, and then “process” feels like a neglected stepchild. Let’s talk about one process change made in the past year that had a significant impact on security posture? AND what is the “process” in security that needs the most help? Is there an opportunity in this area for security vendors or this just a combination of project management and increased automation?
What do you think of this vendor marketing tactic
Are security vendors eating their own dog food? The next time a security vendor pitches you, Chris Roberts of Hillbilly Hit Squad said on LinkedIn, “Ask them if they are using their own systems to protect themselves OR if they’re relying on someone else’s technology to protect their arses.” An excellent question and HOW a vendor answers that question is very telling. So, is our sponsored guest using his own product to protect his business?
Jeremy Kempner, BT Americas offers up two really crappy communications options for Scott and Mike to wrestle with.
Please, Enough. No, More.
This week’s topic: Risk-based vulnerability management. Is it just prioritizing your vulnerability remediation based on the risk it poses to your organization? What have we heard enough about with risk-based VM and what should we hear more about?
How have you actually pulled this off?
One of the key parts of a successful pentest is the reconnaissance phase where the necessary background information is generated. Let’s walk through that process. How much involves planning vs. discovering? It’s assumed that a lot of creativity goes into making a successful pentest. What are some of the techniques and information needed to increase success?