Avsnitt

  • Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on January 3, 2023.

    With the current macro economic head winds, 2023 budgets are either frozen or are flat. Where should CISOs focus these limited budgets to maximize the most out of their security program? In this segment, we invite Jon Fredrickson, Chief Risk Officer at Blue Cross Blue Shield of Rhode Island, to debate what should be in your minimum viable security program. This segment is part 1 of 2 parts and focuses on the minimum viable security capabilities.

    Show Notes: https://securityweekly.com/vault-bsw-15

  • The local network is no more. Neither is the corporate firewall. Users are not only working from the office but also remotely, meaning the network we utilize has quickly become the internet, leaving devices and data vulnerable to cyber threats. But how do we monitor this new, expanded network?

    Rob Allen, Chief Product Officer at ThreatLocker, joins Business Security Weekly to discuss how the dissolution of the business perimeter makes network access controls essential to protect your devices and, by extension, your data. Network Access Control helps protect business assets whether employees are in the office or remote. ThreatLocker Network Control provides a direct connection between the client and server, as opposed to a VPN that goes through a central point.

    This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

    In the leadership and communications segment, CISOs need to consider the personal risks associated with their role, CISOs: Don’t rely solely on technical defences in 2025, The Questions Leaders Need to Be Asking Themselve, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-376

  • Saknas det avsnitt?

    Klicka här för att uppdatera flödet manuellt.

  • For over 15 years, Okta has led the charge in securing digital identities through more sophisticated sign-in solutions. Our latest 2024 Secure Sign-In Trends Report offers insights into the rapidly evolving world of identity security, specifically on how organizations across industries are embracing modern, phishing-resistant methods like Multi-Factor Authentication (MFA) and passwordless sign-ins.

    In this year's report, we explore: - The surge in MFA adoption across industries, and what it means for the future of secure authentication. - Phishing-resistant authentication methods gaining traction, signaling that the passwordless future is possible. - Why a seamless user experience and strong security are no longer in opposition. - How industries compare in their adoption of modern authentication, and who's setting the pace.

    Segment Resources: Secure Sign-In Trends Full Report: https://www.okta.com/resources/whitepaper-the-secure-sign-in-trends-report/

    Todd McKinnon Blog on the Secure Sign-In Trends Report: https://www.okta.com/blog/2024/10/phishing-resistant-mfa-shows-great-momentum/

    This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

    In the leadership and communications segment, How Good Leaders Become Great By Never Leading Alone, How Leaders Can Prepare Their Teams For 2025, Nervous About Public Speaking? Here’s How to Use Notes Like a Pro, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-375

  • This week, it's time for Security Money. Of course Okta should be in the Security Weekly 25 Index, Duh!

    Here are all the companies that now comprise the index:

    SCWX Secureworks Corp PANW Palo Alto Networks Inc CHKP Check Point Software Technologies Ltd. RBRK Rubrik Inc GEN Gen Digital Inc FTNT Fortinet Inc AKAM Akamai Technologies, Inc. FFIV F5 Inc ZS Zscaler Inc OSPN Onespan Inc LDOS Leidos Holdings Inc QLYS Qualys Inc VRNT Verint Systems Inc. CYBR Cyberark Software Ltd TENB Tenable Holdings Inc OKTA Okta Inc S SentinelOne Inc NET Cloudflare Inc CRWD Crowdstrike Holdings Inc NTCT NetScout Systems, Inc. VRNS Varonis Systems Inc RPD Rapid7 Inc FSLY Fastly Inc RDWR Radware Ltd ATEN A10 Networks Inc

    In the leadership and communications segment, Should the CISO Role Be Split?, CISO's tips for building a culture of cybersecurity, Personal Leadership and Cyber Risk — Top 3 Traits that Deliver Enterprise Level Results, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-374

  • Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This segment was originally published on Jan 24, 2023.

    Richard Seiersen and our guest, Doug Hubbard, are finishing the second edition of How to Measure Anything in Cybersecurity Risk. Doug is here to share the success of the first edition and preview the second edition. With more insights, the second edition will share more more research data, free tools, and new concepts like FrankenSME. If you're a risk management professional or want to learn more about risk management, don't miss this interview.

    Show Notes: https://securityweekly.com/vault-bsw-14

  • The Sarbanes-Oxley (SOX) Act was a watershed moment in corporate governance, fundamentally altering how companies approached financial reporting and internal operational controls. By holding executives personally accountable for the accuracy of financial reports, SOX restored investor confidence in the wake of corporate malfeasance. The SEC's new cybersecurity rule represents a similar pursuit to restore investor confidence — this time for the digital age, centered on integrating cybersecurity into overall risk management.

    Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss the similarities between SOX and SEC's Cyber Rule. The SEC's cybersecurity rule introduced several vital requirements that build on the principles established by SOX, including:

    Companies must report material cybersecurity incidents on Form 8-K, ensuring timely and transparent disclosure to investors. Companies must provide regular updates on their cybersecurity risk management policies, the role of management in implementing these policies and the board's oversight of cybersecurity risks. The rule encourages companies to disclose the cybersecurity expertise of their board members, highlighting the importance of informed oversight in managing cyber risks. The rule requires cybersecurity disclosures to be presented in Inline Extensible Business Reporting Language, or Inline XBRL, ensuring consistency and comparability across filings.

    This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

    In the leadership and communications segment, Insurance Firm Introduces Liability Coverage for CISOs, How to Navigate a Leadership Transition, Has the Cybersecurity Workforce Peaked? and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-373

  • Stress in cybersecurity is an industrywide problem. The CISO role is one of the most stressful in any organization. And the stress levels are at an all time high, leading to a mental health crisis. How should CISOs cope with this stress and improve their mental health?

    Ram Movva, CEO & Founder at Securin, joins Business Security Weekly to discuss the CISO challenges leading to this increased stress and how to cope. Ram will discuss how networking, peer groups, and trusted partners can help CISOs deal with stress and improve their overall mental health.

    In the leadership and communications segment, Managing Cybersecurity Stress: A Deep Dive into the 93% CISO Burnout Rate, How to Win at Cyber by Influencing People, Boost Your Team’s Productivity by Hiring Force Multiplier, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-372

  • Merger and acquisition (M&A) activity in finally starting to pick up. Although the allure of financial gains and market expansion drives these deals, the digital age demands a rigorous assessment of cybersecurity risks accompanying such mergers. Unanticipated cyber issues, like dormant malware or inconsistent access controls, can transform an ideal transaction into a costly headache for the acquiring company post-merger.

    So how do you assess the potential cyber risks of the transaction? Craig Davies, Chief Information Security Officer at Gathid, joins Business Security Weekly to review the five crucial cyber questions to ask before finalizing any deal. If you're in a merger or acquisition, or plan to merge or acquire another company, don't miss this episode.

    In the leadership and communications segment, How to Find the Right CISO, New Security Leadership Style Needed for Stressed Workers, Combatting Human Error: How To Safeguard Your Business Against Costly Data Breaches, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-371

  • In the leadership and communications segment, The CISO Mindset: A Strategic Guide for Aspiring CEOs and The Board Members, The Top Strategy to Earn More Respect at Work: A Leadership Expert’s Proven Method, The Problem with Mandating Office Presence Without Purpose, and more!

    Identity continues to be one of the most used attack vectors by cybercriminals. From phishing to credential stuffing to password spraying – threat actors are finding new ways to infiltrate systems and cause costly problems to companies. David Bradbury, Chief Security Officer at Okta, joins Security Weekly's Mandy Logan to discuss today's threat landscape, what he’s seeing across Okta and our customers and what security leaders need to know about identity threats to stay one step ahead of threat actors today.

    Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/

    Though 75% of cybersecurity professionals say the threat landscape today is the most challenging they’ve seen in the last five years, cutbacks on the cybersecurity workforce and widening skills gaps are creating challenges for the industry. It is becoming harder to find people with the right skills to meet growing and evolving needs. Erin Baudo Felter, Vice President, Social Impact & Sustainability at Okta, joins Security Weekly's Mandy Logan to discuss the widening cybersecurity skills gap and the initiatives Okta has in place to help companies develop, recruit and retain talent within the cybersecurity workforce.

    Segment Resources: https://www.okta.com/oktane/

    This segment is sponsored by Oktane, to view all of the CyberRisk TV coverage from Oktane visit https://securityweekly.com/oktane.

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-370

  • Getting C-Suite execs aligned on cyber resilience and cybersecurity can be a challenge. LevelBlue's recent Futures™️ report sought to uncover the barriers that prevent companies from achieving cyber resilience in the enterprise today. The report not only surveyed C-Suite execs (CIOs, CTOs, and CISOs), but non-C-Suite leaders from engineering and architecture roles as well.

    Segment Resources:

    LevelBlue Finds CISOs Challenged Most by Cybersecurity Tradeoffs, AI Implementation Pressures, and Reactive Budgets Compared to C-Suite Peers - Report Summary and Press Release Executive Accelerator: C-Suite Cyber Resilience Responsibilities Report

    This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

    In the leadership and communications section, Joe Sullivan: CEOs must be held accountable for security too, More tech chiefs have success measured by profitability, cost management, Is Your Career Heading in the Right Direction?, and more.

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-369

  • In today’s uncertain macroeconomic environment, security and risk leaders need practical guidance on managing existing spending and new budgetary requests. Jeff Pollard, Vice-President, Principal Analyst on the Security and Risk Team at Forrester Research, joins Business Security Weekly to review Forrester's Budget Planning Guide 2025: Security And Risk. This data-driven report provides spending benchmarks, insights, and recommendations that will keep you on budget while still mitigating the most critical risks facing your organization. Jeff will cover which areas to invest, divest, and experiment, but you'll have to listen to get the details.

    In the leadership and communications segment, The CEO’s Role in Setting Tone at the Top, CISOs, C-suite remain at odds over corporate cyber resilience, Warren Buffett's Secret To Success? Run It 'Like A Small Family Business,' Says One Of His CEOs, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-368

  • Does the CISO need to act like a politician? Negotiating budgets, communicating risks, and selling your strategy across the organization does sound a little like a politician. And if that's the case, are you hiring the right campaign staff?

    Kush Sharma, former CISO for CPR, City of Toronto, and Saputo, joins Business Security Weekly to discuss why you should run your security program like an election campaign. Kush will discuss the other positions you need to hire, not just the technical positions, to help you budget, communicate, and sell your strategy. A politician can't do it all by themself, so why should a CISO?

    In the leadership and communications segment, PwC Urges Boards to Give CISOs a Seat at the Table, CISO Salary Surge: Fewer Job Changes, Bigger Paychecks for Experienced Cybersecurity Leaders, Fostering a cybersecurity-first culture: Key leadership insights for building resilient businesses, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-367

  • The zero-trust security model has been billed as an ultra-safe defense against emerging, unrecognized and well-known threats. Unlike perimeter security, it doesn't assume people inside an organization are automatically safe. Instead, it requires every user and device -- inside and out -- to be authorized before any access is granted. Sounds enticing, but deployments require major architectural, hardware, and software changes to be successful.

    Rob Allen, Chief Performance Officer at ThreatLocker, joins Business Security Weekly to discuss how their Zero Trust Endpoint Protection Platform can start to help you attain Zero Trust from your endpoints by:

    Blocking Untrusted Software, Ringfencing™ Applications, and Dynamically Controlling Network Traffic

    This segment is sponsored by ThreatLocker. Visit https://securityweekly.com/threatlocker to learn more about them!

    In the leadership and communications segment, Underfunding And Leadership Gaps Weaken Cybersecurity Defenses, A Self-Care Checklist for Leaders, Senate bill eyes minimum cybersecurity standards for health care industry, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-366

  • In the leadership and communications segment, CISA Releases Cyber Defense Alignment Plan for Federal Agencies, UnitedHealth Group CISO: We had to ‘start over’ after Change Healthcare attack, 20 Essential Strategies for Leadership Development Success, and more!

    AI is bringing productivity gains like we’ve never seen before -- with users, security teams and developers already reaping the benefits. However, AI is also bolstering existing threats to application security and user identity -- even enabling new, personalized attacks to emerge.

    Shiven Ramji, President of Customer Identity at Okta, joins Business Security Weekly to discuss how AI is changing app authentication and authorization for developers and security teams. With traditional and AI-powered applications facing more complex security challenges, companies need to explore new ways to protect their end users while also creating seamless customer experiences – and that starts with Identity.

    Segment Resources: https://developerday.com/ https://www.okta.com/customer-identity/

    This segment is sponsored by Okta. Visit https://www.securityweekly.com/okta to learn more about them!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-365

  • Cybersecurity is complex. We have threats, vulnerabilities, incidents, controls, risks, etc. But how do they all connect together to drive a cyber risk program? As an industry, we've struggled for 20+ years trying to boil this ocean. Maybe we've been going about it the wrong way.

    Padraic O'Reilly, Founder and Chief Innovation Officer at CyberSaint, joins Business Security Weekly to discuss how AI can help us solve the cybersecurity data problem. Starting with simple mappings from risks to controls, CyberSaint is flipping the cyber risk management problem on it's head. Instead of working from the bottom up, CyberSaint is tackling the problem from the top down. Padraic will discuss how CyberSaint is using AI, practical AI, to address the complexities of cybersecurity data, including:

    the use of Watsonx to generate their new KnightVision report how to use graphical node networks to model cybersecurity data the future of AI models to prioritize recommendations from all the data

    This segment is sponsored by CyberSaint . Visit https://securityweekly.com/cybersaint to learn more about them!

    In the leadership and communications segment, Why Companies Should Consolidate Tech Roles in the C-Suite, End of an era: Security budget growth slows down, Global cybersecurity workforce growth flatlines, stalling at 5.5M pros, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-364

  • Cybersecurity resilience, different from cyber resilience, is critical as threats grow in frequency and complexity. With digital innovation driving business, cybersecurity resilience is essential for maintaining stakeholder trust and compliance. But where do you start?

    Theresa Lanowitz, Chief Evangelist at LevelBlue, joins Business Security Weekly to discuss how to align cybersecurity and the business, including the need to:

    fundamentally shift you mindset and approach to acheiving operational excellence in cybersecurity prioritize IT and building security into everything you do prioritize proactive investment over funding emergencies leverage external expertise for success

    This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

    In the leadership and communications segment, Blind Spots in the C-Suite & Boardroom, Evolving Cybersecurity: Aligning Strategy with Business Growth, How to Lead Like a Coach, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-363

  • Check out this episode from the BSW Vault, hand picked by main host Matt Alderman! This episode was initially published on November 29, 2022.

    Todd Fitzgerald, author of CISO Compass and host of CISO Stories, joins BSW to share his top leadership lessons from the first 100 episodes of CISO Stories. Todd interviews CISOs and gains insights into their challenges and how they are solving them. Don't miss this recap!

    View CISO Stories podcast episodes here: https://www.scmagazine.com/podcast-show/the-ciso-stories-podcast

    Show Notes: https://securityweekly.com/vault-bsw-13

  • How are personal liability and indemnification impacting the CISO role? Darren Shou, Chief Strategy Officer from RSA Conference, describes the current landscape of CISO liability and the challenges facing CISOs today. He discusses the implications of the SEC's recent actions, including the charges against SolarWinds' CISO, and the growing trend of personal liability for security leaders. Darren will also highlight comparisons between the roles of CISOs and CFOs, highlighting what security professionals can learn from their financial counterparts in handling risks and responsibilities. Finally, he explores how to build an effective coalition, both internally with company executives and externally with peers. In this ever changing risk landscape, it takes a village, and Darren shares his vision for how to build that village.

    This week we talk a lot about the CISO's relationship with the business and the challenges of being aligned and keeping up. We also talk about budget priorities, the challenge of doing security in small businesses, and the ever-present challenge of burnout. Finally, we discuss what servant leadership actually means.

    On this last topic, Ben makes a book recommendation, which you can find here: https://www.amazon.com/Seat-Table-Leadership-Age-Agility/dp/1942788118

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-362

  • What are the barriers to cyber resilience today? Why is it so difficult? And what is coming next, that will generate resilience challenges further down the line?

    After five years of focusing on the short- and medium-term future of cybersecurity and edge, this year, LevelBlue wanted to understand what is preventing cyber resilience—and what business leaders are doing about it. Theresa Lanowitz, Chief Evangelist at LevelBlue, joins us to discuss the results of their research.

    Segment Resources: LevelBlue.com/futuresreport

    This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelblue to learn more about them!

    While CISOs are often responsible for technology implementation, they are not getting the support they need at a strategic level. The Accelerator found that 73% of CISOs expressed concern over cybersecurity becoming unwieldy, requiring risk-laden tradeoffs, compared to only 58% of both CIOs and CTOs.

    Understanding the C-suite’s business priorities is critical for shaping effective cybersecurity strategies. Identifying how these essential roles look at the business helps to ensure alignment among CIOs, CTOs, and CISOs, as well as the teams that report into them. It’s a key first step towards bolstering cyber defenses, especially with the CEO and Board support.

    This segment is sponsored by LevelBlue. Visit https://securityweekly.com/levelbluebh to learn more about cyber resilience and how to start the conversation in your organization!

    Employees spend up to 80% of their working hours in a web browser, and threat actors are increasingly leveraging browsers to target users and initiate attacks. Disrupting the tool employees use for 80% of their job would have massive impact on productivity. Rather than ripping and replacing, enterprises can turn any browser into a secure enterprise browser.

    Segment Resources: Menlo homepage: https://resources.menlosecurity.com/videos/browser-security

    Menlo research on three new nation state campaigns: https://www.menlosecurity.com/press-releases/menlo-security-exposes-three-new-nation-state-campaigns

    Every browser should be a secure enterprise browser: https://www.menlosecurity.com/blog/every-browser-should-be-a-secure-enterprise-browser

    Defending against zero-hour phishing attacks: https://www.menlosecurity.com/blog/state-of-browser-security-defending-browsers-against-ever-evolving-zero-hour-phishing-attacks

    This segment is sponsored by Menlo Security. Visit https://securityweekly.com/menlobh or schedule a demo to learn more about the role of browser security in eliminating the risk of highly evasive threats!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-361

  • This week, it’s time for security money, our quarterly review of the money of security, including public companies, IPOs, funding rounds and acquisitions from the previous quarter. This quarter, Crowdstrike crashes the index, as Thoma Bravo acquires another index company. The index is currently made up of the following 25 pure play cybersecurity public companies:

    Secureworks Corp Palo Alto Networks Inc Check Point Software Technologies Ltd. Rubrik Inc Gen Digital Inc Fortinet Inc Akamai Technologies, Inc. F5 Inc Zscaler Inc Onespan Inc Leidos Holdings Inc Qualys Inc Verint Systems Inc. Cyberark Software Ltd Tenable Holdings Inc Darktrace PLC SentinelOne Inc Cloudflare Inc Crowdstrike Holdings Inc NetScout Systems, Inc. Varonis Systems Inc Rapid7 Inc Fastly Inc Radware Ltd

    A10 Networks Inc

    In the leadership and communications segment, The Cybersecurity Leadership Crisis Dooming America’s Companies, Judge Rejects SEC’s Aggressive Approach to Cybersecurity Enforcement, Is It Time to Pivot Your Strategy?, and more!

    Visit https://www.securityweekly.com/bsw for all the latest episodes!

    Show Notes: https://securityweekly.com/bsw-360