Business Security WeeklySubscribe
Email security, Cloud Security, Leadership, Incident Response, Threat Management, Privacy, Compliance Management, Security Staff Acquisition & Development

Culture of Innovation – BSW #212

Full Audio

View Show Index

Segments

1. Accelerating Security with Security Automation – John McClure – BSW #212

Are you struggling with Alert Overload, Manual Processes, Multiple/Disparate Tools, Talent Shortage, and/or Budget Constraints? Of course you are! John McClure, Chief Information Security Officer from Laureate Education, joins us to discuss how he solved these challenges by implementing SOAR and accelerating security.

Announcements

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Guest

CISO at Laureate Education, Inc.

John McClure is the Chief Information Security Officer for Laureate Education, Inc. He is a proud military veteran (Army Aviation.) He separated from the military to enter in the technology field. John has worked for more than 20-years in the critical infrastructure and information security arena, and supported the federal government and Intelligence Community for over 20 years before transitioning to the commercial sector.

Hosts

Chief Product Officer at CyberSaint
Chief Operating Officer at Envision Technologies
Principal Security Researcher at Eclypsium

2. Risk Management Approach, Automation, & the Problem With Cyber Insurance – BSW #212

In the Leadership and Communications section, Developing a Risk Management Approach to Cybersecurity, How Automation Can Protect Against Data Breaches, The Problem with Cyber Insurance: Outdated Incentives, and more!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Hosts

Chief Product Officer at CyberSaint
  1. 1. What is a CISO? Responsibilities and requirements for this vital role
    CISO responsibilities break down into the following categories: 1. Security operations 2. Cyberrisk and cyber intelligence 3. Data loss and fraud prevention 4. Security architecture 5. Identity and access management 6. Program management 7. Investigations and forensics 8. Governance
  2. 2. Developing a Risk Management Approach to Cybersecurity – Security Boulevard
    CISOs have an opportunity to reorient their cybersecurity programs away from a focus on compliance, toward a focus on risk. Here's how: Start With Objectives and Risks - Yes, compliance will always be one of those objectives, but consider some of the other objectives the organization has: 1. Financial 2. Growth 3. Personnel Tie Together Risk, Security, and IT Governance - The capabilities that are important for IT governance today are more along the lines of: 1. Data security and data mapping 2. Your ability to monitor network activity 3. Provisioning and de-provisioning user access 4. Security assessments for vendors This approach leads to Better Reporting to the Board.
  3. 3. How Automation Can Protect Against Data Breaches
    Automating security allows vital data, such as the location of suspicious login attempts, to be tracked without the need for a costly and time-consuming campaign.
  4. 4. The Guide to Presenting Information Security’s Business Value – Security Boulevard
    With the ever-changing landscape of cyber risk, how can security teams demonstrate the business value of security programs? How can CISO’s underline the importance of correct procedures that need to be followed company-wide? 1. Benefits of Cybersecurity Investments Must be Framed Around Enterprise Goals 2. Define and determine risk posture 3. Drive home the value proposition added and control the narrative
  5. 5. The Problem with Cyber Insurance: Outdated Incentives
    Instead of solving your cybersecurity problems, cyber insurance companies capitalize on your amortized cost given the probability of a breach. It’s economically viable because data breaches have been relatively cheap. Here's the limitations of cyber insurance: 1. Cyber Insurance Won’t Save your Reputation 2. Cyber Insurance Won’t Save your Data 3. Cyber Insurance may not be a Sustainable Industry
  6. 6. Research: A Little Recognition Can Provide a Big Morale Boost
    As organizations large and small face the twin challenges of increasingly strained budgets and burned out workforces, what can managers do to keep employees engaged — without breaking the bank? In this piece, the authors share new research on the power of symbolic awards such as thank you notes, public recognition, and certificates. They find that these simple interventions can significantly improve employee motivation, but clarify that to maximize their effect, it’s essential to customize these rewards to your unique context. Specifically, the authors draw on prior research to highlight five key considerations for managers looking to implement symbolic awards: the most impactful messenger, the best timing, whether to make it private or public, attention to detail, and the importance of starting small. While these interventions are no substitute for fair monetary compensation, especially when cash is limited, symbolic awards can go a long way to demonstrate your appreciation for your employees and keep spirits high.
Chief Operating Officer at Envision Technologies
Principal Security Researcher at Eclypsium

Related

You can skip this ad in 5 seconds