BSW #253 – Michael McPherson
Full Audio
View Show IndexSegments
1. Solving the Security Paradox – Michael McPherson – BSW #253
Something is seriously wrong with our current approach to cybersecurity––the more we spend, the worse the situation becomes. In an industry plagued by a chronic talent shortage, one thing is clear: simply throwing another tool in the mix isn’t the path to better security. If we’re going to solve the security paradox, we’re going to need a cross-functional, in-depth analysis of the problem and a structured approach to fixing it. Michael McPherson joins Business Security Weekly to share tactical questions that security leaders can ask themselves and their teams in order to build a better overall approach to defense. This segment is sponsored by ExtraHop Networks. Visit https://securityweekly.com/extrahop to learn more about them!
Sponsored By
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Guest
Michael McPherson leads managed threat detection and IR services marketing at ExtraHop. He has over 20 years in cloud, security and network product marketing on both the product and services delivery sides. Michael is passionate about developing and growing solutions that solve real problems and impact the lives of users.
Hosts
2. 7 Questions, 7 Mistakes, and a CISO Checklist – BSW #253
In the Leadership and Communications section, 7 Pressing Cybersecurity Questions Boards Need to Ask, 7 mistakes CISOs make when presenting to the board (Let's see if those align), CISO Checklist for Offboarding Security Staff, and more!
Announcements
Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Hosts
- 1. 7 Pressing Cybersecurity Questions Boards Need to AskBoards have a unique role in helping their organizations manage cybersecurity threats. They do not have day to day management responsibility, but they do have oversight and fiduciary responsibility. Don’t leave any questions about critical vulnerabilities for tomorrow. Asking the smart questions at your next board meeting might just prevent a breach from becoming a total disaster. In this article we offer 7 questions to ask to make sure your board understands how cybersecurity is being managed by your organization. Simply asking these questions will also raise awareness of the importance of cybersecurity, and the need to prioritize action.
- 2. 7 mistakes CISOs make when presenting to the boardTalking to the board about cybersecurity in a way that is productive can be a significant challenge, and failing to do so effectively can result in confusion, disillusionment, and a lack of cohesion among directors, the security function, and the rest of the organization. Here are some common mistakes that CISOs make when speaking to the board: 1. Using over-technical security language 2. Focusing on the wrong threat impacts 3. Relying on out-of-box cyber risk reporting 4. Failing to prepare for potential questions 5. Oversharing and security scaremongering 6. Presenting cybersecurity as a cost center 7. Not investing in relationships outside the boardroom
- 3. Time to Deal with Cyber Security Strategically, and from the Top DownThis is no longer just about tech — if it ever was. This is about protecting the business against cyber-attacks which have now become a matter of “when, not if”. This is no longer something you can push down in the organisation. If the board does not see the need — or does not feel qualified — to step in, nothing will never change for good around cyber security because it has simply become too complex and too transversal in large organisations. Bottom-up approaches will continue to pour cash down the drain and CISOs will continue to leave every other year out of frustration. And breaches will continue to happen.
- 4. How to Create a Cybersecurity Disaster Recovery Plan – ReadWriteYour recovery plan will detail the steps your organization needs to take to stop losses, end the threat, and move on without jeopardizing the future of the business. These are some of the biggest goals you’ll need to achieve with any plan you develop. 1. Business continuity. 2. Data protection. 3. Loss minimization. 4. Communication. 5. Restoration. 6. Improvements.
- 5. CISO Checklist for Offboarding Security StaffThis article assumes that you have already taken the routine measures. If you haven't, fix the basics first. We'll focus only on the extra steps necessary to offboarding security staff, based on the advice of many CISOs and other security professionals. 1. Time the Parting Well 2. Prepare for the Great Boomerang 3. Enlist Help from Your Security Team 4. Do the Insider Threat Checks 5. Do a Last-Day Audit 6. Check the Silos 7. Notify Other Affected Parties 8. Kill the BYOD Network Permissions and Wipe Devices 9. Disable/Deny Physical Access Permissions 10. Transfer Data Ownership 11. Check All Codes 12. Shut the Backdoor 13. Secure Security Systems 14. Find and Save Configurations 15. Check Incident and Log Data 16. Look Again
- 6. Importance of soft skills in TechnologyLet’s look at some examples that illustrate the value of soft skills: 1. Career growth and promotion 2. Adapting to the modern workplace 3. Improves customer service
