Business Security WeeklySubscribe
Vulnerability Management, Asset Management, Security Staff Acquisition & Development

BSW #254 – Jody Brazil

Full Audio

View Show Index

Segments

1. Security Hygiene, Doing All the Little Things Right (All the Time) – Jody Brazil – BSW #254

It doesn't matter how much security technology you have, how much you spend on security: security outcomes are achieved by doing all the little things right. You can spend $10M on network security technology from any vendor, but you will fail to effectively secure your enterprise if you don't properly manage the policy enforced by those firewalls.

That sounds really simple, but simple doesn't scale. If you only have a few firewalls with policies consisting of tens of rules, it may be simple. But imagine an enterprise that has 2,000 firewalls, each firewall has a policy with an average of 500 rules, each rule has an average of 15 objects, each source and destination object represent an average of 50 IP addresses. This enterprise is managing, 2,000 firewalls, 1 million rules, 125 million connections, representing over 300 billion access paths. And just 1 wrong rule could expose the network to compromise.

This segment is sponsored by FireMon. Visit https://securityweekly.com/firemon to learn more about them!

Sponsored By

FireMon

Announcements

  • We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!

Guest

CEO at FireMon

Jody is a seasoned entrepreneur with more than two decades of executive management experience and deep domain expertise in network security, including network security management and product development. Jody was previously the CTO at FishNet Security and CEO at Firemon and DisruptOps.

Hosts

Chief Product Officer at CyberSaint
Chief Operating Officer at Envision Technologies
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. In Name Only, “Reasonable” Cybersecurity, & Value in Veterans – BSW #254

In the Leadership and Communications section: CISOs are still chiefs in name only, Defining “Reasonable” Cybersecurity: Lessons from the States, Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage, and more!

Announcements

  • Don't forget to check out our library of on-demand webcasts & technical trainings at securityweekly.com/ondemand.

  • Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!

Hosts

Chief Product Officer at CyberSaint
  1. 1. CISOs are still chiefs in name only
    If you’re not in the meeting where decisions are made, then you’re not part of the C-Suite—whatever your title may be.
  2. 2. 10 Signs of a Poor Security Leader
    Weak leadership can demotivate and demoralize the security workforce. Here's what to look out for: 1. Inability to think strategically 2. Running from crisis to crisis 3. Hesitance to put anything in writing 4. Words and actions don't align 5. Poor communication skills 6. Suppressing talent 7. Self-centered 8. Does not make tough decisions 9. Does not answer tough questions 10. Takes cover (and credit)
  3. 3. Defining “Reasonable” Cybersecurity: Lessons from the States
    Understanding the state of cybersecurity in private companies is essential to forming a legal standard of reasonable cybersecurity at the state and local level.
  4. 4. The Importance of Tabletop Cybersecurity Exercises
    Continuous practice makes perfect; the same is true for cybersecurity. Ultimately, tabletop exercises will reduce the risk of damage from a cybersecurity attack, which gives businesses greater peace of mind and confidence that their experts can execute a recovery plan efficiently. These exercises bring teams together, increasing their effectiveness and enhancing cooperation and communication between key people across departments beyond just IT. Employees will also develop a clear understanding of their responsibilities, hone their decision-making skills and learn how to support the incident management processes.
  5. 5. SEC proposes new rules for public companies to report breaches in four days?
    The Securities and Exchange Commission this week proposed new rules that would require public companies to report a cybersecurity incident within four business days after the organization determines that it has experienced a "material cybersecurity incident."
  6. 6. Security Leaders Find Value in Veterans to Solve Cyber Skills Shortage
    CISOs struggling to fill their vacancies should take a closer look at the opportunities afforded by military veterans.
  7. 7. To Win Over an Audience, Focus on Building Trust
    When we craft a presentation, we sometimes spend more time on how to deliver the message than on the strategy and vision that will make the message more effective. We make a monumental mistake when we skip strategy and head straight for delivery. Instead, presenters should focus on building trust. The authors identified five competencies a leader can utilize to gain buy-in and build trust in the context of a presentation: clarity, compassion, competency, connection, consistency.
Chief Operating Officer at Envision Technologies
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

You can skip this ad in 5 seconds