ESW #304 – Alla Valente, Heidi Shey, Joseph Blankenship
Full Audio
View Show IndexSegments
1. Q&A: Cyber Insurance – Alla Valente, Heidi Shey – ESW #304
Cyber insurance is a must-have, but organizations are finding that cyber insurance premiums are more costly, policies are more difficult to obtain, and policies attach more limitations and exclusions than before. We will discuss cyber insurance’s role in risk management and trends.
Segment Resources: https://www.forrester.com/report/q-and-a-cyber-insurance/RES178563?refsearch=31859901675109251447
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guests
Alla is a senior analyst at Forrester serving security and risk professionals. She covers governance, risk, and compliance (GRC), third-party risk management (TPRM), contract lifecycle management (CLM), and supply chain risk with a special focus on risk management frameworks. In this role, Alla helps Forrester clients establish strategy, adopt best practices, define a governance framework, and select technology to manage risk, improve business resilience, and strategic value-add. Her research also includes ethics and trust in digital transformation, enterprise risk management (ERM), and protecting the organization’s brand.
Heidi is a principal analyst at Forrester serving security and risk professionals. Her research primarily focuses on data security and privacy strategy, policies, and related technology controls. She guides clients in applying a Zero Trust, data-centric approach to securing data, advising them in areas like sensitive data discovery and classification, data loss prevention, secure communications, and more. Her research coverage also includes cyber insurance, customer-facing breach notification and response, consumer security, and small and medium-size business (SMB) security market trends.
Hosts
2. Understanding & Protecting Against Insider Risk – Joseph Blankenship – ESW #304
Insiders - employees, contractors, and partners - are responsible for almost a quarter of data breaches. Reducing insider risk requires a dedicated approach, including user monitoring. But be careful, Forrester predicts that a C-level executive will be fired for their firm’s use of employee monitoring in 2023.
Segment Resources: https://www.forrester.com/blogs/predictions-2023-security/?refsearch=30922621675290315432
https://www.forrester.com/blogs/apply-critical-thinking-and-culture-to-reduce-insider-risk/
https://www.forrester.com/blogs/practice-empathy-to-reduce-insider-risk/
https://www.forrester.com/blogs/pandemic-fallout-creates-perfect-conditions-for-insider-threat/
Announcements
We're always looking for great guests for all of the Security Weekly shows! Submit your suggestions by visiting https://securityweekly.com/guests and completing the form!
Guest
Joseph supports security and risk (S&R) professionals, helping clients develop security strategies and make informed decisions to protect against cyberattacks. As a research director for S&R, he leads the analyst team researching security leadership, the role of the CISO, infrastructure and operations, detection and response, and Forrester’s Zero Trust model of information security. His research focuses on insider threat prevention, security operations, and security management.
His 17 years of security experience include marketing leadership and product marketing roles at Solutionary, McAfee, Vigilar, and IBM (ISS), where he focused on managed security services, consulting services, email security, network security, and compliance. As a marketing leader, Joseph helped align client needs with marketing strategy, messaging, and go-to-market activities while educating users about security strategy. His background also includes extensive experience in the IT, telecommunications, and consulting industries with Nextel, IBM, Philips Electronics, and KPMG.
Hosts
3. New CEOs, SMB & Cyber Insurance Trends, Herman Miller Chairs, & SQL Slammer – ESW #304
In the Enterprise News: There's lots of executive shuffling going on! Saviynt gets a new CEO and $205M in funding, Forescout appoints its 4th CEO in as many years, and Mudge finds a place at Rapid 7. We've got some interesting trends, like more focus on securing small businesses, and more cybersecurity startups pairing technology with cyber insurance. It seems like only yesterday, we were shocked to hear that Microsoft was running a $10B security business, but Microsoft has apparently now grown security revenue to $20 BILLION DOLLARS.
Also, Tyler explains what Herman Miller chairs have to do with spotting market trends, we note the 20 year anniversary of SQL Slammer, and discuss why consumers don’t want smart appliances shoved down their throats!
Announcements
Don't miss any of your favorite Security Weekly content! Visit https://securityweekly.com/subscribe to subscribe to any of our podcast feeds and have all new episodes downloaded right to your phone! You can also join our mailing list, Discord server, and follow us on social media & our streaming platforms!
Hosts
- 1. FUNDING: Saviynt Raises $205M; Founder Rejoins as CEO, Appoints Seasoned President to Accelerate its Leadership in Identity Management
- 2. FUNDING: Investing in Cygnvs
$55M Series A, led by A16Z. They're coining a new term, the "Crisis Operating System". It basically sounds like they're collecting endpoint, network, and log data and sending it into a protected data-diode-like environment, so attackers can't delete evidence. They also appear to have a cozy relationship with cyber insurance providers.
- 3. FUNDING: Forward Networks Raises $50 Million in Series D Funding
- 4. FUNDING: French cybersecurity platform EGERIE bags €30M to help measure financial impact of cyber threats
- 5. FUNDING: Strata Identity Secures $26M for Its Identity Management Platform
- 6. FUNDING: Sentra Raises $30 Million Series A Financing to Meet Growing Demand for Data Security in the Cloud
- 7. FUNDING: Tenable Ventures – Investing in Cybersecurity Startups
$25M fund raised
- 8. FUNDING: Gem Security wants to secure your cloud infrastructure, raises $11M
- 9. FUNDING: Guardz emerges from stealth with $10M for SMB security and cyber insurance to protect against attack-as-a-service breaches
$10M in seed funding, led by Hanaco Ventures. "Guardz is a holistic cyber security and insurance solution designed for small businesses." Sounds like Guardz is another one of these cyberinsurance MGUs (managing general underwriter), as they're both providing the security product and the insurance coverage.
- 10. TRENDS: The Aeronpocalypse from gilad on Twitter
Is the price and quantity of used Herman Miller chairs on eBay an important financial/market indicator?
- 11. TRENDS: Microsoft security sales soar amid competitive critique of business model
$20 BILLION DOLLARS
Microsoft is a $20B security company.
- 12. TRENDS: Google Fi hack victim had Coinbase, 2FA app hijacked by hackers
There was a lot of discussion about how to handle password databases and MFA/token codes. I store my TOTP codes in my password database (1Password), and a lot of folks were nervous about having both passwords and second factors stored in the same place, preferring to use separate apps for both things. You might not be able to see it, but the impact on Authy in this scenario is giving me smug face.
- 13. TRENDS: Google’s open source team layoffs: Your software supply chain security is at risk – Malware News – Malware Analysis, News and Indicators
Are layoffs putting open source at risk?
- 14. TRENDS: U.S. Intelligence Wants to Use Psychology to Avert Cyberattacks
- 15. TRENDS: How well did Israel’s cybersecurity industry do in 2022?
Spoiler: not bad.
- 16. TRENDS: FBI says it ‘hacked the hackers’ to shut down major ransomware group
THE VOIP CALL IS COMING FROM INSIDE THE HOUSE
- 17. TRENDS: Appliance makers sad that 50% of customers won’t connect smart appliances
Good job, everyone, let's aim for 75% of customers ignoring IoT BS next year!
- 18. TRENDS: New “MITRE ATT&CK-like” framework outlines software supply chain attack TTPs
We're nearing half a dozen "MITRE ATT&CK-like" frameworks already. I predict this will not stop.
- 19. EXEC MOVES: Forescout appoints fourth CEO since 2020, with focus on profitability
- 20. EXEC MOVES: Twitter whistleblower Zatko lands new job at a security consulting firm
Mudge lands at Rapid 7, in a part-time role?
- 21. FOSS TOOLS: CycloneDX Generator
SBOM Generator!
- 22. NEW FEATURES: 5 tips to stay safer online with Chrome
You can now use biometric controls to unlock persistent incognito sessions.
- 23. ESSAYS: A deep look at investing in cybersecurity services for VCs: why, why not, and how to
- 24. ESSAYS: Artificial Intelligence and Cybersecurity: Are We There Yet?
- 25. ESSAYS: By reframing talent, we can meet the cybersecurity skills gap
- 26. POST MORTEMS: Three lessons for DevOps from the CircleCI breach
- 27. RESOURCES: Grand Repository Challenge accepted!
There are many mega lists on github. This one is GRC-focused.
- 28. REGS: What security pros need to know about the FTC’s proposed non-compete rule
Companies might not be able to enforce non-competes, but what about protecting data and preventing corporate espionage?
- 29. NOSTALGIA: Remembering SQL Slammer
- 30. SQUIRREL: This Billion-Dollar Startup Wants to Bring Back the Dodo
