Business Security WeeklySubscribe
Leadership, Security Staff Acquisition & Development

BSW #297 – Dr. Kiri Addison

Full Audio

View Show Index

Segments

1. AI In Email Security – A Tale of Two Sides​ – Dr. Kiri Addison – BSW #297

Natural language processing AI will be at the forefront in 2023, as it will enable organizations to better understand their customers and employees by analyzing their emails and providing insights about their needs, preferences or even emotions. As AI voice cloning technology becomes more powerful and readily available, we will see an increase in impersonation attacks that utilize audio deepfakes. Join Dr. Kiri Addison, Threat Detection and Efficacy Product Manager, Mimecast to discuss how you can prepare and protect your organization from these types of business email compromises with the right cybersecurity products that can effectively protect them against attacks like these. ​ This segment is sponsored by Mimecast. Visit https://securityweekly.com/mimecast to learn more about them!

Sponsored By

Mimecast

Announcements

  • Security Weekly listeners save $100 on their RSA Conference 2023 Full Conference Pass! RSA Conference will take place April 24-27 in San Francisco and on demand. To register using our discount code, please visit https://securityweekly.com/rsac2023 and use the code 53UCYBER! We hope to see you there!

Guest

Threat Detection and Efficacy Product Manager at Mimecast

Dr. Kiri Addison is a Threat Detection and Efficacy Product Manager at cybersecurity specialist company, Mimecast. She works closely with engineers, threat researchers and data scientists on Mimecast’s security products to adapt them to defend against new and evolving threats.
Previously, she was Head of Data Science for Threat Intelligence and one of her current areas of focus in her role as a product manager was to develop innovative products that utilize AI/ML. Kiri also worked in the public sector where she was responsible for creating systems to detect and prevent cyber-attacks and fraud. Her academic background includes a PhD in Physical Chemistry, a Master’s degree in Physics & Astrophysics and an MBA.

Hosts

Principal Researcher at The Defenders Initiative
Chief Operating Officer at Envision Technologies
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

2. Common Leadership Disconnects and Leading Security through Hard Times – BSW #297

In this week's leadership and communications segment, we discuss overemphasizing metrics, delegation drawbacks, security culture starts at the top, and succeeding in security with economic insecurity.

Announcements

  • We’d like to invite our listeners to be part of our 2023 SC Awards!

    Our prestigious and competitive SC Awards program recognizes outstanding innovations, organizations, and leaders that are advancing the practice of information security. This year, there are awards in 36 categories up for grabs, including best IT security-related training program, innovator of the year, best SASE solution, and more. We’d love to see your company in the spotlight!

    Visit securityweekly.com/scawards to submit your entries by March 20!

Hosts

Principal Researcher at The Defenders Initiative
  1. 1. You can’t lead a team with a spreadsheet.

    "Managers love their metrics." KPIs are nice, because tracking a few key metrics is easier than trying to track everything. Leads to a common failure cycle: 1. set a few key metrics 2. problem occurs that isn't captured by these metrics 3. add new metric to track 4. GOTO 2

    Two foundational problems that metrics can't solve: 1. Humans optimize rewards (metrics can and will be manipulated) 2. The map is not the terrain (many important business factors aren't quantitative)

    Bottom line: you CAN lead a team with a spreadsheet, but that's effectively outsourcing the hard job of leadership, which can't be measured with a spreadsheet.

  2. 2. The Delegation Traps

    Three traps to watch out for, when delegating more than usual: 1. The "one more task wouldn't hurt" trap: overworking your delegates 2. The "out of touch" trap: losing perspective after delegating for too long 3. The respect trap: keeping all the "good" tasks for yourself breeds resentment

  3. 3. How to Solve the People Problem in Cybersecurity

    Where the "people problem" refers to the difficulty of getting employees to take security seriously if it clearly isn't a priority at the top of the organization.

    Three keys to solving the people problem: 1. Understand the business value of cybersecurity 2. Create a culture of cybersecurity 3. Allocate the resources

  4. 4. Economic pressures are increasing cybersecurity risks; a recession would amp them up more

    A tale of three articles on leading security in a recession - which one gets it right? All of them? None of them?

    Article 1 says: 1. Economic downturns historically see increasing attacks 2. Layoffs heighten security risks 3. Attacks already at a high 4. Prioritize based on current risk

  5. 5. The role of security in times of economic uncertainty

    Security in a recession, article 2 of 3 1. Align security to business goals 2. Practice business acumen as a CSO 3. Maximize security strategies and technology 4. Work with security partners 5. Bolster insider risk programs

  6. 6. With a recession looming, security leaders should plan for the impact

    Security in a recession, article 3 of 3 1. Focus on a robust risk management program 2. Prioritize third-party risk 3. Know and prioritize attack surfaces 4. Maximize existing investments 5. Security awareness is still essential

Chief Operating Officer at Envision Technologies
Director of Offensive Security & Research at Trimarc Security, Founder & CEO at Dark Element

Related

You can skip this ad in 5 seconds