BSW #299 – Melissa Bischoping
Full Audio
View Show IndexSegments
1. You DO Security, You Do Not HAVE Security – Melissa Bischoping – BSW #299
We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase. This includes: Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).
This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!
Sponsored By
Announcements
Security Weekly listeners: Identiverse 2023 is heading to Vegas! Join the digital identity community at the ARIA Resort & Casino in Las Vegas, May 30th to June 2nd. Identiverse is a must-attend annual event that brings together over 2,500 security professionals for 4 days of world-class learning, engagement, and entertainment.
As a community member, you’re able to receive 20% off your Identiverse 2023 tickets using code IDV23-SW20!
Register today: securityweekly.com/identiverse2023
Guest
Melissa Bischoping is a passionate security evangelist whose academic & professional background in human psychology and technology align to educate, advocate, and remediate the difficult security problems faced by businesses and individuals. She currently works as an Endpoint Security Researcher at Tanium where she analyzes emerging threats, zero-days, and CVEs to provide subject matter expertise for internal and external customers. Prior to Tanium, she held positions in operations and security across the hospitality, casino gaming, and industrial/manufacturing industries. Outside of work, Melissa pursues a Master of Science in Information Security Engineering at SANS, where she also competes with the nationally ranked Capture-The-Flag team. She is an active member and supporter of multiple industry nonprofits to support other women in security. She holds six GIAC certifications including GCFE, GDSA, and GCIH.
Hosts
2. CISO, The Board, and Cybersecurity – Enough Said! – BSW #299
In the leadership and communications section, CISO, The Board, and Cybersecurity, How CISOs Can Work With the CFO to Get the Best Security Budget, Building Effective and Skilled Teams Through Networking, Connectivity, and Communication, and more!
Announcements
As a member of the Security Weekly community, we are pleased to offer you 20% off your InfoSec World 2023 tickets! Join a community of over 2,000 security professionals and innovators at InfoSec World on September 25th through 27th at Disney’s Coronado Springs Resort. Experience world-class learning and networking through enlightening keynotes, informative panel discussions, interactive breakout sessions, hands-on workshops, and more.
Register today at securityweekly.com/infosecworld2023 using code ISW23-SECWEEK20!
Hosts
- 1. CISO, The Board, and Cybersecurity
The cybersecurity industry has understood for more than ten years the need for clear communication with the board of directors. However, chief information security officers (CISO) often face a challenge as they do not have a platform designed to measure their return on investment (ROI). This can make it difficult to demonstrate their value to the business.
- 2. Credit ratings increasingly looking at cybersecurity
U.S. companies face a wide array of issues potentially impacting their ability to borrow money. In recent months, a banking crisis and high interest rates have stretched some companies thin, leading to layoffs and decreases in spending.
At the same time, credit rating agencies, which assess companies’ ability to pay back borrowed money, are increasingly factoring in cybersecurity as part of their credit assessment criteria as they try to get a handle on the risks companies face.
- 3. How CISOs Can Work With the CFO to Get the Best Security Budget
CFOs have heard from CISOs the doom-and-gloom predictions of the potential fiscal disaster of data breaches so often that it's no longer resonating with them.
The doomer scenario is not hypothetical — global compliance requirements and privacy regulations drive the cost of a breach even higher than just the technical costs. However, CFOs and other C-level executives have heard these warnings so often now that it's just background information that doesn't drive their decision-making.
Is there a more effective way to help the CFO understand why security needs to be far better funded? Yes: Present the CFO with a shared-risk scenario.
- 4. The emperor has no clothes: the current state of the CISO – RSA conference presentation prep.
CISOs have the title and nothing else. When you hear other titles like CEO, CMO, and CTO, you know that the people who hold those titles are on the senior executive team. When you hear CISO or CSO though, you might assume those people are part of the executive staff but that isn’t the case at all. There are exceptions, but in the best circumstances, those people are senior vice presidents in charge of cybersecurity, usually buried in the leadership bureaucracy one or more levels down. In other less than ideal circumstances, they don’t even have the CISO title and are managers or directors of security, but when they announce themselves at parties, they say something along the lines of like, “I don’t have the title but I’m essentially the CISO.”
- 5. What Is Leadership?
Leadership is the ability of an individual or a group of people to influence and guide followers or members of an organization, society or team. Leadership often is an attribute tied to a person's title, seniority or ranking in a hierarchy. However, it's an attribute anyone can have or attain, even those without leadership positions. It's a developable skill that can be improved over time.
- 6. Building Effective and Skilled Teams Through Networking, Connectivity, and Communication
In today’s rapidly evolving business landscape, building a skilled and high-performing team is crucial for success.
This article will discuss how to develop highly effective and skilled teams via networking, unique connectivity, and communication skills.
We will also explore examples, books, and additional resources that can help improve your networking and communication skills, leading to the formation of highly skilled teams.
