Enhancing Enterprise Security UX: Embracing Zero-ish Trust – Ryan Fried, Juliet Okafor – ESW #324
Full Audio
View Show IndexSegments
1. How to fix the enterprise security user experience – Juliet Okafor – ESW #324
Today, we talk to Juliet about what's wrong with security programs today and what security leaders should be doing to fix them. We'll discuss how security programs can look rosy... until the incident hits, and the true posture of the organization is laid bare. How can CISOs still look good and maintain the org's trust under the worst of circumstances? In this interview, Jules will tell us how.
Announcements
Security Weekly listeners: InfoSec World 2023 is heading back to Orlando, Florida! Join the infosec community at Disney’s Coronado Springs Resort, September 23 – 28, 2023.
Experience world-class learning and networking through enlightening keynotes, informative panel discussions, interactive breakout sessions, hands-on workshops and summits, and more.
As a Security Weekly community member, you’re able to receive 20% off your InfoSec World 2023 tickets using code ISW23-SECWEEK20!
Register today at securityweekly.com/infosecworld2023 !
Guest
Juliet “Jules” Okafor is an attorney and the CEO/Founder of RevolutionCyber, a boutique security consultancy offering “Security Culture as-a-Service (SCaaS) to midsize and enterprise companies seeking to rapidly mature, scale and embed security across all levels of the enterprise. She is a passionate security solution visionary who builds teams to solve a company’s most complex security issues – from navigating the aftermath of a breach to reduction of risk associated with technology and vendors, she will build a roadmap to prioritize and remediate the biggest risks – using a combination of people, process improvements and emerging security technology.
Hosts
2. Zero-ish Trust – you’ll never get all the way there and that’s okay – Ryan Fried – ESW #324
Zero Trust is an imperfect concept and is often impractical to deploy comprehensively at scale, but that doesn't mean it can't do any good. In this interview, we talk with practitioner Ryan Fried about his experiences implementing Zero Trust in real life. We'll also discuss his new role at Mandiant, and why the glue that holds together people, process, and tools is so important.
Announcements
Join us at an upcoming Official Cyber Security Summit in a city near you! This series of one-day, invitation-only, executive level conferences are designed to educate senior cyber professionals on the latest threat landscape.
We are pleased to offer our listeners $100 off admission when you use code SecWeek23 to register.
Visit securityweekly.com/cybersecuritysummit to learn more and register today!
Guest
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
Hosts
3. Microsoft Storm, WormGPT, Century of the Linux Desktop, & IronNet’s Public Run – ESW #324
Finally, in the enterprise security news, Secure Code Warrior raises $50M to continue educating developers on best security practices, Jamf acquires dataJAR, IronNet’s public run ends soon, Microsoft puts pressure on other cybersecurity stocks, We discuss the Microsoft Storm breach, How to make engineers not hate you, Securely build features using AI APIs WormGPT, National Cybersecurity Strategy Implementation Plan, Cybersecurity labels Google plans to scrape everything you post for AI, & the Year of the Linux Desktop!
Announcements
Join our cybersecurity community on Discord! Connect directly with our expert hosts, join discussions with fellow audience members, and customize your notifications to receive alerts every time an episode of your favorite show publishes. Get your invite at securityweekly.com/discord!
Guest
Ryan has 10+ years of experience in IT security ranging from compliance, analyst engineer, CISO and consultant. He also has taught cyber security at the community college level for the last 8 years. Ryan has most recently been leading initiatives such as SOAR, purple teaming, network segmentation, devsecops and cloud security posture management.
Hosts
- 1. FUNDING: Secure Code Warrior lands $50M to educate developers on best cyber practices
$50M Series C led by Paladin Capital Group.
- 2. FUNDING: Vendict raises $9.5 million for its generative AI GRC tool
$9.5M Seed Round led by NFX, Disruptive AI, and Cardumen Capital. GenAI for responding to security questionnaires.
- 3. FUNDING: SpecterOps Raises in $8.5M Series A Extension – FinSMEs
$8.5M extension to $25M Series A in April, for a total $33.5M Series A. Led by Ballistic Ventures. Kevin Mandia, the CEO and founder of Mandiant, will serve as an Observer to SpecterOps’ Board of Directors.
- 4. FUNDING: Cove, an AI-powered safety layer for the web
$5.8M Seed, led by Thrive Capital.
- 5. FUNDING: PrivacyHawk Raises $2.7 Million to Pioneer the Personal Data Protection Market
- 6. FUNDING: Teleskope Raises $2.2M in Pre-Seed Funding
- 7. ACQUISITIONS: Jamf announces its acquisition of dataJAR, a leading Apple technology managed services provider
- 8. ACQUISITIONS: Graylog Acquires Resurface.io
Reportedly an asset acquisition. 4-year old Resurface (API security) had raised $5.3M with the last round in August 2022. 11-year old, Houston-based GreyLog (Security Operations, Log mgmt) has raised $27.4M, with the last round raised in 2021.
- 9. DELISTING: IronNet Announces Intention to Voluntarily Delist Securities from New York Stock Exchange
- 10. MARKET TRENDS: Cloudflare, Palo Alto Networks and Zscaler tumble as Microsoft expands in cybersecurity
- 11. BREACHES: Analysis of Storm-0558 techniques for unauthorized email access
We just released a blog on this, at my day job! https://www.valencesecurity.com/resources/microsoft-storm-0558-saas-breach
- 12. BREACHES: “Millions” of sensitive US military emails were reportedly sent to Mali due to a typo
- 13. BREACHES: Microsoft to Offer Some Cybersecurity Tools Free After Suspected China Hack
- 14. BREACHES: Microsoft Bows to Pressure to Free Up Cloud Security Logs
- 15. HOWTO: How to be a security person that engineers don’t hate
- 16. HOWTO: How to securely build product features using AI APIs
are emerging capabilities, and there is time-pressure to launch transformative features. Security teams need to enable their businesses to grow and succeed in this environment. That means rapidly coming up to speed on the risks of these sorts of product features. More importantly it means awareness of the pragmatic set of controls emerging to reduce these risks.
- 17. HOWTO: How to detect suspicious activity in your AWS account by using private decoy resources
- 18. HOWTO: Okta Logs Decoded: Unveiling Identity Threats Through Threat Hunting – Rezonate
- 19. TOOLS: WormGPT: New AI Tool Allows Cybercriminals to Launch Sophisticated Cyber Attacks
- 20. REGULATION: National Cybersecurity Strategy Implementation Plan
- 21. REGULATION: The Biden administration is tackling smart devices with a new cybersecurity label
- 22. NEW FEATURES: AWS Fault Injection Simulator adds new actions for Amazon EKS and Amazon ECS
- 23. AI NEWS: Google plans to scrape everything you post online to train its AI
From one of my favorite researchers, Paperghost, aka Christopher Boyd!
- 24. SQUIRREL: Linux has nearly half of the desktop OS Linux market
- 25. SQUIRREL: James Cameron on AI: “I warned you guys in 1984 and you didn’t listen”
