CISO in Crisis, but Will the SEC Regulations Make a Difference and New NIST CSF Draft – BSW #316
Full Audio
View Show IndexSegments
1. CISO in Crisis, but Will the SEC Regulations Make a Difference and New NIST CSF Draft – BSW #316
In the leadership and communications section, CISO is Crisis, Will SEC Cybersecurity Regulations Make a Difference?, NIST Drafts Major Update to Its Widely Used Cybersecurity Framework, and more!
Announcements
Security Weekly listeners: Now is your chance to join the infosec community as they come together at InfoSec World 2023, September 23 – 28, 2023 at Disney's Coronado Spring Resort in Lake Buena Vista, FL. Hear keynotes from Scott Shapiro, Founding Director at Yale CyberSecurity Lab’s and Rachel Wilson, Managing Director and Head of Cybersecurity at Morgan Stanley.
As a Security Weekly community member, you’re able to receive 20% off your InfoSec World 2023 tickets using code ISW23-SECWEEK20! Register today: securityweekly.com/infosecworld2023
Hosts
- 1. CISO in Crisis
The modern CISO faces a landscape filled with evolving threats, immense pressures, and a need to adapt continuously. The weight of these responsibilities, combined with various organizational challenges, contributes to the high turnover rate in this role.
- 2. Will SEC Cybersecurity Regulations Make a Difference?
The new SEC regulations mark a paradigm shift in cybersecurity risk governance. Their effectiveness hinges on careful execution and enforcement, balancing the need for transparency without compromising security. They present an opportunity for companies to review and enhance their cybersecurity practices. It’s a challenging journey, but with strategic planning, proactive measures and constant vigilance, companies can effectively navigate this evolving landscape.
- 3. Enterprise risk management team: Roles and responsibilities
Every facet of business operations is exposed to risks, requiring a risk management team that's composed of a diverse mix of corporate executives and managers.
- 4. NIST Drafts Major Update to Its Widely Used Cybersecurity Framework
After considering more than a year’s worth of community feedback, the National Institute of Standards and Technology (NIST) has released a draft version of the Cybersecurity Framework (CSF) 2.0, a new version of a tool it first released in 2014 to help organizations understand, reduce and communicate about cybersecurity risk. The draft update, which NIST has released for public comment, reflects changes in the cybersecurity landscape and makes it easier to put the CSF into practice — for all organizations.
- 5. Redefining Leadership: The Rise Of New Organizational Structures
The takeaway here is that leadership styles should not be one-size-fits-all. After all, the changing dynamics of leadership in the modern workplace can be likened to a shift in the global tectonic plates—slow-moving yet filled with significant implications. What was once a hierarchical model has now evolved into an intricate web of relationships and roles.
- 6. Creating a Roadmap for Your Dream Cybersecurity Career
Many of us build our cybersecurity careers based on whatever opportunities pop up or based on the first job we can find. While there is nothing wrong with this approach, it may not result in the perfect role for you. I want to spend some time reviewing how we can both approach opportunities with a long-term view and create the right opportunities for where we want to end up. I’ll start with a focus on getting into the ‘right’ cybersecurity field and then cover how to build the skills you need to advance. Finally, I’ll explain how to map out a path so that you end up in your dream job.
2. Securing your Browser & The Journey to Password[less] – Karim Toubba, Mike Fey – BSW #316
The modern web browser is the single most commonly used application by enterprises worldwide. Its power, simplicity, and usability makes it an essential tool at work. And yet, the browser is not an enterprise application. It lacks the fundamental controls enterprises require to ensure proper security, visibility, and governance over critical apps and data.
As a result, we surround the browser with a massive security ecosystem in an attempt to manage the intersection between users, web applications, and the underlying data. In the process, our technology stack becomes complex, expensive, and fragile to maintain, while end users are left with a frustrating experience. All because the consumer browser was not designed with enterprise needs in mind. The question is: What if there was a browser designed exclusively for the enterprise?
Hear from Karim Toubba, CEO of LastPass, on LastPass' journey to passwordless, the importance of a passwordless world and why authentication is becoming more complex and facilitating the ease of authentication for users at work and at home.
This segment is sponsored by Island. Visit https://securityweekly.com/islandbh to learn more about them!
This segment is sponsored by LastPass. Visit https://securityweekly.com/lastpassbh to learn more about them!
Sponsored By
Guests
Michael Fey is Island’s co-founder and CEO. Fey was President and COO at Symantec. Prior to Symantec, he was President and COO of Blue Coat. Prior to that, Mike was EVP & GM for enterprise products at McAfee and CTO of Intel Security playing a pivotal role in Intel’s acquisition of McAfee for $7.7 billion in 2010.
Fey holds a degree in Engineering Physics and Mathematics from Embry-Riddle Aeronautical University and was co-author of Security Battleground: An Executive Field Manual, providing a playbook for security obligated executives coping with the new realities of cyber security responsibilities to the board.
Karim Toubba is the Chief Executive Officer of LastPass, having joined the company in 2022. A cybersecurity industry veteran with over 25 years of experience within the sector, Karim brings proven leadership and innovation to the security market with a focus on creating products that solve real-world challenges yet form the foundation for lasting change.
Hosts
