Transforming the Defender’s Dilemma into the Defender’s Advantage – Charlotte Wylie, Bhawna Singh, Lenny Zeltser – ESW #381
Full Audio
View Show IndexSegments
1. Transforming the Defender’s Dilemma into the Defender’s Advantage – Lenny Zeltser – ESW #381
Ever heard someone say, "the attacker only has to be right once, but the defender has to get it right every time"? On this episode, we'll dispel that myth. There is some truth to the saying, but only with regards to initial access to the target's environment. Once on the inside, the attacker's advantage flips to the defender. Call it the 'Home Alone' effect. Or the Goonies effect? Die Hard? So many movie metaphors work here!
The conversation isn't just about setting traps for attackers, however, there's also a conversation to have about fundamentals and ensuring practitioners are prepared for whatever attackers might throw at them. This segment is inspired by the essay from Lenny by the same name: Transform the Defender’s Dilemma into the Defender’s Advantage
Announcements
Dive into cybersecurity with CyberRisk Alliance for exclusive insights from RSA Conference 2024. Explore executive interviews with industry leaders, uncovering visionary perspectives on threats and strategies. Delve into curated articles on trends and innovations, equipping yourself with essential knowledge for today's cyber landscape. Visit securityweekly.com/RSAC for expert guidance and inspiration in navigating cybersecurity challenges confidently.
Guest
Lenny Zeltser designs security solutions and shepherds them to a sustainable state. As the CISO of Axonius, he leads the security program to earn customers’ trust and fuel the company’s growth. In his prior roles, he built security products and services at companies such as NCR. Lenny helps shape cybersecurity practices by teaching at SANS Institute and sharing knowledge through writing, speaking, and community projects. He used to be hands-on in many areas of cybersecurity and IT. Now he focuses on strategy and leadership, treating security as an enabler that helps companies achieve their goals. Outside of work, Lenny loves cooking for his family and friends.
Hosts
2. Cyber Security Awareness for Election and Poll Workers – Kirsten Davies – ESW #381
The vast majority of the folks working polls and elections are volunteers. This creates a significant training challenge. Not only do they have to learn how to perform a complex and potentially stressful job in a short amount of time (most training is one day or less), cybersecurity-related concerns are usually not included for individual poll location and election workers.
Kirsten Davies has a passion project that attempts to solve this, with some concise, accessible, and straightforward training material. It is made available through two PDFs on her new organization's website, instituteforcybercivics.org.
Guest
Kirsten Davies is a globally recognized leader in Enterprise Transformation, Digital Innovation, Technology and Cyber Risk Management, and AI Assurance. She is an ardent advocate for public-private partnerships, cross-industry collaboration, and the ethical use of technology and AI to support individuals’ rights.
Davies’s experience stretches across Fortune 500 companies, including as Chief Information Security Officer (CISO) for Unilever, CISO for The Estee Lauder Companies, MD & Corporate Security Officer for Barclays (Africa Group), and Deputy CISO for both Hewlett Packard Enterprises and Siemens.
An active investor, she is an Advisor for start-ups and VCs and is a member of NSI’s Cyber & Tech Security Council. She is the Founder and CEO of the Institute for Cyber Civics, a non-profit organization bringing Fortune 500 best practices in cyber security to the lives of everyday citizens. ICC’s inaugural work is delivering cyber policy, awareness and training to election officials, polls observers, and voters for the 2024 US elections.
Kirsten actively supports the A21 Campaign to end Human Trafficking, and NURU International to build local entrepreneurship across Africa.
Hosts
3. Era of Bot Battlers & Security Focused Company Culture – ESW #381
Customer Identity is everywhere. It's powering secure experiences for billions - enabling people to check their luggage at the airport, watch their favorite Major League Soccer games, or take their favorite Peloton class. Because it’s everywhere, threat actors now see customer identity as a path to financial gain. Bots now make up nearly 50% of all internet traffic and are being used to steal sign-up bonuses or breach accounts. And cybercriminals are bypassing the login box completely, stealing authenticated session cookies at record rates. Bhawna Singh. Chief Technology Officer of Customer Identity Cloud at Okta joins host Mandy Logan, from Security Weekly, to discuss the current state of customer identity, what developers need to know about securing their applications and what Okta is doing to help developers build applications that decipher a human from a bot.
Segment Resources: https://www.okta.com/oktane/ https://www.okta.com/press-room/press-releases/okta-helps-builders-easily-implement-auth-for-genai-apps-secure-how/
Whether it’s phishing techniques, password spraying, or social engineering, security leaders today are constantly needing to see past blindspots, educate their workforces, and rethink the enterprise security checklist. Many companies, like Okta, are finding ways to incorporate security within their company culture, as every employee has a role to play in keeping a company secure. Charlotte Wylie, Deputy CSO at Okta, joins Security Weekly's Mandy Logan to discuss what security leaders are being challenged with today when it comes to securing their workforce and from experience with implementing Okta’s Secure Identity Commitment how companies can be prioritizing security within their culture to help prevent threat actors from taking advantage of the weakest link.
Segment Resources: https://www.okta.com/blog/2024/08/how-okta-fosters-a-security-culture/ https://www.okta.com/press-room/press-releases/okta-openid-foundation-tech-firms-tackle-todays-biggest-cybersecurity/
This segment is sponsored by Oktane. Visit https://securityweekly.com/oktane2024 and use discount code OKTNSC24 to pay only $100 for your full conference pass!
Sponsored By
Guests
Bhawna Singh is the CTO for Okta Customer Identity Cloud. She has 20+ years of experience successfully building and leading talented teams of engineers to transform and scale technology for a global user base. Bhawna has led multiple tech transformations, scaled systems from 0 to 100 million monthly users, led the global expansion of products, participated in multiple acquisitions, and spearheaded innovation to drive user growth and engagement, delivering multi-million dollar revenue growth.
Charlotte Wylie, SVP and Deputy Chief Security Officer at Okta, partners with Okta’s Chief Security Officer to lead Okta’s technical cybersecurity services. This includes overseeing Okta’s global engineering teams to enhance the company’s security postures and programs that support its nearly 19,000 customers. She is a seasoned security executive with extensive global experience across financial and technology industries in Australia and the United States. Charlotte has an extensive background in the delivery of security transformation programs and leading global engineering teams creating value through enhancing security posture aligned with business goals for large corporations.
Prior to Okta, Charlotte led the security engineering team at Xero, a New Zealand based SaaS startup specializing in accounting software.
Charlotte is a passionate social advocate and a proud member of the Okta pro bono management team and has led a number pro bono projects at previous organizations including Symantec and The Commonwealth Bank of Australia.
Host
