We are hosting CISO Community Fireside chat on "Practical Approach To Understanding Attack Surface Management (ASM) In 2023". 

Join Chris Ray (Analyst, Gigaom, Domain expert Attack Surface Management), Bikash Barai (Co-founder, Cisoplatform , CEO, Firecompass). We will understand how ASM dramatically improves visibility, how ASM can be a force multiplier for security teams that are stretched thin and how ASM creates practical risk reductions because of these (visibility and force multiplier). We will also understand the ASM solution market and 'How To Identify A Good Fit For Your Organization.

Key Learning Points :  

• Fundamentals : What Is ASM? How Does ASM Work ?
• How ASM Dramatically Improves Visibility ? 
• How ASM Can Be A Force Multiplier For Security Teams ?
• How ASM Creates Practical Risk Reduction ?
• Understanding ASM Solution Market
• How To Identify A Good Fit For Your Organization ?

You can join us here: https://info.cisoplatform.com/practical-approach-to-understanding-attack-surface-management-asm-in-2023

We had a CISO community webinar on "Exposure Management For Financial Institutions To Overcome Resource Limitations And Regulatory Reporting". We discussed how to overcome resource limitations and the manual burden of regulatory reporting. How exposure management can help your Institution navigate the ever-increasing regulatory burden.  

Session Agenda

• How to Overcome Resource Limitations: automate and lighten your workload by providing continuous programmatic assurance
• Discover, Prioritize & Proactively Reduce Cyber Risk: Discover your attack surface risks & prioritize the most important ones to help mitigate the risks faster
• Security Posture Reports to Meet Regulatory Requirements: How to continually assess and provide automated reports on your security posture to meet regulatory requirements

About Speaker

• Bikash Barai, Co-Founder & CEO, CISO Platform & FireCompass
• Dave Lawy, Co-founder QunatumSmart and Senior Technology Executive
• Nasheen Liu, Partner & SVP, CIO Program Strategy

(Webinar) Recorded

Discussion Highlights

1. In both USA & Canada the regulators are stepping up the level of sophistication demanding higher level of cyber security maturity from Financial Institutions. Any comments ? 

• What are some of the ways Financial Institutions provide continuous assurance of their cyber posture?
  Context: Good process is always important however automation is the key to being successful in any space.. automated cyber tooling will help setup the company for success
• What is a general trend of interactions observed by regulators with industry on cyber?
  Context: Better processes, Less tolerance for poor hygiene, better questions & maturity matrix

2. Is Cyber Insurance important and how does it best serve the organization ? 

• The price of insurance is significantly increasing YearOnYear, retention (deductible) is increasing while exclusions and / or endorsements are reducing risk for the insurance carrier. Mitigating controls are more and more necessary

3. How can FI (Financial Institutions) best demonstrate they are adhering to security standards and compliance frameworks such as PCI DSS or SOC 2 and how are these standards maintained and updated ? 

• Standards require regular maintenance, adhering to a process and providing evidence. The more that can be automated the better the evidence is to showcase the organization adheres to such standards, better consistency, repeatable, predictable output
• As the environments increase complexity so does the ability to adhere to increasingly more stringent standards and frameworks. It is important to have systems and applications designed, built, and delivered leveraging automation. DevSecOps is a somewhat newer term however this has been around for some time in different forms. Ultimately security has to be built into the design. The systems state must be controlled programmatically which would allow proactive and reactive security changes to be made efficiently and in a scalable manner

4. What is External Attack Surface Management (EASM) and why is it Important ? 

• Failure to conduct an extensive attacker-like reconnaissance frequently leaves low-hanging fruits easily exploited by cybercriminals. And because attack surfaces are dynamic you will want continuous attack surface mapping and security testing especially on assets residing in “Shadow IT” for your organization and third parties

5. What are some of the trends being seen regarding cyber people resources and how are companies coping with the ever increasing demand on cyber resources as the threat landscape increases ? 

• War on talent, shortage of staff, constraints on budget, increasing demand to protect / defend, more sophisticated attack vectors…shortage of CISO thought leadership

6. Financial Institutions must adhere to standards and practices. How can the Financial Institutions perform expensive security exercises to protect and defend with a security team that has a long list of priorities, along with a shortage on staff and time

• FireCompass CART - Our CART platform gives you multi-stage attack playbooks to mimic a real attacker and accurately pinpoint prioritized vulnerabilities that would be targeted first. CART delivers shorter mean time to remediation (MTTR) and increased depth and breadth of coverage so you can focus on your mission of keeping attackers out and keeping IT/OT services running smoothly and securely.
  Gartner says “Nation-state actors and criminal organizations operate with a level of sophistication that surpasses the preventative and detection capabilities of most security and risk management teams.”
  

7. How about leveraging SaaS security solutions and automation to augment the security team

• Having such tooling with repeatable predictable output and evidence of processes not only helps with regulators but this can be a powerful tool for Third Party Risk Management. If your customer or vendor is using automation, there is a clear audit trail a known process in place that is standardize…this helps in audits as both a customer and vendor…. Third-party risk management: Financial institutions must ensure that third-party vendors and partners who have access to their systems and data are appropriately vetted and managed for cybersecurity risks.
  

8. What is Cyber risk and how can today’s FI best manage risk

• FireCompass is a SaaS platform for Continuous Automated Red Teaming (CART) and External Attack Surface Management (EASM) that acts as an integral part of a good exposure management program.
  -Single Platform for Attack Surface Management and Automated Penetration Testing & Red Team
  -Daily Risk Port Scanning & Adversary Emulation through multiple Attack Playbooks
  -Prioritized Risks with real-time alerts for faster detection and remediation
  
• Understand your holistic technology landscape. Understand all your assets logical, physical. Understand your level of maturity measured against regulatory standards, understand your exposures, Understand your processes to mitigate, Understand your tooling and systems to mitigate and understand your organization and culture.

We did 3 panel discussions in 3 cities, engaging over 25+ CISOs on the Gartner Hype Cycle for Security Operations that is used by CISOs to identify the hype and expectations and insight into what technologies and trends are likely to become more important in the near future.

Panel Speakers

• Somshubhro Pal Choudhury, Partner, Bharat Innovation Fund
• R Nantha Ram, Leader - Cyber Security Operation, 3M TCOE
• Naseem Halder, CISO, ACKO General Insurance Ltd
• Nitish Goyal, Director, Ocwen Financial Services
• Philip Varughese, Global Head - Applied Intelligence, Platforms and Engineering, DXC Security
• Sandeep Bansal, Head ICT, Reva University
• Harmeet Kalra, Regional Sales Director (India & SAARC), Picus

Discussion Highlights

1. From the Gartner Hype Cycle- Pick 1-2 areas you are personally excited about… what you think is the need of the hour

Here are the top emerging technologies picked by CISOs:

• External Attack Surface Management
• Exposure Management
• Automated Penetration Test & Red Teaming
• PTaaS
• Digital Risk Protection Services
• XDR

2.  What's your focus on the new entrants and its importance in the near future

Phishing is the fraudulent practice of sending emails or other messages purporting to be from reputable companies in order to induce individuals to reveal personal information, such as passwords and credit card numbers. This article highlights some major phishing types as a guide for reference.

Phishing scams are a type of social engineering attack that use fake emails or websites to trick individuals into revealing sensitive information, such as passwords, credit card numbers, and social security numbers. These scams often appear to come from legitimate organizations, such as banks or online retailers, and may contain urgent requests for personal information or threats to close accounts if information is not provided. To avoid falling victim to a phishing scam, it's important to never click on links in suspicious emails, verify the sender's email address, and never enter personal information on a website unless you are certain it is legitimate. 

From a recent report, SlashNext's State of Phishing report reveals that there were 255 million phishing attacks in 2022, a 61% rise from the previous year. The attacks are getting more sophisticated. Recent examples show phishing emails are able to bypass Gmail's filter. The examples below might help prevent yourself from a few common phishing attacks patterns by raising awareness.

P.S. I have taken excerpts from various interesting blogs online mentioned in the reference section

The types of phishing include : 

• Spear Phishing : Spear phishing involves targeting a specific group or individual, such as a company's system administrator. The following is an example of a spear phishing email. Observe the focus on the recipient's industry, the requested download link, and the urgent nature of the request.
• Whaling : Whaling is a highly targeted form of phishing that targets "the whales" - high-level executives within an industry or business, such as a CEO, CFO, or CXX. These attacks often claim that the company is facing legal trouble and require the recipient to click a link for further information.
• Vishing : Is similar in nature to other phishing attacks, with the goal of obtaining sensitive personal or corporate information. This type of attack is carried out through voice calls, hence the "v" in the name instead of "ph".
• Smishing : It is a type of attack that uses text messaging or SMS to deceive the target. A typical smishing tactic involves sending a message to a cell phone through SMS that contains a clickable link or return number.
• Email Phishing : The most prevalent form of phishing, has been in use since the 1990s. Attackers send these emails to any email addresses they can obtain, often claiming that there has been a breach to your account and requesting immediate action through a provided link. These attacks are often easy to identify due to spelling and grammar errors in the email. However, some phishing emails are harder to detect, especially when the language and grammar are polished. Checking the email's source and the linked website for suspicious language can provide clues as to its legitimacy

A.Password Reset

This phishing scam appears to originate from a system administrator responsible for my email domain and attempts to entice me into clicking a button. Although the text is poorly written, the buttons are well-designed, making it easy to imagine someone clicking without fully reading the text, especially if they are scanning quickly. 

B.PayPal Money Request

These are exceptionally clever as they utilize authentic PayPal messages and include multiple anti-phishing warnings in the text. Despite this, there are still signs that give away their true nature. These messages arrived a week apart and are likely the result of a single phisher.

C.Server Maintenance

Consider this message claiming to be from my company's IT Support team. Its goal is to obtain your email password, as once an attacker gains control of your email, they can reset passwords on other sites and access sensitive accounts. It is crucial to safeguard your email password the most!

Some common patterns to be aloof of : 

• Give emails a full read. Do not click if you have only skimmed through it. Be careful with easy emails and big buttons. Read the text carefully firsy before clicking. Look for grammatical errors, spelling mistakes in the email
• Verify with your IT department in person before honouring the claim on email
• An email with only an attached image and nothing else is mostly problem
• Be vary of the sender name and email addresses. Check for known ones.

An interesting question..can you mention the tell away signs in each phishing email example ? Comment below

Reference

• https://tidbits.com/2023/01/16/an-annotated-field-guide-to-identifying-phish/
• https://www.schneier.com/blog/archives/2023/01/a-guide-to-phishing-attacks.html
• https://cybersecurityguide.org/resources/phishing/
• https://www.valimail.com/guide-to-phishing/#:~:text=Most%20phishing%20attacks%20arrive%20via,tricking%20users%20into%20downloading%20malware.
• https://www.trendmicro.com/en_us/what-is/phishing/types-of-phishing.html

On January 19, 2023, it was reported that thousands of PayPal accounts have been hacked. This news has caused concern among PayPal users who are now wondering if their own accounts have been compromised. In this blog post, we will provide an overview of the situation, as well as some tips on how to protect your PayPal account from being hacked.

It is currently unclear how the hackers gained access to the PayPal accounts. Some experts believe that the hackers may have used phishing scams or malware to steal login credentials. Others speculate that the hackers may have found a vulnerability in PayPal's systems that allowed them to gain unauthorized access. Regardless of the method used, it is clear that the hackers were able to gain access to a large number of PayPal accounts.

PayPal has stated that they are working to resolve the issue and have implemented additional security measures to prevent further breaches. The company has also urged users to be vigilant and check their account activity for any suspicious activity. If you notice any unauthorized transactions or changes to your account information, it is important to contact PayPal customer service immediately.

To protect your PayPal account from being hacked, there are several steps you can take. First, make sure to use a strong and unique password for your account. Avoid using easily guessed information, such as your name or date of birth, in your password. Additionally, be wary of phishing scams and never click on links in emails or text messages that ask for your PayPal login credentials. If you receive an email or text message that appears to be from PayPal, but seems suspicious, it is best to log in to your account directly through the PayPal website.

Another important step is to enable two-factor authentication for your PayPal account. This will require you to enter a code sent to your phone or email in addition to your password, making it much more difficult for hackers to gain access to your account.

In conclusion, the recent hack of thousands of PayPal accounts is a reminder that we must all be vigilant when it comes to online security. By following the tips outlined in this blog post, you can greatly reduce the risk of your PayPal account being hacked. Remember to check your account activity regularly, use strong and unique passwords, be wary of phishing scams, and enable two-factor authentication. By taking these steps, you can help protect your PayPal account and your personal information.

The RSAC Innovation Sandbox Contest brings out cybersecurity’s boldest new innovators who have made it their mission to minimize infosec risk. Each year, 10 finalists grab the spotlight for a three-minute pitch while demonstrating groundbreaking security technologies to the broader RSA Conference community. Since the start of the contest, the top 10 finalists have collectively seen over 73 acquisitions and raised over $11.46 billion in investments. (Source : RSA Conference )

RSA Innovation Sandbox is one of the platform where information security startups can showcase their research and innovation. For the past 16 years, it is working as interface for cybersecurity companies to promote their new technology and connect with venture capitalists, industry veterans and experts at RSA Conference. "RSAC Innovation Sandbox is widely recognized as a springboard for startups in our field and since 2005, the top 10 finalists have collectively celebrated over 69 acquisitions and received $9.8 billion in investments. Two previous finalists have also completed IPOs in the last two years: SentinelOne (2015) and SumoLogic (2012)," said Linda Gray Martin, Vice President, RSA Conference. (Reference)

This year, out of 10 finalists, RSA Conference awarded Talon as the Most Innovative Startup 2022 for creating a secure enterprise browser, which empowers organizations to simplify their security programs while providing a secure and improved hybrid work experience.

Process Of Selection

In the final round of the contest, each finalist has to give a presentation to jury panel (a team of industry experts). Jury team includes Dorit Dor (Chief Product Officer, Check Point Software Technologies), Niloofar Howe (Sr. Operating Partner, Energy Impact Partners), Paul Kocher (Independent Researcher), Shlomo Kramer (Co-founder and CEO, Cato Networks) and Christopher Young (Executive Vice President of Business Development Strategy and Ventures, Microsoft), Hugh Thompson (Program Committee Chair, RSA Conference). For more information about the current standing status and funding of the past finalists of RSA Innovation Sandbox, visit the RSAC Innovation Sandbox Leaderboard.

Top 10 finalists of RSA Innovation Sandbox 2022

Talon- Named as “RSAC Most Innovative Startup 2022”

Talon modernizes security programs and improves user experiences for hybrid work by delivering a secure browser purpose-built for the enterprise. The TalonWork browser gives customers the deep security visibility and control over SaaS applications needed to simplify security for the future of work.

BastionZero, Inc- Runner up at RSAC Innovation Sandbox 2022

BastionZero is a cloud service that offers engineering teams zero-trust access to their infrastructure (servers, clusters, databases, etc). They use novel cryptographic protocol design to ensure that a compromise of their service won't lead to a compromise of your infrastructure.

Araali Networks- Araali is a threat management solution for cloud-native environments. It can both detect as well as block threats. Powered by eBPF, you can enforce explicit policies for "who can do what" in your virtual private cloud, blocking malicious code from establishing a backdoor or accessing your services.

Cado Security- Cado Security provides a cloud investigation platform. Designed to bring incident response into the cloud era, Cado Response delivers forensic-level detail into cloud, container and serverless environments. Cado empowers security teams to investigate and respond at cloud speed.

Cycode- Cycode is a software supply chain security solution that provides visibility, security, and integrity across the SDLC. Cycode integrates with DevOps tools and infrastructure to harden security postures, implement consistent governance, detect threats, and reduce the risk of breaches.

Dasera- Dasera is pioneering DataGovOps to solve the challenges of protecting data at scale while empowering employees with more data. They operationalize data governance by continually monitoring context and automatically integrating security and compliance throughout the data lifecycle.

Lightspin- Lightspin's graph-based platform reduces the time, cost, and resources DevOps and security teams need to keep their cloud stack secure. By identifying critical attack paths, Lightspin connects the dots between disparate security issues to prioritize and remediate critical issues that matter most, from build time to runtime and operations.

Neosec- Neosec is reinventing application security by bringing XDR techniques to protecting APIs. Its SaaS platform gives security professionals visibility into behavior across their entire API estate. Neosec discovers all your APIs, analyzes their behavior, and stops threats lurking inside.

Sevco Security- Sevco Security is a cloud-native asset intelligence platform providing visibility to all assets, users and applications both on-premise and in the cloud, creating a comprehensive and reliable source of truth for better decision making. Its patented telemetry engine finds and reduces security and IT risk.

Torq- Torq is a no-code automation platform for security teams. Limitless connectivity, drag & drop editing, and hundreds of templates make it easy to automate any process. Security teams from large organizations to cutting edge startups trust Torq to help them minimize complexity and maximize protection.

Learn About Top Breches, Attack Trends & Techniques And How To Defend Against Them. Our editorial team has handpicked the top sessions at Breach & Attack Summit held in Bangalore, Mumbai and Chennai. Here are the list of top sessions in Breach & Attack Summit 2022. 

350+ CISOs & Members joined us, 80+ Speakers shared their knowledge with the community and 47K+ engaged on social media. Attendees experienced keynotes, panel discussions and hands on workshops. 

1 - (Keynote) Dissecting Verizon DBIR: What's Causing Most Breaches?

Speaker: Jitendra Chauhan

Analysis Of Verizon DBIR & Top Attack Vectors. The cyber security world has been very active last year - from very well-publicized critical infrastructure attacks to massive supply chain breaches. In this event, we will look deep into Verisign DIBR report and find out how attackers navigate to your valuable assets and what you can do about it.

 >> Go To Presentation 

2 - (Keynote) Shift Left Of Boom: The new "Shift-Left" Movement That CISOs Must Keep An Eye On

Speaker: Sachin Deodhar

At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. 

>> Go To Presentation

3 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Sanil Anad Nadkami     

Panel: Aditi Lath, Manikant R Singh, Dheemanth R, Rajesh Jain, Satya Maddela, Senthil N, Vikash Kumar Singh, Purna Reddy Bolla, Anshuman Singh

4 - (Workshop) Practical Approaches For Securing IoT Ecosystems 

Speaker: Maithri Nadig, Rahul U, Krishnaa Srinivasa

 5 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Navaneethan M, 

Panel: Yogesh M, Manoj Kuruvanthody, Samrat Bhatt, Satya NM, Shaik Javeed Ahmed, Srinivas Thimmaiah, Arnab Chattopadhayay

6 - (Workshop) Purple Teaming With Adversary Emulation

Speaker: Sachin Deodhar

Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.

>> Go To Presentation

7 - CISO Platform Task Force Initiative 2022

Speaker: Bikash Barai

A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.

8 - (Keynote Panel) Managing Security During Turbulent Times

Moderator: Roshan Williams

Panel: Prathap R, Raghavendra Bhat, Satish Kumar Dwibhashi, Shetty KV, Vishal Kalro, Murali Krishnaam, Aditya Kakrania

9 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: Somshubhro Pal Choudhury

Panel: Asif Nalakath, Nantha Ram, Naseem Halder, Nitish Goyal, Philip Varughese, Sandeep Bansal, Anirudha Nayak, Harmeet Kalra

10 - (Workshop) Decoding CIS Risk Assesment Method V2.1 : How To Leverage

Speaker: Aditya Kakrania

Risk assessments are valuable tools for understanding the threats enterprises face, allowing them to organize a strategy and build better resiliency and business continuity, all before a disaster occurs. Preparation is key – after all, the worst time to plan for a disaster is during a disaster.

>> Go To Presentation

11 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Bijender Kumar Mishra     

Panel: Urvish Acharya, Tejas Shah, Pradipta Patro, Suresh A Shan, Vasudevan Nair, Satyanandan Atyam, Anshuman Singh

12 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: Vijay Kumar Verma

Panel: Hiren Pandey, Shitij Bhatia, Sanjay Jaiswal, Rohit Yeshwant Rane, Satyavrat Mishra, Melwyn Rebeiro, Harmeet Kalra

13 - (Keynote Panel) Managing Security During Turbulent Times

Moderator: Ambarish Kumar Singh

Panel: Balram Choudhary, Dr. Naresh Kumar Harale, Shankar Jadhav, Shobhana Lele, Venkata Satish Guttula, Satyanandan Atyam, Aditya Kakrania

14 - (Keynote Panel) Managing Stress During Crisis

Moderator: Bikash Barai

Speaker: Ajay, Harshad Mengle, Mohd Imran

15 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Dilip Panjwani

Speaker: Kedar Telavane, Sachin Kawalkar, Gopal Gupta, Kalpesh Doshi, Ananth MS

16 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability

Moderator: Gowdhaman Jothilingam     

Panel: Prabhakar Ramakrishnan, Venugopal Parameswaran, M Sivasubramanian, Srinivasulu Thayam, Maharajan S, Anshuman Singh

17 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface

Moderator: Vijaykumar Radhakrishnan

Panel: Vijayakumar KM, Lakshmi Narasimhan R, Venkatasubramanian Ramakrishnan, Palanikumar Arumugam, Vijay Anand, Gokulavan Jayaraman, Thamaraiselvan, Arnab Chattopadhayay

18 - (Workshop) Purple Teaming With Adversary Emulation

Speaker: Jitendra Chauhan

Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.

>> Go To Presentation

19 - (Keynote Panel) Chennai Chapter Presentation

Panel: Gokulavan Jayaraman, Prabhakar Ramakrishnan, Thamaraiselvan S, Suprakash Guha, Gowdhaman Jothilingam, Srinivasulu Thayam

20 - (Keynote) Shift Left Of Boom: The New "Shift-Left" Movement That CISOs Must Keep An Eye On

Speaker: Arnab Chattopadhayay

At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. 

>> Go To Presentation

21 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies

Moderator: AVS Prabhakar

Panel: Balakrishnan Kanniah, Gopi Krishna Togarcheti, Madhavan GG, Kavitha Srinivasulu, Suprakash Guha, Srinivasan

Kid’s Cyber-safety Task Force is a part of CISO Platform community initiative to help build a safer world for the younger generation. This Session is aimed at bringing awareness regarding cyber safety among kids. CISOPlatform community member Kiran Belsekar conducted “Cyber Security Awareness Session” for Vibgyor School on 19 November, 2022 on behalf of CISO Platform. Around 50+ students were part of this session. Apart from this Teachers, School authority and parents were also part of this session.

About Speaker

Kiran Belsekar, Senior Vice President, CISO & IT Governance at Aegon Life. A leader who brings insight from both technical and business perspectives in Information Technology, Cybersecurity, Fintech & Insuretech. Has more than 20 years of experience in IT (technical) and IT Management & business knowledge in various industries. Kiran is recognised for his work in Technology & Cybersecurity by prestigious institutions such as DSCI, CSO Forum, ISACA, IT NEXT, 9dot9, IDC, IDG & Core Media etc.

Key Pointers 

• Mobile phone security
• Do’s and don’ts in social media
• Effective Password Policy
• Privacy Setting
• Tips of personal data protection
• Awareness on various cybercrimes
• Cyber safety pledge

 (Kids Session) Video Recording

Session Highlights

1. Kids should do the following thing when they start exploring the Cyber world:

• Respect and protect yourself
• Respect and protect others
• Respect and protect copyright
• Respect and protect equipment

2. Understand Cyber World - While using facebook, Instagram, Youtube and others Kids should understand whom to talk or who is strangers or friends

3. Safety in Physical world - Kids should know the space distance in terms of Public, Social, Personal and Intimate space

• Public space - Stangers
• Social space - Friends & Relatives
• Personal space - Parents
• Intimate space - God

4. Safety Circles, where to reach for help:

• Parents
• Teachers

5. Cyber world: Fake Identities / Stangers

• Never give away - your name, phone number, address, passowrd, school name, Parents name
• Cyber creeps can become you (Identity theft) Find you 

6. Cyber world Top risks:

• Predators
• FIle share abuse
• Cyber bullies
• Invasion of privacy
• Disturbing content

We had a community round table with CISOs of top firms to create a tangible community playbook that could be used by the community in the future. We are extremely thankful to the contributors for this playbook.

CISO Contributors

• Dr. Anton Chuvakin, Security Solutions Strategy, Google Cloud
• Bikash Barai, Co-Founder FireCompass, Advisor CISO Platform
• Vijay Kumar Verma, SVP and Head Cyber Security Engineering, Jio Platforms Ltd
• Manoj Kumar Shrivastava, CISO, Future Generali India Insurance Ltd
• Mihirr P Thaker, CISO, Allcargo Logistics Ltd
• Prasenjit Das, CISO, TCS
• Suprakash Guha, General Manager, Lumina Datamatics
• Anwaya Bilas Sengupta, CISO, ERLDC
• Gowdhaman Jothilingam, Sr Manager IT/CISO, LatentView Analytics
• Palanikumar Arumugam, Head Technology, Shiksha Financial Services India Pvt Ltd
• Raghavendra Bhat, Head of Security Validation India, SAP Labs
• Rajeev Mittal, CIO, Endurance Technologies Ltd
• Ashok Kannan, President - IT, Sintex Industries Limited

Key Pointers

• Challenges - Licensing, use cases, log volume optimization - how to outsource? How to select a provider? - refining SOC Practices (operations)
• Mitigation Strategies

Discussion Highlights

1.Major challenges : 

• Convince the top management for SOC
• Log volume management
• Management commitment
• Partner outsourcing
• Skill gap & awarness training - people
• Choosing right tool - native with multiple dashboard OR aggregate logs and create correlation use cases and playbooks
• Organizations have assets on various platforms (Jio, AWS, Google etc.)
• Effective building of correlation use cases
• Building SOAR capability on ground
• Maturity of the SOC (measure active response)

2. How to have effective detection and response mechanism built and the right kind of soc or the program where soc is a part of it.

• Many company still are not able to implement soc and that is the major challenges what we are facing
• Lack of convincing the top management on the budget, how we can take it forward and what is the return of investment
• Due to huge logs and without the dedicated team or the central team it is difficult to manage and that's why we get stuck
• Management commitment challenges and the other auxiliary challenges
• SOC are ruined by lack of commitment from executives than by volumes of logs

3. Outsourcing to manage security services whether it's a global firm, we should explicitly drag it to the light

• SOC to be looked at with 2 aspects : need to have tools, people and a processes built around it & one side build protection controls
• SOC is one of the prime area where we measure the active response
• Lack for the vulnerability targeted to the porter

4. Threat landscape

• Log management optimization sources has caused number of soc to crash and not go well
• Detection and Observation comes first and then sources needed

5. Always drill the management crisis, pick up various scenarios and do analysis. How much time it takes for the organization to respond and recover or does the organization have the capability to respond and recover. SOC is the strategy to put things in place

6. We need to have tools, people and process around a successful SOC. Protective controls involve Firewall, EDR etc. An effective SOC allows you to validate if your protective measures are working well.  

This session covers SIEM augmentation importance, benefits, common use cases, architecture stack, evaluation plan & more. Security information and event management (SIEM) solutions and security operations tools in general are not perfect, each with their own blind spots and pitfalls. However, with the addition of a single tool, you can demonstrably improve your team’s ability to detect and respond to threats and at a reduced total cost.

Session Agenda

• SIEM Augmentation - Why & How (using Chronicle and benefits)
• SIEM Augmentation Use Cases (common use cases)
• SIEM Augmentation Architecture (data flow between SIEMS, effect on operations)
• SIEM Augmentation Action Plan (short term and mide term plan to evaluate SOC stack and augmentation)

About Speaker

Sharat is SIEM Head Product Marketing, Google Cloud. Leader with a demonstrated history of working in the information technology and cybersecurity industry. Skilled in Competitive Intelligence, Management, Customer Escalation Management, Information Security, and Technical Product Marketing. Information Security professional with a Master of Science focused in Telecommunications from University of Colorado at Boulder and a Bachelors in Electrical Engineering from Anna University, India.

(Webinar) Recorded

Discussion Highlights

1. Why augment your SIEM:

-More cost saving

-New use cases

-New Telemetry cases

2. How to start augment your SIEM

• Does your SIEM address all current and planned use cases cost-effectively?
• Does your SIEM address current use cases but at an unsustainable cost?
• Does your SIEM address current use cases but future scaling is not assured?

 3. SIEM Augmentation Use Cases:

-The "Cover All Your Bases" Use Case

-The :Hoarding is Rewarding" Use Case

-The "Automation Station" Use Case

 4. SIEM Augmentation Architectures:

5. What to watch for when Augmenting:

-Data collection pitfalls may materialize

-Split data needed for one use cases

-Multiple workflows add complexity

-Detection content duplication

-Source of record

6. SIEM Augmentation action plan:

- Short term recommendations

• Review your detection and response tools & processes
• Identify gaps in current use case coverage
• Map out collection and retention of telemetry data
• Identify costs and challenges to address

- Medium term recommendations

•  Look for cloud scenarios that are not addressed
• Review choices for a joint, augmented architecture
• Evaluate the need for SOAR capabilities
• Run a POC of chronicle for your data

A SOC is responsible for detecting, investigating, and responding to cyber threats. As the attack surface continues to expand, SOC teams are extremely overburdened. Further, there are talent shortages. The Google SOC team has found a way to scale and automate the detection and response process.

• Eliminate security blindspots with cloud-native infrastructure
• Get to “aha” faster with sub-second search, insights, and streamlined processes
• Democratize security operations by leveraging threat intelligence, out-of-the-box detections, and playbooks

About Speaker

Kristen Cooper is a Security Operations Product, Google Cloud. She has over 16 years of product management and product marketing experience with the past decade focused on cybersecurity, working for companies such as Mandiant, Siemplify and now Google. Kristen has a passion for building world-class product marketing teams and working with companies to solve their security challenges.

(Webinar) Recorded

Discussion Highlights

1. Agenda:

-The need for SOC Transformation

-Modernizing people, Process & Technology

-Chronicle Security Operations

2. Security Operations is Ripe For Transformation:

-We cant store and analyze all data, resulting in blindspots

-It's cost prohibitive to ingest all the data we need

-It takes too long to investigate alerts

-We struggle to build effective detection and have too many false positives/negatives

-Our processes are too manual, we are too slow to respond to and remediate threats

-We don't have enough skilled engineers to make eevrything work

3. CISOs & Security Leaders are still asking questions:

- How can we increase the operational efficiency of our  workforce?

- Are we effectively detecting & responding to all business threats?

- Can we budget, optimize and manage our financial costs?

- How can we modernize & get ahead of the talent shortage?

- Where can we co- innovate with Google?

4. Legacy SOC

• Inspired by IT helpdesk philosophy
• Treats incidents as rare and abnormal
• Focuses on alert pipeline and pairs alerts to analysts
• Centered on a SIEM (SOC=SIEM analyst team)
• Has walls between alert handlers and alert tuners
• Threat intelligence is sometimes consumed
• Shallow metrics on handling time

 5. Modern SOC

• Teams are organized by skill, not rigid level
• Process structured around threats, not alerts
• Threat hunting covers cases where alerts never appear
• Multiple visibility approaches, not just logs
• Automation via SOAR works as a force multiplier
• Deeper testing and coverage analysis
• Threat intelligence is consumed and created
• Soc elegantly uses third party services

6. Five Key Steps:

-Baseline skills required against workforce & identify gaps

-Shift hiring program to align to new skill structure

-Implement an automation backlog, focus on toil reduction

-Fill gaps with partners, 3rd parties, and "shift-left" via x-fn

-Strive to achieve 40/40/20 ops-eng-learning utilization

7. People Transformation:

-Tactical

• Analysts are organized by skills and focusing on threats not alerts
• Implement learning paths, certifications, stretch opportunities
• Analysts have clear success metrics
• Hire partners to augment your team
• Expand visibility to other practices (Devops, Security Architecture)

-Strategic

• Supports additional stages of threat lifecycle (eg. creates content)
• Provide comprehensive onboarding and skills develoment programs leadership training
• Individual OKRs are aligned to solutions
• Revamp your hiring program to seed talent potential and skills
• Build interlock between SecOps & DevOps

-Transformational

• Analysts create use cases and own end-to-end lifecycle of threats
• Analysts export thought leadership and participate in community R&D
• Program-wide OKRs aligned to solutions
• Continually measure, hire inclusively retain and promote often, train leaders
• SecOps heavily influences DevOps
• Analysts spend majority of time doing Dev (engineering/automating) vs Ops

 8. Process Transformation:

-Tactical

• Optimize the alert triage process
• Expand use of threat intelligence
• Build use cases
• Adopt continuous Detection, Continuous Response workflow

-Strategic

• Start threat hunting
• 100% coverage across ATT&CK
• Integrate with x-fn dev process
• Build SOAR playbooks
• Establish OKRs around CD/CR

-Transformational

• Team is fully utilized towards proactive work, reactive work is continually automated
• Create and share threat intelligence across adjacencies & organizations
• Fully adopted CD/CR workflow with full visibilty of threats, optimize OKRs and board level metric visibilty

9. Five Key steps to take:

-Implement your first deployable CD/CR pipeline

-Identify coverage gaps across MITRE ATT&CK

-Establish OKRs around CD/CR

-Start doing proactive threat hunting

-Identify opportunities to better operationalize threat intel

10. Technology Transformation:

-Tactical

• Implement cloud native SIEM
• begin developing a content library for deployment pipelines
• Add network endpoint, cloud and other telemetry to SIEM
• Develop SOAR playbooks

-Strategic

• Robust implementation of ATT&CK across all data sources
• Optimize technology TCO to spare budget for people and process improvements
• Orchestration at the forefront of all new process additions

-Transformational

• Maximize ATT&CK coverage by leveraging all available detection techniques
• Autonomous discovery of assets and log sources
• Co-develop technology features with your vendors and partners
• Implement a data science program to identify AI/ML use case opportunities

 11. Five Key steps to take:

-Start developing a use case library for content

-Expand visibility across endpoint, network, cloud ++

-Migrate to cloud native tools

-Utilize SOAR, especially in the earlt stages

- Optimize your tech costs for people/process improvement

 12. Security Operations by Google

13. Key Takeaways & Recommendations:

-Shift organizational structure to align with skills NOT tiers

-Strive for a contionuous Detection + Continuous response model

-Operationalize threat Intelligence and begin threat hunting

-Migrate to cloud-native tools & utilize SOAR early

-Optimize your technology costs for people / process improvement

The healthcare industry in India has faced 1.9 million cyber attacks this year till November 28, as per data published on Thursday by cyber security think tank Cyber Peace Foundation and Autobot Infosec Private Ltd. The attacks came from a total of 41,181 unique IP addresses, which were traced back to Vietnam, Pakistan, and China. The objective behind most of the attacks was to inject a malicious payload into the network of the healthcare company and trigger ransomware attacks. The sensors found 1527 unique payloads used for trojan and ransomware, the report shows.

About Speaker

Srinivasulu Thayam : CTO, Aravind Eye Care .

Srinivasulu is Senior Leader in IT with 27+ years of global diversified experience in Product engineering, Product development and assurance, Business Unit development, Strategic management, Delivery, Program and Practice Management, Test Automation tools, Non-Functional Testing, change controls, account management, Transformation, and Transition management, scaling high performing organizations, maximizing revenue & growth through client satisfaction and disciplined leadership.

Webinar (Recorded)

Discussion Highlights

1. Healthcare Data breaches

2. Why healthcare is the biggest target for cyber attacks

• Private patient information is worth a lot of money to attackers
• Medical devices are an easy entry point for attackers
• Staff need to access data remotely, opening up more opportunities for attack
• Workers don’t want to disrupt convenient working practices with the introduction of new technology
• Healthcare staff aren’t educated on online risks
• The number of devices used in hospitals makes it hard to stay on top of security
• Healthcare information needs to be open and shareable
• Smaller healthcare organizations are also at risk
• Outdated technology means the healthcare industry is unprepared for attacks

3. Fear the attacker

4. Recent Ransomware scenarios

• A major cyber security breach that has forced it to take a number of critical systems offline following an alleged social engineering attack on an employee by an apparent teenage hacktivist
• Data breach at Uber saw information on 57 million user accounts – 2.4 million in the UK – compromised
• Uber was fined almost $150m for covering up this breach, and its then chief security officer, Joe Sullivan, is currently facing criminal charges over the incident
• AIIMS Delhi turns manual following ransomware attack and around 40 million patients might have been exposed
• The FIR stated that after two encrypted mails, there was a message: “what happened, your files are encrypted, all files are protected by strong encryption with RSA-2048, there is no public decryption software, what is the price to repair, the price depends on how fast you can pay to us, after receiving money, we will send program and private keys to your IT department right now, do not attempt to decrypt your data after using third party software, this may result in permanent data loss, our program can repair all files in few minutes and all servers will work perfectly same as before, free decryption as guarantee, you can send us upto three free decrypted files before payment.”
• Safdarjung Hospital, a 1,500-bed government hospital, recently disclosed that cyber criminals also hit its IT system in November. No data, however, was compromised when the system went down in a day
• While Medical Superintendent Dr B.L. Sherwal did not expound on the nature of the attack, He added that the system was immediately restored by the National Informatics Centre, the government agency responsible for enabling all government IT systems in India
• The processes at Safdarjung Hospital are not as computerized as those at AIIMS, which is why the harm wrought by the cyber attack was not as serious as that at AIIMS
• Personal details of more than 1.5 Lakh patients (data is from 2007 to 2011) of a Tirupur Hospital have been put of for a sale by Cyber hackers through Telegram channels and specific Cybercrime forums
• The leaked information contains personal details such as birth dates, doctor details, residential addresses, and basic vitals of patients such as height, weight and blood groups
• The database was advertised for $100 (meaning that multiple copies of database would be sold) for cyber criminals seeking to be the exclusive owner of the database, the price is raised to $300 and if the owner intends to resell the database, the quoted price is $400
• CloudSEK (a contextual AI company that predicts cyber threats) has revealed this
• Customer data was encrypted by Cyber attacker repeatedly 3 times in last 5 months
• During 1st attack, partial ransom was paid (for specific clients) by the data processor, however ransom was ignored during 2nd time and they went to Cyber insurance to manage the damage and again 3rd time was attacked most of his customer networks (common to data processor and his customers)

5. Crowdstrike Blog

6. Causes

• Social engineering using phone calls and text messages to impersonate IT personnel, and either directing victims to a credential harvesting site or directing victims to run commercial remote monitoring and management (RMM) tools
• Social engineering “most dangerous” threat, say 75 percent of security professionals. In May, Cyber Security Hub research revealed that three out of every four cyber security professionals considered social engineering or phishing attacks to be the “most dangerous” threat to cyber security at their companies
• Ransomware has accounted for around 20% of cyber breaches so far in 2022. For comparison, the use of stolen credentials (hacking) accounts for 40% of breaches as of October 2022, and phishing accounts for around 20%
• 93.28% of detected ransomware files are Windows-based executables. The next most common file type is Android, at 2.09%
• The most common entry point for ransomware attacks is through phishing, with 41%
• Cause of ransomware infection - Spam/phishing emails: 54%, Poor user practices/gullibility: 27%, Lack of cyber security training: 26%, Weak passwords/access management: 21%

7. Threats

• Malware
• Cryptomining
• Phishing
• IAM abuse
• Outgoing DDoS attacks
• Bruteforce
• Leaked credentials
• Hijacked accounts
• Compromised machines

8. Threat Management

• AD Security
• Increase Visibility
• Improve Third- Party Security.
• Expand Cyber Threat Awareness
• Implement Multi-Factor Authentication

9. Data sources

10. Signs that your organization is at risk 

• Employees are not trained to fully understand and apply laws, mandates, or regulatory requirements related to their work and that affects the organization’s security
• Employees are unaware of the steps they should take at all times to ensure that the devices they use—both company issued and BYOD—are secured at all times
• Employees are sending highly confidential data to an unsecured location in the cloud, exposing the organization to risk
• Employees break your organization’s security policies to simplify tasks
• Employees expose your organization to risk if they do not keep devices and services patched and upgraded to the latest versions at all times

Kid’s Cyber-safety Task Force is a part of CISO Platform community initiative to help build a safer world for the younger generation. This Session is aimed at bringing awareness regarding cyber safety among kids.

Suprakash Guha, ISMS Head of Lumina Datamatics, conducted “Cyber Security Awareness Session” at Adithya Vidyashram School, Pondicherry on 9, 13 and 16 July, 2022 on behalf of CISO Platform. Around 400 students of class IX, X, XI and XII were part of this session. Apart from this teachers, School Principal and Founder were also part of this session. 

Key Pointers 

• Mobile phone security
• Do’s and don’ts in social media
• Effective Password Policy
• Privacy Setting
• Tips of personal data protection
• Awareness on various cybercrimes
  

(Images) Kids Cyber Security Session

Hello Members,

There has been some very interesting findings in the Verizon DBIR Report 2022. The community has been asking many questions and is excited. We requested a community session from our partner firecompass research division which you can join for free and ask any questions you have. 

We are hosting a session on "Dissecting Verizon DBIR : What caused 3000+ breaches" by J.Chauhan (IIT Kharagpur Alumni; Head Research @FireCompass). Our speaker analyses the report and we understand the most common attack vectors and patterns. In this webinar, we will look deep into the Verizon DBIR report and find out how attackers navigate to your valuable assets and what you can do about it. 

The last year has been notorious in cyber crime including well publicized critical infrastructure attacks to massive supply chain breaches. In the DBIR report, it has analysed data to find patterns and action types used against enterprises. This year the DBIR team analyzed 23,896 security incidents, of which, 5,212 were confirmed data breaches. (Reference : Verizon DBIR 2022)

Key Learnings From Session : 

• Learn which are the top 5 attack vectors that contributed to 80% of the breaches ? 
• Learn about the rise of the ransomware & 5 top ways they get the initial foothold
• Learn how attackers are leveraging web applications in breaches ? 

(This is a free session exclusive to ciso platform community members.)
As always, we look forward to your feedback and thoughts. Please send us your ideas on how we can make the community a better value add for you and your peers. Email pritha.aash@cisoplatform.com

Session Recording (with Q&A)

Executive Summary

1. Agenda

• Objective
• Taxonomy of attacks
• Top 5 attack vectors that contributed to (approx.) 80% of the breaches
• Rise of the ransomwares and few top ways ransomwares get initial foothold.
• How attackers are leveraging Web applications in breaches?
• What about human errors?
• Recommendations
• Q/A

2.What Is The Objective ? 
The objective to get insights from Verizon DBIR 2022 (Breaches) analysis report and orient the security roadmap, if required.

How can statistics help us ? 
Stats based on breaches can tell us where we should focus on.
We believe that continuous security assessment in a way real attackers perform, especially on top of baseline activities such as VA/PT, will help in preventing future potential security incidents and breaches.

3.Taxonomy Of Attack In The DBIR Report 

4.Explain The Taxonomy Of The Attack In The DBIR Report?

• Taxonomy consists of multiple concepts such as attack patterns, attack vectors and attack varieties etc.
• Attack Patterns are the complex form of attacks such as system intrusion. An example of system intrusion is multi stage attacks from outside to inside the network
• Attack categories are the group of attack vectors.
• An attack vector consists of multiple attack varieties at the individual levels

5.What Are The Top Attack Patterns (Complex Attacks) That Contributes To More Than 80% Of Breaches ? 

These are the ones:
System Intrusion - Multi Stage attacks to gain access to systems via one or more attack vectors to install backdoors and ransomware.
Basic Web App Attacks - such as Web vulnerabilities, Credential Stuffing using stolen credentials
Social Engineering - Phishing to lure users to submit sensitive information or download and install malicious code
Misconfiguration - Exposed Panels, Exposed Keys, Public Cloud Buckets etc.

6.How Do Ransomwares Get Initial Foothold ? 

• Ransomwares are the on the rise increased above 20% of the all major breaches. Ransomware generally intrude and gain access to the network using various attack vectors as follows:
  Use Stolen credentials
  Desktop sharing softwares such as RDP, VPN, Anyconnect etc,
• Phishing via email
  Install ransomware code
• Exploit vulnerabilities
  Web applications
  Product and Frameworks such as log4j
• Errors and Misconfigurations
  Open Databases, Kubernetes, docker instances

7.What Automation Is Being Used By Hackers To Attack Enterprises?  

• One of the typical automation, without any human intervention is following
• Scan for targets on mass scale
• Profile the targets using custom crawlers or fingerprinting techniques
• Detect CVEs based on technology, or banner
• Attempt exploitation
• Attempt persistence

8.What Are The Other Ways To Get Initial Foothold Into An Organization ?

• Misuse Partner Access using stolen credentials or other means such as phishing
• Supply chain attack by compromising devops pipeline, system management tools such as Solarwind etc.
• Target desktop sharing software
• Use stolen credentials
• Exploit a vulnerability
• Phishing
• Target a Web Application vulnerability
  Once the initial foothold is attained, generally a backdoor / c2 agent / ransomware is installed to carry out pivoting
   

9.How Attackers Are Leveraging Web Applications In Breaches? 

• Web applications are the most exposed assets on the internet.
• Attackers use stolen credentials to perform attacks such as Credential Stuffing or brute force attacks
• Exploiting a vulnerability,
• Misconfiguration such as exposed admin panels etc.

10. What Is The Contribution Of Misconfigurations/Error In Breaches? 

The rise of the Misconfiguration error began in 2018 and was largely driven by cloud data store implementations that were stood up without appropriate access controls.
The data tends to be from customers, and it is also the customers who are notifying the breached organizations in a high number of cases. However, Security researchers are still the stars of this Discovery show (although their percentage is down from last year).

11.Suggested Action Items For Prevention And Mitigation

• Improve Visibility
• Continuos Assessment Of Security Posture

Some Detail Suggestions : 

• Continuously Discover Misconfigurations’ 
  • Admin Panels, Hidden directories, exposed databases
  • Misconfigured DNS, Email servers etc.
• Continuously Assess your Web Applications
  • Better visibility
    • APIs, Login Pages, Web App Types (VPN, Admin panels etc.)
  • Attacks
    • Credential Stuffing (Stolen credentials)
    • SQLi, SSRF, and more injection attacks
    • Validate Security Control
      • SSL, CSP, WAF/Cloudflare, Captcha etc.
• Perform Social Engineering
  • More depth including installing malware and backdoors 
• Continuously Assess your Desktop Sharing Applications
• Continuous Credential Stuffing attacks
• Malwares are the second most common action category in breaches. Perform Assumed Breached Scenarios
• Build playbooks to emulate supply chain attacks

Interesting learning during the journey of cyber war & peace. Areas of learning in the life journey as leader, professional.

About Speaker

Nick has 25 years of experience from the digital battlefield to 21st-century technology adoption. Disciplined execution with creative improvisation for better security risk management outcomes.

Bikash Barai is the Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. He is also an early advisor at CISO Platform.

Fireside Chat (Recorded)

What should a CISO do the first 90 days of his new role ? It's all about the journey of a CISO. Split the tenure into a few segments for understanding current security situation in the organization, putting together a strategy and execution. Focus on understanding your key roles in first 7 Days and first 30 Days withing in 90 Days. Learn more from our speaker - CISO, NTT Research. He's also writing a book on this soon.

About Speaker

Matthew Irelan is the CISO at NTT Research. Mathew is Proven strategic leader with a diverse background across many domains including executive consulting, healthcare, manufacturing, financial//banking industries, and emergency services (Law Enforcement, EMS, and Fire/Rescue). I love leading teams through culture change, fixing complex business problems, and driving profitable revenue growth.

Bikash Barai is the Co-Founder of FireCompass, an AI assistant for IT security decision makers. Earlier he founded iViZ an IDG Ventures backed company which was later acquired by Cigital. He is also an early advisor at CISO Platform.

Fireside Chat (Recorded)

Executive Summary (Session Highlights):

• Building Relationships and Preparing for Day One:
  This session emphasized the importance of relationship-building and early research for incoming CISOs. Preparation begins before day one by studying the organization's business strategy, understanding key stakeholders, and building trust with peers and leaders. CISOs should seek to grasp the company culture, revenue models, and leadership dynamics through resources like LinkedIn and direct conversations.
• Key Priorities in the First Week:
  The initial week focuses on foundational activities like onboarding, understanding organizational dynamics, and creating a sense of belonging. CISOs should establish relationships with team members, identify key influencers, and familiarize themselves with the business environment. Early efforts should align with understanding immediate operational and strategic priorities.
• Understanding Business Strategy in the First Month:
  In the first 30 days, CISOs must prioritize learning the business inside out. Strategies include analyzing key revenue sources, understanding major business metrics, and identifying critical organizational milestones (e.g., acquisitions, product launches, or IPO plans). Building relationships with leaders in finance, manufacturing, and other departments provides insight into what drives the business and uncovers potential risks.
• Aligning Security and Business Goals:
  The session highlighted the necessity of framing security initiatives in terms of business outcomes. CISOs were advised to shift their focus from technical jargon to business language, aligning security strategies with key business objectives. For example, framing data security as a method to ensure customer trust and financial stability enhances collaboration with non-technical stakeholders.
• Inventory and Gap Assessments:
  Creating a complete and accurate inventory of people, processes, and technology is critical. This includes identifying data locations, understanding data flows, and mapping team strengths and weaknesses. Gap assessments help align existing security measures with organizational needs, ensuring a focused approach to mitigating risks.
• Challenges in Data Discovery and Access Management:
  Data inventory and access reviews were cited as ongoing challenges. Shadow IT and unknown data repositories present significant risks. The session stressed the importance of using both tools and personal interactions to uncover hidden data and foster collaboration with business leaders for effective security management.
• Navigating the Language of Business vs. Security:
  Successful CISOs bridge the gap between business and security by learning to speak the language of their stakeholders. Rather than imposing technical solutions, they must listen, adapt, and align security goals with broader business strategies. Building trust and showing humility were highlighted as key enablers in this process.
• Mentorship and Continuous Learning:
  The session underscored the importance of mentorship and ongoing professional development. Exercises like identifying gaps between current skills and desired roles can guide career advancement. CISOs were encouraged to focus on strategic thinking and leadership to become valuable business partners.