CISO - All Articles - CISO Platform2024-03-29T14:24:22Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/CISOSEC Case Against SolarWinds Overview - The Rant You Have Been Waiting Forhttps://www.cisoplatform.com/profiles/blogs/sec-case-against-solarwinds-overview-the-rant-you-have-been-waiti2023-12-01T04:36:19.000Z2023-12-01T04:36:19.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12306015460?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/hdH4d3eiGl8?si=CHbEYSGOCWAW9UX8" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">The SEC case against SolarWinds and their CISO has opened a hornet’s nest and half of the cybersecurity community is up in arms, claiming that the SEC is unfairly making CISOs the scapegoats, when they are only trying to do their difficult job. WRONG!</p><p class="graf graf--p">This case is not a general attack on CISOs, but rather a specific case of fraud that intentionally and unfairly deceived investors.</p><p class="graf graf--p">SEC Complaint (.pdf) <a class="markup--anchor markup--p-anchor" href="https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf" target="_blank">https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf</a></p></div>Debating CISO Accountability: Inside the SolarWinds SEC Casehttps://www.cisoplatform.com/profiles/blogs/debating-ciso-accountability-inside-the-solarwinds-sec-case2023-11-29T20:48:38.000Z2023-11-29T20:48:38.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12305421286?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/3kpMa1YrEaU?si=ti9rzdb7RXTygy6R" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">The SEC case against SolarWinds and its CISO has been one of the most passionate topics all, spawning heated discussions in the hallways of CISOs across the country and globe, often bifurcating cybersecurity professionals into two opposing camps. One side declaring the SEC actions to be an affront to the role of CISOs, essentially unfairly targeting them and making their already difficult job unnecessarily more problematic. The other side typically states it is a matter where individuals broke the rules and are being held accountable, and this case is not forcing any specific set of security controls by public companies.</p><p class="graf graf--p">Panelists: <strong class="markup--strong markup--p-strong">Jim Routh</strong> and <strong class="markup--strong markup--p-strong">Michael W. Reese</strong></p><p class="graf graf--p">Moderator <strong class="markup--strong markup--p-strong">Matthew Rosenquist</strong></p><p class="graf graf--p">Many thanks to CISO Platform for sponsoring this event!</p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">SEC official announcement: <a class="markup--anchor markup--p-anchor" href="https://www.sec.gov/news/press-release/2023-227" target="_blank">https://www.sec.gov/news/press-release/2023-227</a></p><p class="graf graf--p">SEC Complaint (.pdf) <a class="markup--anchor markup--p-anchor" href="https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf" target="_blank">https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf</a></p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Follow me on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p class="graf graf--p">Subscribe to the Cybersecurity Insights channel for more great content: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/CybersecurityInsights" target="_blank">https://www.youtube.com/CybersecurityInsights</a></p></div>(Chennai Task Force) Digital Personal Data Protection (DPDP): Practical approach for CISOshttps://www.cisoplatform.com/profiles/blogs/chennai-task-force-digital-personal-data-protection-dpdp-practica2023-11-23T06:22:38.000Z2023-11-23T06:22:38.000Zprithahttps://www.cisoplatform.com/members/pritha<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12299638697?profile=RESIZE_400x&width=400"></div><div><p>Our community members Prabhakar Ramakrishnan (CISO, TNQ Publishing) and Dr. Jagannath Sahoo (CISO, Gujarat fluorochemicals) are speaking on “Digital Personal Data Protection (DPDP): Practical Approaches For CISOs”</p>
<p>The bill aims to protect individual data and regulate data practices. CISOs should be aware of the new requirements to avoid penalties.</p>
<p class="p1"> </p>
<p class="p1"><span style="font-size:18pt;">Topic : (Chennai Task Force) Digital Personal Data Protection (DPDP): Practical approach for CISOs </span></p>
<p class="p1"><span style="font-size:18pt;">Date & Time : 23 November, Thursday, 4 PM (IST) </span></p>
<p class="p3"><span class="s1"><strong>>> Registration Link :</strong> <a href="https://bit.ly/webinar-DPDP-Nov2023">https://bit.ly/webinar-DPDP-Nov2023 </a></span></p>
<p class="p3"> </p>
<p class="p1"> </p>
<p class="p1"><span style="font-size:18pt;">Key Discussion Points/ Agenda: </span></p>
<p class="p1">1. Introduction to Data Privacy</p>
<p class="p1">- What is data privacy</p>
<p class="p1">- Privacy laws around the globe</p>
<p class="p1">- DPDPA Journey</p>
<p class="p1">2. Understanding the New Indian DPDPA 2023</p>
<p class="p1">- Objectives</p>
<p class="p1">- Principles of DPDPA</p>
<p class="p1">- Applicability</p>
<p class="p1">- Rights & Duties of Individuals</p>
<p class="p1">- Principals</p>
<p class="p1">- Legal implications/penalties</p>
<p class="p1">3. A practical approach to DPDPA compliance</p>
<p class="p1">- Personal data Inventory</p>
<p class="p1">- DPIA</p>
<p class="p1">- Risk treatment</p>
<p class="p1"> </p>
<p class="p1">Request members interested in the topic to register and also share with your teams and peers who may not be in the group. It is an important topic on 'DPDP for CISOs' and very relevant at the moment. </p>
<p class="p1"><span class="s1"><strong>>> Registration Link :</strong> <a href="https://bit.ly/webinar-DPDP-Nov2023">https://bit.ly/webinar-DPDP-Nov2023 </a></span></p>
<p class="p1"> </p>
<p class="p1"> </p>
<p class="p1"> </p></div>CISO Guide : Incident Response: Validation, Containment & Forensicshttps://www.cisoplatform.com/profiles/blogs/ciso-guide-incident-response-validation-containment-forensics2023-06-27T07:53:35.000Z2023-06-27T07:53:35.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><strong><span style="font-size:24pt;"><a href="https://www.cisoplatform.com/profiles/blogs/ciso-guide-incident-response-validation-containment-forensics" target="_blank"><img class="align-full" src="https://media.licdn.com/dms/image/D4D12AQEn1NllHajoqQ/article-cover_image-shrink_423_752/0/1687852888551?e=1693440000&v=beta&t=k1FRADu4jt3NZ4jWUc9Asogkkj8_CNCPhCH0IyRd61c" alt="1687852888551?e=1693440000&v=beta&t=k1FRADu4jt3NZ4jWUc9Asogkkj8_CNCPhCH0IyRd61c" width="769" height="512" /></a></span></strong></p>
<p><strong><span style="font-size:24pt;">Overview of Incident Response</span></strong></p>
<p><strong>Incident response is a critical aspect of any organization's cybersecurity strategy.</strong> When a security incident occurs, it is crucial to have a well-defined plan in place to handle the situation effectively. This blog post delves into the key components of incident response, focusing on the validation of incidents, containment measures, and the role of forensics in investigating and understanding security breaches.</p>
<p><span style="font-size:18pt;"><strong>1.Incident Validation</strong></span></p>
<p>The first step in incident response is validating whether an incident has indeed occurred. This involves assessing the nature and severity of the event to determine its validity. The validation process typically includes gathering evidence, analyzing logs, and employing various detection tools and techniques to confirm the incident.</p>
<p><span style="font-size:12pt;"><strong>1.1 Evidence Collection</strong></span><br /> To validate an incident, it is essential to collect relevant evidence. This includes system logs, network traffic data, user reports, and any other artifacts that can provide insight into the incident. Proper evidence collection is crucial for a thorough investigation and ensures that critical information is not overlooked or compromised.</p>
<p><span style="font-size:12pt;"><strong>1.2 Analysis and Detection</strong></span><br /> Once the evidence is collected, it undergoes detailed analysis to detect any signs of compromise or malicious activity. Security analysts employ various tools and techniques, such as intrusion detection systems (IDS), security information and event management (SIEM) systems, and behavioral analytics, to identify anomalies and indicators of compromise.</p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_incidentresponse27June" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>2.Incident Containment </strong></span></p>
<p>Once an incident is validated, the next step is containment. The primary objective of containment is to limit the impact of the incident and prevent further damage to the organization's systems, data, and reputation. Prompt and effective containment measures are crucial to minimizing the potential harm caused by the incident.</p>
<p><span style="font-size:12pt;"><strong>2.1 Isolation and Segmentation</strong></span><br /> Isolating the affected systems or networks is a critical step in containment. By disconnecting compromised systems from the network, organizations can prevent lateral movement and limit the spread of the incident. Network segmentation techniques, such as virtual LANs (VLANs) and firewalls, are employed to restrict unauthorized access and contain the incident within a specific area.</p>
<p><span style="font-size:12pt;"><strong>2.2 Access Control and Privilege Management</strong></span><br /> Implementing stringent access controls and privilege management measures helps limit the impact of an incident. This involves revoking unnecessary privileges, enforcing strong authentication mechanisms, and implementing the principle of least privilege. By controlling access to sensitive resources, organizations can mitigate the risk of further compromise and maintain the integrity of their systems.</p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_incidentresponse27June" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>3.Forensics and Investigation</strong></span></p>
<p>Once the incident is contained, the focus shifts towards conducting a thorough forensic investigation. Forensics play a vital role in understanding the scope and nature of the incident, identifying the root cause, and gathering evidence for potential legal proceedings. The following steps are typically involved in a forensic investigation:</p>
<p><span style="font-size:12pt;"><strong>3.1 Preservation of Evidence </strong></span><br /> Preserving the integrity of evidence is of utmost importance in forensic investigations. This includes creating forensic copies of compromised systems, preserving logs, and maintaining a chain of custody to ensure the admissibility of evidence in legal proceedings.</p>
<p><span style="font-size:12pt;"><strong>3.2 Analysis and Reconstruction </strong></span><br /> During the analysis phase, forensic experts examine the collected evidence to reconstruct the sequence of events leading up to the incident. This involves examining log files, system artifacts, and memory dumps to identify the tactics, techniques, and procedures (TTPs) employed by the attackers.</p>
<p><span style="font-size:12pt;"><strong>3.3 Attribution and Lessons Learned </strong></span><br /> In some cases, it may be possible to attribute the incident to a specific threat actor or group. Forensic analysis, in conjunction with threat intelligence, can aid in determining the motives and tactics employed by the attackers. Additionally, the lessons learned from the incident can be used to improve security practices and enhance future incident response capabilities.</p>
<p>An effective incident response strategy is crucial for organizations to detect, validate, and respond to security incidents promptly and effectively. The process of incident response involves validating incidents, implementing containment measures, and conducting thorough forensic investigations. By following a well-defined incident response plan and leveraging the right tools and techniques, organizations can minimize the impact of security incidents and enhance their overall cybersecurity posture. </p>
<p>P.S. I plan to add in more details from the slide, since it's a gold mine with so much relevant and interesting details</p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_incidentresponse27June" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Presentation For Reference</strong></span></p>
<p><iframe style="border:1px solid #CCC;border-width:1px;margin-bottom:5px;max-width:100%;" src="https://www.slideshare.net/slideshow/embed_code/key/Ca1XHvvFxBqX2T?startSlide=1" width="597" height="486" frameborder="0" marginwidth="0" marginheight="0" scrolling="no" allowfullscreen=""></iframe></p>
<div style="margin-bottom:5px;"><strong><a title="Incident Response: Validation, Containment & Forensics" href="https://www.slideshare.net/cisoplatform7/incident-response-validation-containment-forensics" target="_blank"> Incident Response: Validation, Containment & Forensics</a></strong> from <strong><a href="https://www.slideshare.net/cisoplatform7" target="_blank">Priyanka Aash</a></strong></div></div>Evaluating Cybersecurity Maturity Aligned To NIST: A Guide To Protecting Your Business in the Digital Agehttps://www.cisoplatform.com/profiles/blogs/evaluating-cybersecurity-maturity-aligned-to-nist-a-guide-to-prot2023-06-21T06:35:51.000Z2023-06-21T06:35:51.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>In today's interconnected world, businesses face an ever-growing threat landscape of cyberattacks. The need to establish a robust cybersecurity posture and maturity level has become critical for organizations across industries. To achieve this, a comprehensive cybersecurity maturity model can serve as a valuable tool.</p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>What Is The CyberSecurity Posture For An Organization ? </strong></span></h3>
<p>The <strong>cybersecurity posture</strong> of an organization refers to its current state in terms of its ability to protect against cyberattacks. It encompasses the collective strength of information security resources, including people, processes, and technology. Conducting a cybersecurity posture assessment involves evaluating the organization's network security and assessing the effectiveness of its information security resources and capabilities.</p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>5 Stages In A Security Maturity Model</strong></span></h3>
<p>The security maturity model consists of five distinct stages: Awareness, Prevention, Detection, Response, and Recovery.</p>
<p><strong>1.Awareness:</strong></p>
<p>In the initial stage of security maturity, known as Awareness, organizations develop a fundamental understanding of cybersecurity risks and recognize the potential consequences associated with cyberattacks. They establish policies and procedures aimed at mitigating these risks effectively.</p>
<p><strong>2.Prevention:</strong></p>
<p>The second stage, known as Prevention, focuses on the implementation of robust controls and measures to proactively prevent cyberattacks. This includes the deployment of technologies such as firewalls, intrusion detection systems, and malware protection to safeguard critical assets.</p>
<p><strong>3.Detection:</strong></p>
<p>The third stage, Detection, involves the implementation of advanced monitoring capabilities and controls to detect cyberattacks promptly. Intrusion detection systems, log management, and security event monitoring are key components of this stage, enabling organizations to identify and respond to security incidents swiftly.</p>
<p><strong>4.Response:</strong></p>
<p>At the fourth stage, Response, organizations establish comprehensive plans and protocols to effectively respond to cyberattacks. These plans encompass containment strategies, eradication of threats, and the recovery of affected systems and data. The goal is to minimize the impact and restore normal operations as quickly as possible.</p>
<p><strong>5.Recovery:</strong></p>
<p>The final stage, Recovery, focuses on developing robust plans and procedures to facilitate the recovery process following a cyberattack. These plans encompass vital steps such as data backup and restoration, system recovery, and business continuity measures. The aim is to restore operations fully while ensuring the resilience of the organization.</p>
<p>By progressing through these stages of security maturity, organizations can bolster their cybersecurity defenses, enhance incident response capabilities, and minimize the impact of cyber threats on their operations.</p>
<p><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank"><span style="font-size:12pt;">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</span></a></p>
<p> </p>
<p> </p>
<h3><span style="font-size:14pt;"><strong>NIST CyberSecurity Frameworks To Use As Guideline</strong></span></h3>
<p>NIST Cybersecurity Framework : The National Institute of Standards and Technology (NIST) Cybersecurity Framework offers a valuable maturity model for evaluating an organization's cybersecurity readiness. This framework comprises five essential functions: Identify, Protect, Detect, Respond, and Recover.</p>
<p>Each function corresponds to a specific stage within the security maturity model and entails a distinct set of controls and measures. Through a comprehensive assessment of their position on the maturity model, organizations can pinpoint areas requiring enhancements in their cybersecurity posture.</p>
<p>Utilizing the NIST Cybersecurity Framework empowers businesses to fortify their defenses by identifying security gaps and establishing a clear path for improvement. By implementing the appropriate controls and measures at each stage of the maturity model, organizations can steadily advance toward achieving higher levels of cybersecurity maturity.</p>
<p>Link to implementation guide - <a href="https://www.nist.gov/itl/smallbusinesscyber/planning-guides/nist-cybersecurity-framework" target="_blank">https://www.nist.gov/itl/smallbusinesscyber/planning-guides/nist-cybersecurity-framework</a></p>
<p> </p>
<p><a href="https://media.licdn.com/dms/image/D5612AQF68Ek4LV8LSA/article-inline_image-shrink_1000_1488/0/1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" target="_blank"><img class="align-full" src="https://media.licdn.com/dms/image/D5612AQF68Ek4LV8LSA/article-inline_image-shrink_1000_1488/0/1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" width="1087" height="812" alt="1687328334929?e=1692835200&v=beta&t=a8tNufG5291OLdq_NfDRhpkJxC9kZpMyxCS2LckQSHw" /></a></p>
<p>Credit : Shared by a community member</p>
<p> </p>
<p><span style="font-size:12pt;"><a href="https://www.cisoplatform.com/top-100-ciso-awards-2023?utm_src=p_blog_maturitymodel" target="_blank">(Many years back we started the 'Top 100 CISO Awards' recognizing the important role a CISO plays in preventing huge breaches. Nominate yourself for the 15th Edition Of Top 100 Awards, The 1st recognition for CISOs)</a></span></p>
<p> </p>
<p> </p>
<p>In conclusion, establishing a robust cybersecurity posture and maturity level is paramount for organizations in the face of the ever-growing threat landscape of cyberattacks. By implementing a comprehensive cybersecurity maturity model, businesses can assess their current security capabilities, identify areas for improvement, and prioritize investments effectively. The five stages of the security maturity model—Awareness, Prevention, Detection, Response, and Recovery—provide a roadmap for organizations to enhance their cybersecurity defenses and incident response capabilities. Additionally, leveraging frameworks like the NIST Cybersecurity Framework offers valuable guidance for organizations to assess their readiness, identify gaps, and chart a clear path for improvement. By adopting these approaches, businesses can proactively protect their critical assets, ensure business continuity, and navigate the complex cybersecurity landscape with confidence.</p></div>Crucial conversations: Overcoming the 5 Areas Where CISOs Tend to Strugglehttps://www.cisoplatform.com/profiles/blogs/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-2023-03-02T19:28:22.000Z2023-03-02T19:28:22.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10978944873?profile=RESIZE_400x&width=400"></div><div><p>I had a great conversation with Marco Ciappelli and Sean Martin from ITSPmagazine Podcast discussing the mistakes and hard-learned lessons in cybersecurity!</p><p>They are such characters! A fun and informative discussion.</p><p><strong>Podcast:</strong> <a href="https://bluelava.io/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-struggle/">https://bluelava.io/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-struggle/</a></p></div>CISO Community Webinar On "Exposure Management For Financial Institutions To Overcome Resource Limitations And Regulatory Reporting"https://www.cisoplatform.com/profiles/blogs/ciso-community-webinar-on-exposure-management-for-financial-insti2023-02-01T07:07:59.000Z2023-02-01T07:07:59.000Zprithahttps://www.cisoplatform.com/members/pritha<div><div>We are hosting a <strong>CISO community webinar on "exposure management for financial institutions to overcome resource limitations and regulatory reporting"</strong>. </div>
<div>
<p>Join Bikash Barai (co-founder CISOPlatform Community & FireCompass) and Dave Lawy (Co-founder QunatumSmart and Senior Technology Executive), as they discuss how to overcome resource limitations and the manual burden of regulatory reporting for Financial Institutions. </p>
</div>
<div>Learn how exposure management can help your Financial Institution navigate the ever-increasing regulatory burden.</div>
<div> </div>
<div> </div>
<div><span style="font-size:14pt;"><strong>Key Learning Points : </strong> </span></div>
<div>
<ul>
<li>How to Overcome Resource Limitations: automate and lighten your workload by providing continuous programmatic assurance</li>
<li>Discover, Prioritize & Proactively Reduce Cyber Risk: Discover your attack surface risks & prioritize the most important ones to help mitigate the risks faster</li>
<li>Security Posture Reports to Meet Regulatory Requirements: How to continually assess and provide automated reports on your security posture to meet regulatory requirements</li>
</ul>
</div>
<div> </div>
<div>You can join us here: <a href="https://info.cisoplatform.com/how-exposure-management-reduce-burden" target="_blank">https://info.cisoplatform.com/how-exposure-management-reduce-burden?utm_src=cpblog</a></div>
<div> </div>
<div> </div>
<div> </div>
<div><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Webinar%20-%20Credit%20Union%20(Financial%20Institutions)/Banner%20with%20partner%20logo.png" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Webinar%20-%20Credit%20Union%20(Financial%20Institutions)/Banner%20with%20partner%20logo.png" alt="Banner%20with%20partner%20logo.png" /></a></div>
<div> </div>
<div> </div>
<div><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Webinar%20-%20Credit%20Union%20(Financial%20Institutions)/Speakers.png" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Webinar%20-%20Credit%20Union%20(Financial%20Institutions)/Speakers.png" alt="Speakers.png" /></a></div>
<div> </div></div>CISO Platform Breach And Attack Summit 2022https://www.cisoplatform.com/profiles/blogs/ciso-platform-breach-and-attack-summit-20222023-01-17T09:33:51.000Z2023-01-17T09:33:51.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-3">Learn About Top Breches, Attack Trends & Techniques And How To Defend Against Them. Our editorial team has handpicked the top sessions at Breach & Attack Summit held in Bangalore, Mumbai and Chennai. Here are the list of top sessions in Breach & Attack Summit 2022. </span></p>
<p><span class="font-size-3">350+ CISOs & Members joined us, 80+ Speakers shared their knowledge with the community and 47K+ engaged on social media. Attendees experienced keynotes, panel discussions and hands on workshops. </span></p>
<p> </p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Generic%20Banner%20for%20marketing%20mail.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Generic%20Banner%20for%20marketing%20mail.jpg?profile=RESIZE_710x" alt="Generic%20Banner%20for%20marketing%20mail.jpg?profile=RESIZE_710x" width="1200" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/keynote-dissecting-verizon-dbir-what-s-causing-most-breaches" target="_blank">1 - (Keynote) Dissecting Verizon DBIR: What's Causing Most Breaches?</a></span></p>
<p><span style="font-size:14pt;">Speaker: <span style="font-size:12pt;">Jitendra Chauhan</span></span></p>
<p><span style="font-weight:400;font-size:12pt;">Analysis Of Verizon DBIR & Top Attack Vectors. The cyber security world has been very active last year - from very well-publicized critical infrastructure attacks to massive supply chain breaches. In this event, we will look deep into Verisign DIBR report and find out how attackers navigate to your valuable assets and what you can do about it.</span></p>
<p><strong> </strong><span style="font-size:15pt;"><span style="font-size:10pt;">>></span> <strong><a href="https://www.cisoplatform.com/profiles/blogs/keynote-dissecting-verizon-dbir-what-s-causing-most-breaches" target="_blank">Go To Presentation</a></strong></span> </p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%201.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%201.jpg?profile=RESIZE_930x" alt="Topic%201.jpg?profile=RESIZE_930x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/keynote-shift-left-of-boom-the-new-shift-left-movement-Sachin" target="_blank">2 - (Keynote) Shift Left Of Boom: The new "Shift-Left" Movement That CISOs Must Keep An Eye On</a></span></p>
<p><span style="font-size:14pt;">Speaker: <span style="font-size:12pt;">Sachin Deodhar</span></span></p>
<p><span style="font-weight:400;font-size:12pt;">At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. </span></p>
<p>>><strong> <span style="font-size:15pt;"><a href="https://www.cisoplatform.com/profiles/blogs/keynote-shift-left-of-boom-the-new-shift-left-movement-Sachin" target="_blank">Go To Presentation</a></span></strong></p>
<p><span style="font-size:15pt;"><strong> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%202.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%202.jpg?profile=RESIZE_710x" alt="Topic%202.jpg?profile=RESIZE_710x" width="750" /></a><br /> </strong></span></p>
<p> </p>
<p><span style="font-size:20pt;">3 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:14pt;">Sanil Anad Nadkami</span><span style="font-size:14pt;"><span style="font-size:14pt;"> </span></span></span></p>
<p><span style="font-size:18.6667px;">Panel: <span style="font-size:12pt;">Aditi Lath, Manikant R Singh, Dheemanth R, Rajesh Jain, Satya Maddela, Senthil N, Vikash Kumar Singh, Purna Reddy Bolla, Anshuman Singh</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%203.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%203.jpg?profile=RESIZE_710x" alt="Topic%203.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">4 - (Workshop) Practical Approaches For Securing IoT Ecosystems </span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Speaker: </span><span style="font-size:12pt;">Maithri Nadig, Rahul U, Krishnaa Srinivasa</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%204.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%204.jpg?profile=RESIZE_710x" alt="Topic%204.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p> <span style="font-size:20pt;">5 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface </span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator:<span style="font-size:12pt;"> Navaneethan M, </span></span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: </span><span style="font-size:12pt;">Yogesh M, Manoj Kuruvanthody, Samrat Bhatt, Satya NM, Shaik Javeed Ahmed, Srinivas Thimmaiah, Arnab Chattopadhayay</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%205.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%205.jpg?profile=RESIZE_710x" alt="Topic%205.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/workshop-purple-teaming-with-adversary-emulation-sachin-deodhar" target="_blank">6 - (Workshop) Purple Teaming With Adversary Emulation</a></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Speaker: </span><span style="font-size:12pt;">Sachin Deodhar</span></span></p>
<p><span style="font-weight:400;font-size:12pt;">Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.</span></p>
<p><span style="font-size:14pt;"><span style="font-size:10pt;">>></span> <a href="https://www.cisoplatform.com/profiles/blogs/workshop-purple-teaming-with-adversary-emulation-sachin-deodhar" target="_blank">Go To Presentation</a></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%206.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%206.jpg?profile=RESIZE_710x" alt="Topic%206.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">7 - CISO Platform Task Force Initiative 2022</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Speaker: </span><span style="font-size:12pt;">Bikash Barai</span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:12pt;">A global community of 5K+ Senior IT Security executives and 40K+ subscribers with the vision of meaningful collaboration, knowledge, and intelligence sharing to fight the growing cyber security threats.</span></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20.jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20.jpg?profile=RESIZE_710x" width="750" /></a> </p>
<p> </p>
<p><span style="font-size:20pt;">8 - (Keynote Panel) Managing Security During Turbulent Times</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: <span style="font-size:12pt;">Roshan Williams</span></span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: </span><span style="font-size:12pt;">Prathap R, Raghavendra Bhat, Satish Kumar Dwibhashi, Shetty KV, Vishal Kalro, Murali Krishnaam, Aditya Kakrania</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(1).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(1).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(1).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">9 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: <span style="font-size:12pt;">Somshubhro Pal Choudhury</span></span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: </span><span style="font-size:12pt;">Asif Nalakath, Nantha Ram, Naseem Halder, Nitish Goyal, Philip Varughese, Sandeep Bansal, Anirudha Nayak, Harmeet Kalra</span></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%209.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%209.jpg?profile=RESIZE_710x" alt="Topic%209.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/workshop-decoding-cis-risk-assesment-method-v2-1-how-to-leverage" target="_blank">10 - (Workshop) Decoding CIS Risk Assesment Method V2.1 : How To Leverage</a></span></p>
<p><span style="font-size:14pt;">Speaker:</span> <span style="font-size:12pt;">Aditya Kakrania</span></p>
<p><span style="font-weight:400;font-size:12pt;">Risk assessments are valuable tools for understanding the threats enterprises face, allowing them to organize a strategy and build better resiliency and business continuity, all before a disaster occurs. Preparation is key – after all, the worst time to plan for a disaster is during a disaster.</span></p>
<p><span style="font-size:14pt;"><span style="font-size:10pt;">>></span> <a href="https://www.cisoplatform.com/profiles/blogs/workshop-decoding-cis-risk-assesment-method-v2-1-how-to-leverage" target="_blank">Go To Presentation</a></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(2).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(2).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(2).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">11 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Bijender Kumar Mishra</span><span style="font-size:14pt;"><span style="font-size:12pt;"> </span> </span></span></p>
<p><span style="font-size:18.6667px;">Panel: <span style="font-size:12pt;">Urvish Acharya, Tejas Shah, Pradipta Patro, Suresh A Shan, Vasudevan Nair, Satyanandan Atyam, Anshuman Singh</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/11.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/11.jpg?profile=RESIZE_930x" width="750" alt="11.jpg?profile=RESIZE_930x" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">12 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Vijay Kumar Verma</span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: <span style="font-size:12pt;">Hiren Pandey, Shitij Bhatia, Sanjay Jaiswal, Rohit Yeshwant Rane, Satyavrat Mishra, Melwyn Rebeiro, Harmeet Kalra</span></span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/12.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/12.jpg?profile=RESIZE_930x" width="750" alt="12.jpg?profile=RESIZE_930x" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">13 - (Keynote Panel) Managing Security During Turbulent Times</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Ambarish Kumar Singh</span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;"><span style="font-size:14pt;">Panel:</span> <span style="font-size:12pt;">Balram Choudhary, Dr. Naresh Kumar Harale, Shankar Jadhav, Shobhana Lele, Venkata Satish Guttula, Satyanandan Atyam, Aditya Kakrania</span></span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/13.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/13.jpg?profile=RESIZE_930x" width="750" alt="13.jpg?profile=RESIZE_930x" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">14 - (Keynote Panel) Managing Stress During Crisis</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Bikash Barai</span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;"><span style="font-size:14pt;">Speaker:</span> <span style="font-size:12pt;">Ajay, Harshad Mengle, Mohd Imran</span></span></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(3).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(3).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(3).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">15 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface </span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Dilip Panjwani</span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;"><span style="font-size:14pt;">Speaker:</span> <span style="font-size:12pt;">Kedar Telavane, Sachin Kawalkar, Gopal Gupta, Kalpesh Doshi, Ananth MS</span></span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%2015.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%2015.jpg?profile=RESIZE_710x" alt="Topic%2015.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">16 - (Keynote Panel) Building A Reference Architecture For Detect, Respond And Recover Capability</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">Gowdhaman Jothilingam</span><span style="font-size:14pt;"><span style="font-size:12pt;"> </span> </span></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: <span style="font-size:12pt;">Prabhakar Ramakrishnan, Venugopal Parameswaran, M Sivasubramanian, Srinivasulu Thayam, Maharajan S, Anshuman Singh</span></span></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/16.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/16.jpg?profile=RESIZE_930x" width="750" alt="16.jpg?profile=RESIZE_930x" /></a> </p>
<p> </p>
<p><span style="font-size:20pt;">17 - (Keynote Panel) Strategies To Manage The Unknown Unknowns In Your Attack Surface </span></p>
<p><span style="font-size:18.6667px;">Moderator: <span style="font-size:12pt;">Vijaykumar Radhakrishnan</span></span></p>
<p><span style="font-size:18.6667px;">Panel: <span style="font-size:12pt;">Vijayakumar KM, Lakshmi Narasimhan R, Venkatasubramanian Ramakrishnan, Palanikumar Arumugam, Vijay Anand, Gokulavan Jayaraman, Thamaraiselvan, Arnab Chattopadhayay</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(4).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(4).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(4).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/workshop-purple-teaming-with-adversary-emulation-jitendra-chauhan" target="_blank">18 - (Workshop) Purple Teaming With Adversary Emulation</a></span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Speaker: <span style="font-size:12pt;">Jitendra Chauhan</span></span></span></p>
<p><span style="font-weight:400;font-size:12pt;">Adversary emulation involves leveraging your Red Teams to use real world adversary tactics, techniques and procedures (TTPs), alongside attack frameworks such as MITRE ATT&CK to: Identify control gaps (and weaknesses); Validate your monitoring, detection and response capabilities; Prioritizing your security investments towards mitigating any shortcoming that may be observed using this approach.</span></p>
<p><span style="font-size:14pt;"><span style="font-size:10pt;">>></span> <a href="https://www.cisoplatform.com/profiles/blogs/workshop-purple-teaming-with-adversary-emulation-jitendra-chauhan" target="_blank">Go To Presentation</a></span></p>
<p><a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(5).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(5).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(5).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">19 - (Keynote Panel) Chennai Chapter Presentation</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Panel: </span><span style="font-size:12pt;">Gokulavan Jayaraman, Prabhakar Ramakrishnan, Thamaraiselvan S, Suprakash Guha, Gowdhaman Jothilingam, Srinivasulu Thayam</span></span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%2020.jpg?profile=RESIZE_710x" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/Topic%2020.jpg?profile=RESIZE_710x" alt="Topic%2020.jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;"><a href="https://www.cisoplatform.com/profiles/blogs/keynote-left-of-boom-shift-left-in-security-arnab-chattopadhayay" target="_blank">20 - (Keynote) Shift Left Of Boom: The New "Shift-Left" Movement That CISOs Must Keep An Eye On</a></span></p>
<p><span style="font-size:14pt;">Speaker: <span style="font-size:12pt;">Arnab Chattopadhayay</span></span></p>
<p><span style="font-weight:400;font-size:12pt;">At its core, “boom” is an unwanted, bad event for the defender — the initial contact from the offender. “Left of boom” is the set of events that occur in the timeline before the boom and “right of boom” is the set of events that follows. If we applied this to the cyber domain, Left of Boom would refer to those proactive initiatives and actions that are designed to prevent/preempt (or minimize risk associated with) an adverse cyber event. </span></p>
<p>>><strong> <span style="font-size:15pt;"><a href="https://www.cisoplatform.com/profiles/blogs/keynote-left-of-boom-shift-left-in-security-arnab-chattopadhayay" target="_blank">Go To Presentation</a></span></strong><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(6).jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/1200650%20Breach&Attack%20Summit%20Blog%20%20(6).jpg?profile=RESIZE_710x" alt="1200650%20Breach&Attack%20Summit%20Blog%20%20(6).jpg?profile=RESIZE_710x" width="750" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:20pt;">21 - (Keynote Panel) Analysing Recent Gartner Hype Cycle And Emerging New Technologies</span></p>
<p><span style="font-size:20pt;"><span style="font-size:14pt;">Moderator: </span><span style="font-size:12pt;">AVS Prabhakar</span></span></p>
<p><span style="font-size:14pt;">Panel:</span> <span style="font-size:12pt;">Balakrishnan Kanniah, Gopi Krishna Togarcheti, Madhavan GG, Kavitha Srinivasulu, Suprakash Guha, Srinivasan</span><br /> <a href="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/t22.jpg" target="_blank"><img class="align-full" src="https://6202375.fs1.hubspotusercontent-na1.net/hubfs/6202375/CISO%20Platform/Breach%20And%20Attack%20Summit%202022/Blr%20Event%20Photos/t22.jpg?profile=RESIZE_930x" width="750" alt="t22.jpg?profile=RESIZE_930x" /></a></p>
<p> </p></div>5 Biggest Mistakes of Cybersecurity Programshttps://www.cisoplatform.com/profiles/blogs/5-biggest-mistakes-of-cybersecurity-programs2022-11-17T21:30:04.000Z2022-11-17T21:30:04.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10886257076?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">In my new <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes" target="_blank">LinkedIn Learning class</a>, I discuss the five biggest mistakes made by cybersecurity organizations, regardless of their size or stature, and how to manage risk more effectively to avoid costly blunders.</p><p class="graf graf--p">Do any of these cybersecurity organization problems sound familiar?<br /> 1. Inexperienced leadership<br /> 2. Deprioritized strategic thinking<br /> 3. Failing to optimize for threats<br /> 4. Insufficient organizational teamwork<br /> 5. Failing to maximize value</p><p class="graf graf--p">Check out my <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/learning/five-biggest-mistakes-of-cybersecurity-programs/learn-from-others-mistakes" target="_blank">Five Biggest Mistakes of Cybersecurity Programs</a> class where I break down the challenges and offer recommendations to avoid or resolve the issues.</p><div class="graf graf--mixtapeEmbed"> </div><p class="graf graf--p">BONUS: Here is a post containing a link that should allow all my LinkedIn followers (you need to be on LinkedIn) <strong class="markup--strong markup--p-strong"><em class="markup--em markup--p-em">free access to the course for 24 hours</em></strong>.</p><p class="graf graf--p"><a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/posts/matthewrosenquist_cybersecurity-linkedinlearning-alwaysbelearning-activity-6999094370419265536-xD0G?utm_source=share&utm_medium=member_desktop" target="_blank">https://www.linkedin.com/posts/matthewrosenquist_cybersecurity-linkedinlearning-alwaysbelearning-activity-6999094370419265536-xD0G?utm_source=share&utm_medium=member_desktop</a></p></div>2022 Silicon Valley CIO Executive Leadership Summithttps://www.cisoplatform.com/profiles/blogs/2022-silicon-valley-cio-executive-leadership-summit2022-10-15T19:48:24.000Z2022-10-15T19:48:24.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10842779464?profile=RESIZE_400x&width=400"></div><div><p>I am looking forward to the upcoming 2022 Silicon Valley CIO Executive Leadership Summit in Mountain View CA on Oct 27<sup>th</sup>! HMG Strategy always puts on a great event for CIOs, CEOs and CISOs.</p><p>I am on a panel, moderated by Mark Egan, with David Hahn, and Dr. Sarah Cortes to discuss how cybersecurity innovation can be a competitive advantage.</p><p>Fellow C-Suite executives, come join this free event and engage with peers and speakers! </p><p> </p><p>Register now: <a href="https://www.yahoo.com/entertainment/cio-leadership-role-cio-fostering-165800544.html">https://www.yahoo.com/entertainment/cio-leadership-role-cio-fostering-165800544.html</a> </p></div>Biggest Challenge in Cybersecurityhttps://www.cisoplatform.com/profiles/blogs/biggest-challenge-in-cybersecurity2022-06-27T18:35:04.000Z2022-06-27T18:35:04.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10599452666?profile=RESIZE_400x&width=400"></div><div><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj" style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/jjmWbOQ5iQw" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">In the next few years, the biggest challenge in cybersecurity won’t be dealing with a specific threat, but rather conveying a meaningful value proposition throughout the organization, and especially to the C-suite and board. It is key to the sustainability of cybersecurity and perhaps our biggest blind spot!</p><p id="c929" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Articulating value has always been hard, but two major factors are emerging to exacerbate the problem.</p><p id="e277" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">First, the economy is in a downturn. We can expect a tightening of budgets and spending not related to revenue generation. This is a problem for cybersecurity and privacy, which are often seen as a cost center or an expense, that can be trimmed during lean budgetary times.</p><p id="b03d" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Secondly, the cost of cybersecurity continues to rise every year. We typically see 12% to 20% annual budget increases, and now a recent study showed a shocking 60% growth in budgets last year. This financial demand is not sustainable year-over-year for businesses. And realistically we don’t see an end in sight.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Quantifying the value of security has always been difficult, but now more than ever cybersecurity must align itself to enable and deliver meaningful contributions to the overall business goals and definitively convey this value to secure continued investment and support.</p><p id="f3de" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Failure to do so will undermine executive backing and that is a downward spiral when faced with ever-growing threats. It is a road that will lead to disaster, disillusionment, blame, and further disruption to the capacity to prevent future from future cyber-attacks.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">That is why the cybersecurity leadership, across all sectors, needs to begin maneuvering to optimize efficiencies, align to deliver outcomes that contribute to the business goals, and clearly articulate the overall value proposition.</p><p id="cd27" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Those who fail will be fighting an uphill battle for funding and executive support that only shifts when really bad things happened. And that is not a good business model.</p><p id="c5e0" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">I’m going to be talking more about the challenges of communicating cybersecurity value in articles, blogs, videos, and when speaking at conferences, like I did recently during the SPHERE2022 conference, because it is so crucial to the durability of cybersecurity. This will be the next big challenge for CISO’s and there is a lot to unpack around the risks and opportunities.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">As always, come join me on the Cybersecurity Insights channel for more discussions and industry analysis. The link is below.</p><p class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj"><a href="{{#staticFileLink}}10599452891,RESIZE_930x{{/staticFileLink}}"><img class="align-center" src="{{#staticFileLink}}10599452891,RESIZE_710x{{/staticFileLink}}" width="710" alt="10599452891?profile=RESIZE_710x" /></a></p><p id="a5d4" class="pw-post-body-paragraph kn ko il kp b kq kr ks kt ku kv kw kx ky kz la lb lc ld le lf lg lh li lj lk ie gj">Link to the Cybersecurity Insights channel: <a class="au tl" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p></div>The Challenge Of CISO Burnout - Impacts & Strategic Mitigation Tacticshttps://www.cisoplatform.com/profiles/blogs/the-challenge-of-ciso-burnout-impacts-strategic-mitigation-tactic2022-02-25T06:57:11.000Z2022-02-25T06:57:11.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>CISO burnout is a serious issue and through this discussion, we try to find out the impact of this issue on organizations and individuals. The CISO role is operation intensive and gruelling. In most cases CISOs remain in an organisation for about 1 to 2 years. The role is related to high stress levels and unrealistic organisational expectations. A <a href="https://www.darkreading.com/risk/90-of-cisos-would-cut-pay-for-better-work-life-balance" target="_blank">study showed</a> 90% of them were willing to take a pay cut for better work life balance. The problem is further compounded with connected devices and pandemic on board.</p>
<p><a href="https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-high-stress-and-burnout/" target="_blank">A study noted</a> - Average tenure of a CISO is just 26 months due to high stress and burnout. The vast majority of interviewed CISO executives (88%) report high levels of stress, a third report stress-caused physical health issues, half report mental health issues.</p>
<p>CISOs are, on average, working 11 more hours than they’re contracted to work each week, with 10% working 20 to 24 hours extra a week. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored. </p>
<ul>
<li>CISOs are overstretched (CISOs are, on average, working 11 more hours than they’re contracted to work each week)</li>
<li>The staffing shortage and skill gap makes it harder, CISOs have to manage operations</li>
<li>The ever-increasing threat landscape and solution landscape makes it harder to keep up and evolve infrastructure accordingly</li>
<li>CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored</li>
</ul>
<p> </p>
<p><span style="font-size:18pt;"><span style="font-size:14pt;">Our upcoming panel discussion on 'The Challenge Of CISO Burnout' is Friday, February 25, at 11:30 AM ET (8:30 AM PT).</span> <a href="https://info.cisoplatform.com/ciso-burnout-the-challenge-impacts-strategies?utm_src=cpblog" target="_blank">Register Here To Join</a></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Causes Of Burnout</strong></span></p>
<p>A CISO role need juggling of many hats. They need a strong technical background, understanding of organization goals and need to be strong communicators and have good leadership skills</p>
<p>They are often responsible for : </p>
<ul>
<li>Driving cybersecurity strategy</li>
<li>Managing reporting, security infrastructure</li>
<li>Understanding legal and regulatory considerations</li>
</ul>
<p> </p>
<p><span style="font-size:18pt;"><strong>Unrealictic Expectations Of Foolproof Security</strong></span></p>
<p>An organization needs strong security procedures and detection mechanisms. However, there is no foolproofing. <br /> Cybersecurity has become an area of interest of board of directors since security breaches are directly related to brand image loss and customer loss (not mentioning the finanacial implication that can be huge). And the CISO often becomes the scapegoat.</p>
<p> </p>
<p><span style="font-size:18pt;"><strong>A Few Possible Solution Areas</strong></span></p>
<ul>
<li>Cybersecurity Maturity Assessment. This gives a relative idea of where an organization's security weakness and strengths stand</li>
<li>Frequent testing</li>
<li>Frequent (if possible real time) attack surface testing</li>
<li>Dark web assessment. This allows to be aware of any leaked data or sensitive data in the dark web</li>
<li>Communicate clearly during stress. This allows for the CISO and the security team to discuss their issues. Management can allow for more relaxed times and breaks in the schedule to make the long hours efficient and not stressful</li>
<li>Oragnizational culture shift : have realistic expectations (have acceptable levels of risk), encourage efficient working over longer hours & more</li>
<li>Bump up and contribute towards security skill training. The talent shortae is reeking</li>
</ul>
<p> </p>
<p><strong>References</strong></p>
<ul>
<li><a href="https://www.isaca.org/resources/news-and-trends/industry-news/2020/understanding-and-addressing-ciso-burnout">https://www.isaca.org/resources/news-and-trends/industry-news/2020/understanding-and-addressing-ciso-burnout</a></li>
<li><a href="https://www.forbes.com/sites/forbestechcouncil/2020/04/07/i-was-a-ciso-for-six-years-heres-why-burnout-is-such-a-problem/?sh=557f2d105ac2">https://www.forbes.com/sites/forbestechcouncil/2020/04/07/i-was-a-ciso-for-six-years-heres-why-burnout-is-such-a-problem/?sh=557f2d105ac2</a></li>
<li><a href="https://www.techtarget.com/searchsecurity/feature/CISO-position-burnout-causes-high-churn-rate">https://www.techtarget.com/searchsecurity/feature/CISO-position-burnout-causes-high-churn-rate</a></li>
<li><a href="https://www.scmagazine.com/perspective/leadership/burnout-has-reached-crisis-levels-but-cisos-have-the-power-to-address-it">https://www.scmagazine.com/perspective/leadership/burnout-has-reached-crisis-levels-but-cisos-have-the-power-to-address-it</a></li>
<li><a href="https://www.raconteur.net/c-suite/cio/stop-ciso-burnout/">https://www.raconteur.net/c-suite/cio/stop-ciso-burnout/</a></li>
<li><a href="https://fieldeffect.com/blog/five-tips-prevent-ciso-burnout/">https://fieldeffect.com/blog/five-tips-prevent-ciso-burnout/</a></li>
<li><a href="https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-high-stress-and-burnout/">https://www.zdnet.com/article/average-tenure-of-a-ciso-is-just-26-months-due-to-high-stress-and-burnout/</a></li>
<li><a href="https://www.darkreading.com/careers-and-people/the-ciso-as-sustaining-force-helping-infosec-staff-beat-burnout">https://www.darkreading.com/careers-and-people/the-ciso-as-sustaining-force-helping-infosec-staff-beat-burnout</a></li>
</ul>
<p> </p>
<p> </p>
<p><a href="https://info.cisoplatform.com/ciso-burnout-the-challenge-impacts-strategies?utm_src=cpblog" target="_blank"><img class="align-full" src="https://f.hubspotusercontent20.net/hubfs/6202375/CISO%20Platform/Miscellaneous/(Panel)%20The%20Challenge%20Of%20CISO%20Burnout.png?profile=RESIZE_400x" alt="(Panel)%20The%20Challenge%20Of%20CISO%20Burnout.png?profile=RESIZE_400x" width="760" height="397" /></a>Our upcoming panel discussion on 'The Challenge Of CISO Burnout' is Friday, February 25, at 11:30 AM ET (8:30 AM PT).</p>
<p>In this panel, industry experts discuss the growing need for 'The challenge of CISO burnout'. CISO is an operation extensive role, it gets harder with the rapid evolving vulnerability and solution landscape along with industry-specific skill-gap. CISO Role increased strain impacts tenure of CISO, lower engagement with other executives, less capacity to drive his/her team. Crucial areas like hiring, customer communication, professional development get hindered and ignored</p>
<p> Can't make it to the live discussion ? You can still register to get the on-demand link post discussion. </p>
<p><span style="font-size:18pt;"><a href="https://info.cisoplatform.com/ciso-burnout-the-challenge-impacts-strategies?utm_src=cpblog" target="_blank">>> Register Here To Join</a></span></p>
<p> </p>
<p> </p></div>What To Expect at CISO Discussion Summit 10-11 December ?https://www.cisoplatform.com/profiles/blogs/what-to-expect-at-ciso-discussion-summit2021-12-08T10:44:12.000Z2021-12-08T10:44:12.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><a href="https://www.cisoplatform.com/rtseries" target="_blank"><img class="align-full" src="https://f.hubspotusercontent20.net/hubfs/6202375/CISO%20Platform/LP%20-%20RT%20Series/Misc/Discussion%20Summit-Facebook%20Ad.png?profile=RESIZE_1200x" width="997" alt="Discussion%20Summit-Facebook%20Ad.png?profile=RESIZE_1200x" /></a></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Keynotes From World-Renowned Industry Experts (Best Of The World) : </strong></span> </p>
<ul>
<li>"The state of security markets and changing buying priorities" by Maria Kussmaul - Head Security, Investment Banking | Wharton School </li>
<li>"Q3 2021 Changes To The Entire IT Security Industry" by Richard Stiennon - Research, IT Harvest | University Of Michigan</li>
<li>"How To Actually Grow Your SOC?" by Anton Chuvakin - Head Security Strategy, Google | SANS GIAC</li>
<li>"Continuous Security Validation and Practical Strategies" by Brad LaPorte - Ex-Gartner | Partner, High Tide Advisor</li>
<li>"The Security Challenges Of Protecting Smart Cities" by Chuck Brooks - Forbes | Professor, Georgetown University</li>
<li>"How to Present Cyber Security Risk to Senior Leadership" by Allan Alford - CISO, CTO, TrustMapp | Cyber Ranch Podcast</li>
<li>"Iranian Nationwide Terror and Intelligence Operations in Israeli Cyberspace" by Omri Segev - CEO Profero | Forbes 30 Under 30</li>
</ul>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>CISO Panels With Top 100 & Next Winners and Industry Leaders : </strong></span></p>
<ul>
<li>(Panel) Infrastructure Security - Latest Technology Trends To Mitigate The Risks<br />Babitha B P (CISO, CSB Bank Ltd.); Dr.NareshKumar Harale (Head - Information Security, Cybersecurity IDBI Intech ltd.); Nabankur Sen (External Consultant (Cyber security), HSBC (AMIN)); Manoj Kumar Shrivastava (CISO, Future Generali India Insurance Company); Shankar Jadhav (Head – Strategy, BSE Limited); Vijaykumar Radhakrishnan (CISO,Mahindra & Mahindra Financial Services); Sanjay Pugaonkar (CISO, SBI Mutual Fund)<br /><br /></li>
<li>(Panel) CISO Privacy Framework<br />Parag Kulkarni (CISO,Bajaj Finance); Dr. Durga Prasad Dube (Global CISO, Senior Information Risk Management Professional, Reliance Industries); Balram Choudhary (VP Head (IT&ISO), Bob financial Solution); Charanjit Singh Bhatia (AGM Cyber Security CoE, Bata); Dilip Panjwani (CISO & IT Controller, Larsen & Toubro Infotech)<br /><br /></li>
<li>(Panel) CISO Guide : Rising Cyber Crime Trends in Banks and Mitigation Framework<br />Mohd Imran (Group Head Information Security, L&T Financial Services); Shalabh Garg (Vice President , Religare); Shailaja (CISO, Edelweiss); Pawan Chawla (CISO, Future Generali India Life Insurance); Rupesh Pawar (CISO, Universal Sompo General Insurance); Dr. Lopa Mudraa Basuu (Advisor APAC Research Advisory Council For Cloud Security Alliance); Mr. Sovon Lal Mukherjee (CISO & VP-Information Risk, Fincare Small Finance Bank)<br /><br /></li>
<li>(Panel) CISOs Ransomware Guide<br />Vijay Kumar Verma (SVP & Head Cyber Security Engineering, Jio Platforms); Debojit Maitra (CISO, ABFRL); Rajiv Nandwani (IT Security & physical security continuity senior manager BCG); Vikas kapoor (Vice President, Cyber Security VOIS); Anuj Tewari (DGM, Airtel International); Umesh Sharma (DGM- Cloud Operations, Jio Platforms); Sibayan Das Information Security Manager (IFB Industries)<br /><br /></li>
<li>(Panel) How To Setup A Security Team, Skill Gap, Hiring Tactics & Automation<br />Navaneethan M (CISO & Head-IT, Groww); Vikas singh yadav (CISO, Nykaa); Satish Kumar Dwibhashi (SVP & CISO, Inmobi); Samrat Bhatt (CISO, Matchmove)<br /><br /></li>
<li>(Panel) CISO SOC Framework<br />Meetali Sharma (Head - Risk, Compliance & Information Security, SDG Corporation); Pravin Saiya (Associate Director, Larsen & Toubro Infotech); Jitendra Singh (CIO, JK Cement); R Nantha Ram (Chief Information Security Manager - Cyber Security, TVS Motor); Lalit Kumar Jha (GM IT, GATI-KWE)<br /><br /></li>
<li>(Panel) CISO Third-Party Cyber Risk Framework<br />Kumar Ravi (CISO, Teleperformance India); Balaram N (Director IT, Algonomy Software); Anoop Paudwal (Information Security Manager, Gulf News); Mohit Gupta (CISO, Motherson Group); Ambuj Bhalla (Director IT Security, CISO, Interglobe Aviation INDIGO); Indranil Chatterjee (Assistant Vice President, Security & Compliance, Jio Platforms); Yogesh Kumar (Head IT and CISO, Tata Advanced Systems)<br /><br /></li>
<li>(Panel) CISO DevSecOps Guide<br />Gokulavan Jayaraman (Information Security Manager, Lumina Datamatics); Anwaya Bilas Sen Gupta (Chief Manager & CISO, Power System Operation Corporation); Subodh Jha (Deputy General Manager IT WheelsEMI); Anil Chiplunkar (Associate Director - Information Security, Covance Scientific Services and Solutions)<br /><br /></li>
<li>(Panel) CISO Breach Response Framework<br />Venkata Satish Guttala (Director - Security Rediff.com); Prithwijit Dinda (VP IT, Central Depository Services (India)); Hema Gupta (Senior Manager - Security Governance, NCR Corporation); Lalit Trivedi (Head IT & CISO, ITI Asset Management); Vandana Verma (Security Advocate OWASP & InfosecGirls)<br /><br /></li>
<li>(Panel) CISO DDOS RFP Framework<br />Ajay Kumar Ajmera (Head IT, Birla Century); Muzammil Shaikh (Senior Manager | Cyber Security, Capgemini Technologies); S Seethalakshmi (Assistant Manager - Information Security, TVS Motor Company); S. Maharajan (CISO, Navitas Life Sciences); Prashant Mohan (Security Architect, NCR Corporation); Rohit Baweja (Senior Manager, Infoedge India); Sachin Shetty (AVP - Consultant Specialist Cyber Security HSBC Software Development Center)<br /><br /></li>
<li>(Panel) CISO Shadow IT Guide<br />Ramkumar Mohan (CIO, Air Works India Engineering); Nitin Parashar (Senior Manager, Security Operations, Jio Platforms); Shitanshu Kumar (Director IT, Iqor); Vasudevan Nair (Head IT and CISO, Writer Corporation); Shitij Bhatia (Cyber Security Specialist, Sanofi); Vikram Dua (Head of Global IT Risk & Asset Management, Philips India); Vishwas Pitre (CISO & DPO, Zensar Technologies)<br /><br /></li>
<li>(Panel) CISO Threat Hunting Framework<br />Gowdhaman Jothilingam (Senior Manager IT/CISO, LatentView Analytics); Prabhakar Ramakrishnan (CISO, TNQ Technologies); Palanikumar Arumugam (Head Of Technology, Shiksha Financial Services); Kavitha Srinivasulu (Head Cyber Security & Data Privacy, GAVS Technology); Tejas Shah (Deputy Director IT, SVKM); Subroto Panda (CIO, Anand and Anand)</li>
</ul>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Award Felicitation For Top 100 & Next winners (partial)</strong></span></p>
<p> </p>
<p> </p>
<p><span style="font-size:14pt;">>> Claim Free Passes For Community Members (+agenda) :</span> <a href="https://www.cisoplatform.com/rtseries" target="_blank">https://www.cisoplatform.com/rtseries</a></p>
<p> </p>
<p> </p>
<p> </p></div>They Said a CISO Does What?https://www.cisoplatform.com/profiles/blogs/they-said-a-ciso-does-what2021-11-24T21:10:36.000Z2021-11-24T21:10:36.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9842079254?profile=RESIZE_400x&width=400"></div><div><p>The cybersecurity industry had challenges with bringing in new blood and facilitating the career growth. Misinformation has unfortunately played a part in making various roles appear unattainable, when we should be doing the opposite. We should be embracing flexibility, identifying opportunities, and most of all discussing realistic expectations and roles.</p><h3>Who writes this stuff? </h3><p>I stumbled upon an article titled “<a href="https://www.analyticsinsight.net/want-to-become-a-ciso-here-is-what-all-you-need-to-know/">Know more about colleges, jobs, and courses to become a CISO</a>” where they outline the role and qualifications of a CISO.</p><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/RGX4ZdLIeCE" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>According to this misguided article, apparently qualifications for a Chief Information Security Officer (CISO) requires:</p><p> <strong><em>“Understanding of SMTP, DNS, HTTP, Network routing, VPN, and other technologies”</em></strong></p><p>Nope, you have confused us with network engineers/architects. We know what these protocols, languages, tools, and architectures are, but likely would not be qualified to design, configure, troubleshoot, or readily determine the specifics if someone is abusing them. That is why we leverage highly specialized technical experts for configuration and comprehensive inspection.</p><p> </p><p><strong><em>“Understanding of Digital Millennium Copyright Act, trademark, intellectual property, Safe Harbor Provisions, GDPR, and other federal and international legal precedents…” </em></strong></p><p>You have mistaken us for our close partners, the lawyers and privacy experts. Each of these areas requires a high degree of expertise. Even a small error can become a big legal problem. CISO’s know these areas but are not the experts. Again, we partner with others.</p><p> </p><p><strong><em>“Ability to read and analyze multiple log formats”</em></strong></p><p>I don’t know of a single CISO who spends their days analyzing logs. That is a SOC level 1 or level 2 function. Important, but the CISO’s time is not well spent on log analysis!</p><p> </p><p>Also, as a kicker, the author has signed us CISO’s up to make “<strong><em>a framework for risk-free and scalable operations “</em></strong>. Risk FREE. Wow, good luck with that. The proper function of a CISO is to manage risks to an acceptable level. We cannot eliminate all risk. Even if it were technically possible, which it is not, it would be infeasible due to extreme cost and added friction for users.</p><p> </p><p>I call all this out because misinformation is harming our industry by setting inaccurate expectations. We must clean up job descriptions and clarify the actual roles and responsibilities of positions. </p><p> </p><hr /><hr /><p> </p><p>Thanks for watching and reading! I put out a new video about every week on various cybersecurity topics, risks, ideas, events and best practices. If you like these cybersecurity videos and are interested in more cybersecurity insights, rants, and strategic viewpoints, please click the Like button and Subscribe to the <a href="https://www.youtube.com/c/CybersecurityInsights">Cybersecurity Insights channel</a>! </p><p>Follow me on:</p><ul><li><p>LinkedIn: <a href="https://www.linkedin.com/today/author/matthewrosenquist">https://www.linkedin.com/today/author/matthewrosenquist</a></p></li><li><p>Medium: <a href="https://medium.com/@matthew.rosenquist">https://medium.com/@matthew.rosenquist</a></p></li><li><p>Twitter (@Matt_Rosenquist): <a href="https://twitter.com/Matt_Rosenquist">https://twitter.com/Matt_Rosenquist</a></p></li></ul></div>Where Should a CISO Report Into?https://www.cisoplatform.com/profiles/blogs/where-should-a-ciso-report-into2021-05-03T16:31:04.000Z2021-05-03T16:31:04.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8889297884?profile=RESIZE_400x&width=400"></div><div><p> </p><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/kImvw3Mosns" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Where should a CISO report into within an organization? No common standard exists as we can find them operating under many different organizations, including IT, Legal, the CTO, and CEO just to name a few. </p><p>In today’s video, I break down some of the considerations that impact where the CISO can be most effective.</p><p>Be sure to share your insights regarding this ongoing debate. Where do you think CISO’s should report into?</p><p> </p><p> </p><p>Interested in more cybersecurity insights, rants, and strategic viewpoints? </p><p>Subscribe to the Cybersecurity Insights channel on YouTube: <a href="https://www.youtube.com/c/CybersecurityInsights">https://www.youtube.com/c/CybersecurityInsights</a></p><p>Follow me on:</p><ul><li>LinkedIn: <a href="https://www.linkedin.com/today/author/matthewrosenquist">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li>Medium: <a href="https://medium.com/@matthew.rosenquist">https://medium.com/@matthew.rosenquist</a></li><li>Twitter (@Matt_Rosenquist): <a href="https://twitter.com/Matt_Rosenquist">https://twitter.com/Matt_Rosenquist</a></li></ul></div>Cybersecurity is Not Reaching its Full Potentialhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-is-not-reaching-its-full-potential2021-04-22T21:54:51.000Z2021-04-22T21:54:51.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8824485489?profile=RESIZE_400x&width=400"></div><div><p>Cybersecurity has evolved with the rapid rise of digital transformation, becoming a crucial element of trust for products and services. No longer just a function of preventing impacts and meeting regulatory requirements, cybersecurity is emerging as a cornerstone for future enhancement of user-experiences, compelling features, and growth into new fields.</p><h1>Wherever there are Risks, there are also Opportunities</h1><p>I’ve been collaborating with <a href="https://www.altmansolon.com/our-people/ben-matthews/">Ben Matthews</a> and <a href="https://www.altmansolon.com/our-people/michael-gurau/">Michael Gurau</a> from <a href="https://www.altmansolon.com/">Altman Solon</a>, a leading Tech, Media, and Telecom consulting firm, to highlight how cybersecurity can be optimized to manage the risks-of-loss but also how it can contribute to emerging business opportunities for organizations. They are looking to help their clients improve their risk strategy and understand how to seize business advantages.</p><p>If the security leadership, C-suites, and Boards are not thinking about how cybersecurity can bring opportunities to the business, they are behind the curve.</p><p>Cybersecurity is a leverage point for competitive advantages in the digital world. Those who look at the opportunities, in addition to the risk mitigation aspects, will have a strategic advantage.</p><p>We have seen examples across privacy, security, and safety that showcase how consumer's trust and loyalty are affected by cybersecurity incidents. Abandonment, delays in adoption, and resistance to new offerings are becoming more common. That opens the door to competition or reinforces the position of organizations that proactively act to preserve customer’s trust.</p><h1>Competition is Knocking and Security is Pivotal</h1><p>Industries are evolving rapidly over time through technical innovation and exploring new markets. This can introduce challengers to the market leaders and raise the expectations of customers that result in a shift of market-share.</p><p>Cybersecurity is a growing differentiator. As an example, the recent digitization of patient records and integration of health-related devices, which gather tremendous amounts of data, has given rise to the idea of healthcare data exchanges. Such exchanges are working feverishly to secure data and reinforce trust in the aggregated design to abate fears from patients and concerns from regulatory authorities. Conversely, decentralized healthcare initiatives are making security, privacy, and portability the major talking points in their models to compete with those exchanges, highlighting weaknesses in centralized architectures. </p><p>Changes are occurring across all sectors, with financial, telecommunications, healthcare, technology, automotive, online services, retail, manufacturing, government, and national critical infrastructures moving first.</p><h1>Cybersecurity Relevance</h1><p>The core elements of cybersecurity, being security, privacy, and safety, are powerful narratives and are becoming more prominent for organizations to showcase their leadership. </p><p>It is estimated that between 60% and 90% of SMB go out of business after a major cyberattack. Where do those customers go? -- to vendors and suppliers who are more trustworthy, have deployed extra robust security in their offerings, are better prepared to respond to incidents, and are leaning forward to mitigate future risks. They differentiate themselves by showing cybersecurity savvy, maturity, and thought-leadership in their sector.</p><p>Cybersecurity, cyber-ethics, and operational excellence will be the hallmarks of trust in our future digital world. </p><h1>Cybersecurity Leadership</h1><p>Right now, not many companies are ready to take advantage of such market-shifting opportunities, nor are they investing properly to protect the share they currently hold.</p><p>That is changing. Those who are not keeping up with their competitors will find themselves on the short end of the stick. Cyber savvy boards are realizing the potential advantages and some are already exploring how best to both protect and advance the bottom line with better security and through reinforced trust. And, insurance alone does not deliver. It takes adaptation of the business to build longstanding loyalty and seize moments of opportunity.</p><p>It is time for the cybersecurity industry to start discussing the trajectory of how it is crucial in managing the risks and enabling opportunities for the business. In the coming years, every successful CISO will be talking about how they can empower the greater success of the organization.</p><p> </p><p>The full Altman Solmon infographic deck and more information is available at: <em><u><a href="https://www.altmansolon.com/insights/new-global-threats-create-risk-opportunity-in-fragmented-cybersecurity-markets/">https://www.altmansolon.com/insights/new-global-threats-create-risk-opportunity-in-fragmented-cybersecurity-markets/</a></u></em></p></div>BadUSB — On accessories that turn evil by Karsten Nohlhttps://www.cisoplatform.com/profiles/blogs/badusb-on-accessories-that-turn-evil-by-karsten-nohl2015-01-31T12:00:00.000Z2015-01-31T12:00:00.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span class="font-size-4"><strong>Watch Talk:</strong></span></p>
<p></p>
<p><iframe width="854" height="510" src="https://www.youtube.com/embed/qqeHED1b6DY?wmode=opaque" frameborder="0"></iframe>
</p>
<p></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/5-best-practices-to-secure-your-big-data-implementation">5 Best Practices to secure your Big Data Implementation</a>)</b></p>
<p></p>
<p><span class="font-size-4"><strong>BadUSB — On accessories that turn evil by Karsten Nohl</strong></span></p>
<p>Karsten Nohl is a cryptographer and security researcher</p>
<p>This talk introduces a new form of malware that operates from controller chips inside USB devices. Peripherals can be reprogrammed in order to take control of a computer, exfiltrate data, or spy on the user. We demonstrate a full system compromise from USB and a self-replicating USB virus not detectable with current defenses.</p>
<p></p>
<p><span class="font-size-4"><strong>View PPT:</strong></span></p>
<p><iframe width="476" height="400" src="//www.slideshare.net/slideshow/embed_code/44085056" frameborder="0"></iframe>
</p>
<p></p>
<p><span>(Read more: </span><b><a href="http://www.cisoplatform.com/profiles/blogs/7-key-lessons-from-the-linkedin-breach">7 Key Lessons from the LinkedIn Breach</a>)</b></p></div>Top 100 CISO Awards, 2018https://www.cisoplatform.com/profiles/blogs/nominations-open-top-100-ciso-awards-20172016-12-21T06:30:00.000Z2016-12-21T06:30:00.000ZRavi Mishra (CISO Platform)https://www.cisoplatform.com/members/RaviMishraCISOPlatform<div><p><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank"><img width="600" src="{{#staticFileLink}}8669811064,original{{/staticFileLink}}" class="align-full" alt="8669811064?profile=original" /></a></p><p></p><p><span class="font-size-5"><strong>CISO Platform 100, 2018 (India):</strong></span></p><p><span style="color:#ff0000;">Applications for the Top 100 CISO Awards is open for 2018. Kindly fill in your responses asap.</span></p><p>We are very happy to announce that nominations are now open for the 7<sup>th</sup> Edition of Top 100 CISO Awards - India's 1st Security Recognition for CISOs. </p><p>CISO Platform 100 has now grown into a global recognition with the names of inspiring influencers like <b>Kevin Mitnick, Stefan Esser, Eugene Kaspersky, Bruce Schneier </b>...... & more</p><p>First partial 2017 global list <a href="http://www.cisoplatform.com/profiles/blogs/ciso-platform-top-it-security-influencers" target="_blank">here</a></p><p></p><p><span class="font-size-5"><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">>> Click here to nominate</a></span></p><p></p><p></p><p></p><p></p><p><span class="font-size-6"><b>Nomination Categories</b> </span></p><ul><li><b>CISO Platform 100</b> - Individual Recognition for India's Top 100 IT Security Influencers</li><li><b>Enterprise Security Awards (ONLY 1 Winner per Category):</b> Awarded to organizations for exemplary adoption of security in the following categories<br /> <br /><ul><li>Online / Ecommerce Vertical</li><li>Payments / Fin Tech Vertical</li><li>Banking Vertical</li><li>Telco Vertical</li><li>Financial Services Vertical</li><li>Insurance Vertical</li><li>IT / ITeS Vertical</li><li>Manufacturing Vertical</li><li>Government Vertical</li><li>Startups</li><li>Healthcare & Pharmaceuticals Vertical</li><li>Response Capability</li><li>Predictive Capability</li><li>Security Awareness</li><li>Privacy Program</li><li>Data Security</li><li>Network Security</li><li>Cloud Security</li><li>Security Operations Centre (SOC)</li><li>Application Security</li><li>Mobile Security</li><li>Critical Infrastructure Protection</li><li>Identity & Access Management Program</li><li>GRC Program</li><li>IoT Security</li></ul></li></ul><p> </p><p></p><p></p><p><span class="font-size-6"><b>How to nominate?</b></span></p><ul><li>Nomination Link: <a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">Click Here</a><a href="http://www.cisoplatform.com/page/ciso-platform-100-nomination-form-india-2017"></a></li></ul><ul><li><b>Deadline: Extended on request, kindly fill your response asap</b></li></ul><p> </p><p><span class="font-size-5"><b><a href="https://event.cisoplatform.com/cisoplatform100-india-nomination-2018/" target="_blank">>> Click here to nominate</a></b></span></p><p></p><p></p><p></p><p><span class="font-size-6"><b>Vision/Spirit of Recognition</b> <br /></span></p><ul><li><b>Community Sharing:</b>Our vision is to create tangible community goods by way of sharing our knowledge for the broader ecosystem</li></ul><ul><li>The goal of the offsite shall be to structure our key learning in form of structured playbooks and share it with the rest</li><li><b>Example:</b> If there are 3 CISOs who did SOC upgradation last year, then they will put together their key learning in structured format of Community Playbooks along with our analyst team. Then on Day 2, they will share their playbook with 10 others who want to upgrade their SOC this year in a Round Table</li></ul><p> </p><p></p></div>Securely Moving Data to the Cloud with Confidence and Customer Focushttps://www.cisoplatform.com/profiles/blogs/securely-moving-data-to-the-cloud-with-confidence-and-customer2017-05-03T05:00:00.000Z2017-05-03T05:00:00.000ZShreya Shreehttps://www.cisoplatform.com/members/ShreyaShree<div><p><span style="font-size:10pt;"><strong><span class="font-size-5">Securely Moving Data to the Cloud with Confidence and Customer Focus (RSA Conference)</span></strong></span></p><p><span class="font-size-3"><span>This session will provide a deep dive of best practices to securely move customer data to the cloud through AWS, while keeping the customers’ interest top of mind. Michele Iacovone, SVP and CISO at Intuit, will illustrate how companies can successfully and securely harness the power of the cloud to ensure the speed of innovation.</span></span></p><p></p><p></p><p></p><p></p><p><strong><span class="font-size-5">Detailed Presentation :</span></strong></p><p></p><p><iframe width="595" height="485" src="//www.slideshare.net/slideshow/embed_code/key/2eNXWzY4IwuFIE" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><span class="font-size-3"><strong><a href="//www.slideshare.net/cisoplatform7/securely-moving-data-to-the-cloud-with-confidence-and-customer-focus" title="Securely moving data to the cloud with confidence and customer focus" target="_blank">Securely moving data to the cloud with confidence and customer focus</a></strong> from <strong><a target="_blank" href="https://www.slideshare.net/cisoplatform7">Priyanka Aash</a></strong></span></div><p><span class="font-size-3"><strong><strong><strong>(Source : RSA USA 2017)</strong></strong></strong></span></p><p></p><p></p><p></p><p></p><p><span class="font-size-5"><strong>Speaker :</strong></span></p><p><span class="font-size-3">Michele Lacovone</span></p><p><span class="font-size-3">Michele Iacovone serves as Intuit’s Senior Vice President and Chief Information Security and Fraud Officer. Iacovone has been with Intuit since 2011, when he joined as SVP and Intuit Chief Architect. Prior to Intuit, Iacovone served as Chief Architect and SVP, Global Platforms for Dun & Bradstreet, as well as CTO for both LiveCapital and Collabria, respectively. He holds a BSEE from Boston University.</span></p><p><span class="font-size-3"> </span></p><p></p><p></p><p></p><p><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank"><img width="750" src="{{#staticFileLink}}8669813498,original{{/staticFileLink}}" class="align-full" alt="8669813498?profile=original" /></a></p><p><span class="font-size-7"><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">Discover & Compare 1000+ Cyber Security Products (It's Free!)</a></span></p><p></p><p><span class="font-size-3">FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).<br /> <br /></span></p><p><span class="font-size-4"><strong><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">>>Click Here To Sign Up For FREE</a></strong></span></p><p></p><p></p><p></p><p></p><p></p></div>Building a Strategic Plan for Your Security Awareness Programhttps://www.cisoplatform.com/profiles/blogs/building-a-strategic-plan-for-your-security-awareness-program2017-05-04T05:00:00.000Z2017-05-04T05:00:00.000ZMeghana Phttps://www.cisoplatform.com/members/MeghanaP<div><p><span class="font-size-5"><strong>Building a Strategic Plan for Your Security Awareness Program (RSA Conference 2017)</strong></span></p><p><span class="font-size-3">The key to securing your employees behaviors is an effective strategic plan that is both realistic and supported by your leadership. Learn how other organizations are doing this and how you can apply their lessons learned to build your own strategic plan when you get back to your organization.</span></p><p></p><p></p><p></p><p><strong><span class="font-size-5">Detailed Presentation:</span></strong></p><p></p><p><iframe width="595" height="485" src="//www.slideshare.net/slideshow/embed_code/key/MD1OK4nIalttkM" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><span class="font-size-3"><strong><a href="//www.slideshare.net/cisoplatform7/building-a-strategic-plan-for-your-security-awareness-program" title="Building a Strategic Plan for Your Security Awareness Program" target="_blank">Building a Strategic Plan for Your Security Awareness Program</a></strong> from <strong><a target="_blank" href="https://www.slideshare.net/cisoplatform7">Priyanka Aash</a></strong></span></div><p><span class="font-size-3"><strong>(Source: RSA USA 2017)</strong></span></p><p></p><p></p><p></p><p><strong><span class="font-size-5">Speaker:</span></strong></p><p><span class="font-size-3">Lance Spitzner</span></p><p><span class="font-size-3">Lance Spitzner is the Director at SANS Securing The Human. Spitzner has over 20 years of security experience in cyber threat research, awareness and training. He invented the concept of honey nets, founded the Honey net Project and published three security books. Spitzner has worked and consulted in over 25 countries and helped over 350 organizations plan, maintain and measure their security awareness programs. In addition, Spitzner is a member of the Board of Directors for the National Cyber Security Alliance, frequent presenter, serial tweeter (@lspitzner) and works on numerous community security projects. Before working in information security, Spitzner served as an Armour Officer in the Army's Rapid Deployment Force and earned his MBA from the University of Illinois.</span></p><p></p><p></p><p></p><p></p><p><a href="https://www.sacon.io/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank"><img width="750" src="{{#staticFileLink}}8669813678,original{{/staticFileLink}}" class="align-full" alt="8669813678?profile=original" /></a></p><p></p><p><span class="font-size-7"><a href="https://www.sacon.io/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">Pre Register For SACON - India's First Security Architecture Confe...</a></span></p><p></p><p>Join 100+ CISOs and 200+ IT Security Professionals at an exclusive security architecture conference in the Silicon Valley Of India - Bangalore, in November 2017. Pre-Register and get special discount access and talk highlights.</p><p></p><p><span class="font-size-4"><strong><a href="https://www.sacon.io/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">>>Click Here To Pre Register & Avail Special Discounts</a></strong></span></p><p></p></div>Building a SOC teamhttps://www.cisoplatform.com/profiles/blogs/building-a-soc-team2017-06-07T07:30:00.000Z2017-06-07T07:30:00.000ZVishwas Pitrehttps://www.cisoplatform.com/members/VishwasPitre<div><p>Building a new SOC capability may involve lot of planning and would attract huge initial investment.</p><p></p><p><a href="http://www.cisoplatform.com/profiles/blogs/building-a-soc-team" target="_blank"><img width="750" src="{{#staticFileLink}}8669806491,original{{/staticFileLink}}" class="align-full" alt="8669806491?profile=original" /></a></p><p></p><p></p><p>While there are multiple approaches to address this, given below are some of the simple steps one can follow:</p><p>1. Understanding Business Goals, type of business, organization culture & constraints & budgets</p><p>2. Gap Analysis with the existing set up and formulating milestones for implementation based on priorities</p><p>3. Lessons learnt from previous incidents forms major input in designing people, process and technology structure for SOC</p><p>4. Incremental SOC building approach is better than one time heavy investment to de-risk some of the unknowns</p><p>5. Collaboration with people – multiple functions within organization (People), technologies deployed & various processes. This collaboration needs to be handled carefully and it forms a part of critical success factor.</p><p>5. Based on organization culture, existing set up and availability of in house skills, decide right mix of in house and outsourced team. In some cases day to day SOC monitoring and operations can be handled by in house team while incident response (IR) requiring special skills to handle crisis can be handled through outsourced professional team</p><p>6. Clear definition of Tier 1, 2 ,3 team structure with roles and responsibilities</p><p>7. Establish processes to cover preparation, identification, containment, eradication, recovery and lessons learnt</p><p>8. Be careful of compatibility issues with technologies v/s system working in silos w.r.t reporting tool (SIEM) integration with network logs, system logs, endpoint logs etc.</p><p>9, Based on level of integration, actions can be planned for manual or automated for patching firewall modification, revocation of access, system quarantine or reimage</p><p>10. To reduce false positives, best practice is to build baselines by monitoring network devices and endpoints for a period of time and then identifying abnormal suspicious activity to generate alert</p><p>11. Subscribe good Threat intel – CyberThreat Intel (CTI)</p><p>12. Slowly build Incident "hunter" culture and not waiting to work for escalated incidents.</p><p>13. <span>Continuous updates and trainings on change in Threat Landscape and technologies are very much essential to face ever challenging nature of security. This training needs to be planned at all levels - SOC team, top management and others.</span></p><p><span>14.</span> Build maturity over time using - </p><p> - lessons learnt-</p><p>- new security posture</p><p>- swiftly detecting and prioritizing investigations incidents</p><p>- risk tolerance</p><p>- continuous hardening to minimize attack surface</p><p>- available expertise and budget</p><p>- continuous improvements within org constraints & pushing boundaries, striving to achieve its critical security mission</p><p></p><p> In the next article, will discuss about Next Generation SOC.</p><p></p><p></p><p><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank"><img width="750" src="{{#staticFileLink}}8669813498,original{{/staticFileLink}}" class="align-full" alt="8669813498?profile=original" /></a></p><p><span class="font-size-7"><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">Discover & Compare 1000+ Cyber Security Products (It's Free!)</a></span></p><p></p><p><span class="font-size-3">FireCompass is an AI Assistant for Cyber Security Decision Making. Discover & Compare 1,000+ Cyber Security Products. Grab your FREE Account Now (For a Limited Time ONLY).<br /> <br /></span></p><p><span class="font-size-4"><strong><a href="https://www.firecompass.com/?utm_source=CPBlogRSAGuide2017&utm_campaign=RSATopTalk" target="_blank">>>Click Here To Sign Up For FREE</a></strong></span></p></div>Top 10 CISO Focus on Information and IT Security Technology for 2018https://www.cisoplatform.com/profiles/blogs/top-10-ciso-focus-on-security-technology-20182018-01-30T10:00:00.000Z2018-01-30T10:00:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><p><span>2018 started with our community meets for Security Priority Planning for 2018.. and through our live survey we gathered some interesting insights. Technologies that are part of Key Focus Area for a CISO in 2018 are Security Analytics, SOC Implementation/ Upgradation, 3rd Party Risk Management, Awareness & Education, Vulnerability Management, Managing Advanced & Targeted Threats, Threat Intel Program, Incidence Response Program, Cloud Virtualization, Privacy, Cyber Resilience & Cyber Drill, Application Security Testing, Red teaming, API Security & more. </span></p>
<p><span style="font-size:18pt;">Top 10 CISO Focus in 2018 (Technology):</span></p>
<p><a href="{{#staticFileLink}}8669817097,original{{/staticFileLink}}"><img width="650" src="{{#staticFileLink}}8669817097,original{{/staticFileLink}}" class="align-full" alt="8669817097?profile=original" /></a></p>
<p></p>
<p><span style="font-size:18pt;">Top 3 CISO Focus in Technologies for 2018 (City Wise Comparison):</span></p>
<p></p>
<p><span><a href="{{#staticFileLink}}8669817673,original{{/staticFileLink}}"><img width="650" src="{{#staticFileLink}}8669817493,original{{/staticFileLink}}" class="align-full" alt="8669817493?profile=original" /></a></span></p></div>Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymorehttps://www.cisoplatform.com/profiles/blogs/security-automation-simplified-via-nist-oscal-we-re-not-in-kansas2018-06-18T05:30:00.000Z2018-06-18T05:30:00.000ZKuladeep Tummalahttps://www.cisoplatform.com/members/KuladeepTummala<div><p><span>COBIT, ISO/IEC 27001, NIST 800.53, PCI, oh my. The path to compliance is not a yellow brick road. IT professionals face a variety of security standards that they must meet simultaneously. This talk will present the NIST Open Security Controls Assessment Language (OSCAL) project as a way to standardize control, implementation and assessment information using an open, machine-readable format.<br /> <br /> Learning Objectives:<br /> 1: Understand how to leverage automation to secure systems against multiple standards.<br /> 2: Learn how OSCAL is designed and how it can be used.<br /> 3: Discover how you can be a part of developing this new standard of standards.</span></p><p></p><p></p><p><span style="font-size:14pt;"><strong>Speakers: Anil Karmel, David Waltermire</strong></span></p><p><span>Anil Karmel is the Co-Founder and CEO of C2 Labs, a company that partners with organizations on their digital transformation journey, from designing and implementing IT Strategic Plans to rationalizing application portfolios and cutting-edge R&D, allowing IT to take back control leveraging our forward-leaning products and services. Formerly, Karmel served as the National Nuclear Security Administration’s (NNSA) Deputy Chief Technology Officer. Within NNSA, Karmel served as the Chief Architect and Implementation Lead for a range of enterprise information technology solutions. Karmel and his team garnered industry and government accolades, including the SANS National Cybersecurity Innovators Award, InformationWeek 500 Top Government IT Innovators and the DOE Secretary’s Achievement Award.<br /></span></p><p><span>David Waltermire is the Lead Standards Architect for the Security Automation Program at the National Institute of Standards and Technology. He is a significant contributor to the National Vulnerability Database (NVD), Security Content Automation Protocol (SCAP), Continuous Monitoring and other security automation projects. He has worked as a Security Consultant advancing security automation capabilities within the government sector. His background is in systems and network operations for Internet service providers and also working as a Software Engineer designing and developing distributed systems. His research experience includes incident handling, continuous monitoring, vulnerability identification, anomaly detection, and data analysis and modelling techniques.</span></p><p></p><p></p><p><span style="font-size:14pt;"><strong>Detailed Presentation:</strong></span></p><p></p><p><iframe src="//www.slideshare.net/slideshow/embed_code/key/NPn7ZuUYsgY5Q7" width="595" height="485" frameborder="0" allowfullscreen=""></iframe></p><div style="margin-bottom:5px;"><strong><a href="//www.slideshare.net/cisoplatform7/security-automation-simplified-via-nist-oscal-were-not-in-kansas-anymore" title="Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore" target="_blank">Security Automation Simplified via NIST OSCAL: We’re Not in Kansas Anymore</a></strong> from <strong><a href="https://www.slideshare.net/cisoplatform7" target="_blank">Priyanka Aash</a></strong></div><div style="margin-bottom:5px;"><strong>(Source: RSA Conference USA 2018)</strong></div><div style="margin-bottom:5px;"><strong> </strong></div><div style="margin-bottom:5px;"><strong> </strong></div></div>Top 3 Things CISOs Should Avoid In A Board Presentation - CISO Platformhttps://www.cisoplatform.com/profiles/blogs/top-3-things-cisos-should-avoid-in-a-board-presentation2018-08-31T06:00:00.000Z2018-08-31T06:00:00.000ZCISO Platformhttps://www.cisoplatform.com/members/CISOPlatform<div><p><span style="font-size:12pt;">There is a steep rise in interest from the Board & CEO of an organization to understand the security posture of their company. <span style="font-weight:400;">Partly because of the increasing pressure from the government regulators, stakeholders & discussions on the potential risk of individual liability for corporate directors who do not take appropriate responsibility for oversight of cybersecurity.</span></span></p>
<p><span style="font-weight:400;font-size:12pt;">However there is a huge disconnect between the security professionals in terms of what they think the Board want and the reality. </span></p>
<p></p>
<p><span style="font-size:14pt;"><strong>Top 3 Things CISOs Should Avoid In A Board Presentation:</strong></span></p>
<p></p>
<p><span style="font-size:12pt;"><strong>1> Board Does Not Want Deep Technical Details/ Acronyms in Your Presentation</strong></span></p>
<p><span style="font-size:12pt;">Board members are not cybersecurity security experts and does not necessarily understand the technical jargons or security acronyms. The board does not need technical details like the architecture you are using ...etc. Explaining by way of business examples or what the board can relate to is important. You need to show how your efforts of security the organisation align to the business strategy of the organisation.</span></p>
<p></p>
<p><span style="font-size:12pt;"><strong>2> Board Does Not Want FUD: Fear, Uncertainty, and Doubt</strong></span></p>
<p><span style="font-size:12pt;">Exaggerating the cyber security risks or giving examples of terrible hacks that have happened in other organisations will not help. Surely you can explain the relevant incidents that have happened in the recent past or the changes to regulations and threat landscape. Along with this you need to show your strategy to comply with these changes and the steps you are taking to mitigate risks in the changing threat landscape. </span></p>
<p></p>
<p><span style="font-size:12pt;">( Read More: <a href="http://www.cisoplatform.com/profiles/blogs/security-metrics-and-dashboard-for-the-ceo-board" target="_blank">Information Security Metrics and Dashboard for the CEO / Board</a>)</span></p>
<p></p>
<p><span style="font-size:12pt;"><strong>3> Board Does Not Want To Know The Problems (They Need The Problems & Solutions)</strong></span></p>
<p><span style="font-size:12pt;"><span style="font-weight:400;">Board wants to understand the risks & how they can be mitigated. Along with the most significant security risks you need to highlight the ways to address or mitigate those cyber security risks. </span>As security cannot be measured on absolute terms, a good way is to start with where you are, explain the "<strong>State of Security in comparison with competition"</strong> and where you would like to reach.</span></p>
<p></p>
<p><a href="http://www.cisoplatform.com/main/authorization/signUp?" target="_blank"><img src="{{#staticFileLink}}8669820464,original{{/staticFileLink}}" width="750" class="align-full" alt="8669820464?profile=original" /></a></p></div>Helping Academia Succeed So Cybersecurity Can Thrivehttps://www.cisoplatform.com/profiles/blogs/helping-academia-succeed-so-cybersecurity-can-thrive2020-04-10T18:17:45.000Z2020-04-10T18:17:45.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669830290,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669830290,original{{/staticFileLink}}" class="align-center" alt="8669830290?profile=original" /></a></p><p>The future of technology is at risk as there are not enough skilled cybersecurity workers to fulfill the demands for keeping digital technology secure, private, and safe to use. Some estimates predict there will be <a href="https://cybersecurityventures.com/jobs/">over 3 million unfilled positions by 2021</a>. This shortage undermines security across the landscape of devices, applications, and services and affects every connected person across the globe.</p><p>Academia plays a crucial role in addressing the long term needs by preparing the next generation of cybersecurity professionals. Current efforts are falling short as gaps and challenges exist between education institution's curriculums and what employers require in the available talent pool. </p><p>The <a href="https://www.phoenix.edu/">University of Phoenix</a> has established an advisory board to help the <em>College of Business and Information Technology</em> understand and address the problems to prepare students for cybersecurity job opportunities that help the entire digital ecosystem become trustworthy. The university focuses on servicing people currently in the workforce who are seeking continuing education to pivot into new roles, such as cybersecurity, or advance in their career path to positions of greater impact. For the security industry, this is an important community that can greatly contribute with a diverse set of experiences, backgrounds, and foundational skills. Preparing these motivated people for success is vital for cybersecurity.</p><p><a href="{{#staticFileLink}}8669830858,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669830858,original{{/staticFileLink}}" class="align-center" alt="8669830858?profile=original" /></a></p><p>I am honored to be asked and excited to be a member of this advisory group. The team is discussing key issues, current trends, employer needs, shifts in the industry, and overall best practices. We must all help bolster the growth and capabilities of the next generation of cybersecurity professionals; they are the ones who will be guarding our future. Now is the time to prepare cybersecurity students and professionals seeking greater responsibility on their journey. Their work and achievements will greatly contribute to making the connected world more secure for everyone. Without well a prepared workforce, cyber threats will continue to reign. Academia must succeed for cybersecurity to thrive.</p><p><a href="{{#staticFileLink}}8669830290,original{{/staticFileLink}}" target="_blank"></a></p></div>Preventing a Product Security Crisishttps://www.cisoplatform.com/profiles/blogs/preventing-a-product-security-crisis2020-04-17T19:06:24.000Z2020-04-17T19:06:24.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669831300,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669831300,original{{/staticFileLink}}" class="align-center" alt="8669831300?profile=original" /></a></p><p>The video conference company <a href="https://zoom.us/" target="_blank">Zoom</a> has skyrocketed to new heights and plummeted to new lows in the past few weeks. It is one of the handful of communications applications that is perfectly suited to a world beset by quarantine actions, yet has fallen far from grace because of poor security, privacy, and transparency. Governments, major companies, and throngs of users have either publicly criticized or completely abandoned the product. In a time of unimaginable potential growth, Zoom is sputtering to stay relevant, fend off competition, and emerge intact.</p><p></p><p><span style="font-size:14pt;"><strong>Avoiding Total Loss of Product Confidence</strong></span></p><p>There are lessons to be learned, applicable to all product and service companies, to avoid such gruesome misfortune. Leadership of every organization should be taking an introspective look to understand how they can best prevent such missteps and determine how they might respond in times of such crisis.</p><p>Zoom is a teleconference platform that has proven to be scalable and effective at bringing groups together to collaborate remotely. It is in a competitive field where features, time-to-market, performance, and usability are crucial to success. This is true for so many products, services, and businesses. Often in such environments, management possesses a razor-sharp focus being competitive which means getting products and new features out to the market as fast as possible. </p><p>There are costs to such a narrow focus. Accuracy in marketing messages can be overlooked. Documentation quality is often sacrificed. More importantly, it is very common that security is also deprioritized as an acceptable tradeoff. This is where the shortsightedness begins. </p><p>Security is a foundation for trust. What is easily seen as a distraction by engineers and executives during the frantic development cycles, that can be addressed ‘later’, will introduce fundamental weakness that compound over time which can be exploited.</p><p>This is where Zoom is at. The organization is feeling the pain and chaos of decisions made far earlier, during product development, that are now emerging due to the rapid growth and adoption of their solution. </p><p>A number of issues have arisen that have customers, governments, and stockholders questioning the leadership and confidence in the product. There was a privacy issue that harvested user data and sent it to Facebook without consent. Default designs that allowed incidents of harassment, called “<em>Zoombombing</em>”, to the embarrassment and fury of users. The inaccuracy of marketing claims of End-to-End (E2E) security and an inaccurate privacy policy. The architecture design and code that has many vulnerabilities and that does not protect E2E the privacy of sessions between parties. Then there was the choice to use data center assets in China where they stored sensitive information but did not inform customers who are very uncomfortable to such configurations. Now Zoom faces grave and very public concerns regarding the trust in management’s commitment for secure products, the respect for user privacy, the honesty of its marketing, and the design decisions that preserve a positive user experience.</p><p> </p><p><span style="font-size:14pt;"><strong>Learning from Failures</strong></span></p><p>The lesson is straightforward. All the issues Zoom is facing could and should have been addressed earlier, well before they have exploded in spectacular fashion. This is the key takeaway for everyone: a lack of investment for security and privacy in the development phases can manifest into devastating consequences. Every organization should be evaluating their DevOps security programs. They should be re-evaluating the role and value of security during product design, development, updates, and sustaining operations. Zoom is showcasing the severe consequences of ignoring proper risk management. They aren’t the first, but the world is changing and peoples’ tolerance and patience for such issues is evolving to be less forgiving. Zoom and every other product company must adapt to meet the growing expectations for security, privacy, and safety.</p><p> </p><p>-----------------------------------------------------------------------</p><p><span style="font-size:14pt;"><strong>How can Zoom recover?</strong></span></p><p>For those interested in how Zoom should be addressing the systemic issues they face during their product crisis, I recommend the <strong><em><a href="https://www.helpnetsecurity.com/2020/04/15/zoom-crisis/">Zoom in crisis: How to respond and manage product security incidents</a></em></strong> article on HelpNetSecurity, where I break down a number of issues and steps for resolution.</p><p><a href="{{#staticFileLink}}8669831300,original{{/staticFileLink}}" target="_blank"></a></p></div>CISO Webinar : Learn how to create and manage your enterprise third party risk management programhttps://www.cisoplatform.com/profiles/blogs/ciso-webinar-learn-how-to-create-and-manage-your-enterprise-third2020-06-23T07:39:25.000Z2020-06-23T07:39:25.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p><span>Third party vendors and suppliers often have access to your network and your organisation's confidential information. The best way to prevent a data breach is to have robust program to assess how your third parties are managing their risk and protecting your data. Organisations must have a clear understanding of the risks inherent in their business relationships with third parties. How should you approach managing third party risk?</span></p>
<p><span>Wayne Tufek (Frequent speaker at RSA Conference) will be joining us to discuss the topic</span></p>
<p><span style="font-size:12pt;"><a href="https://bit.ly/2CpRveq" target="_blank">>> Register here to join us here</a></span></p>
<p></p>
<p></p>
<p><span style="font-size:18pt;"><strong>What Will You Learn ?</strong></span></p>
<p><span>-Discuss the major failings of traditional third party risk management programs<br />-Creating a supply chain awareness program<br />-Creating a comprehensive catalogue of vendors and suppliers<br />-Risk based segmentation of identified vendors and suppliers<br />-Risk assessment and rules based due diligence activities<br />-The key contractual clauses all contracts with third parties should contain and why<br />-Methods for continuous monitoring<br />-How to develop and present a supplier risk dashboard for management<br />-A model for a comprehensive process to effectively and efficiently manage third party risk</span></p>
<p><span style="font-size:12pt;"><a href="https://bit.ly/2CpRveq" target="_blank">>> Register here to join us here</a></span></p>
<p></p></div>The 10 Worst Cybersecurity Strategieshttps://www.cisoplatform.com/profiles/blogs/the-10-worst-cybersecurity-strategies2020-07-16T19:29:14.000Z2020-07-16T19:29:14.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669837854,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669837854,original{{/staticFileLink}}" class="align-center" alt="8669837854?profile=original" /></a></p><p></p><p>Counting down to the absolutely worst cybersecurity strategies. Sadly, these are all prevalent in the industry. Many organizations have failed spectacularly simply because they chose to follow a long-term path that leads to disaster. You know who you are…</p><p>Let’s count them down. </p><h3><strong>10. Cyber-Insurance</strong></h3><p>No need for security, just get insurance. Transferring risk is better than mitigating it!</p><p>Famous Last Words: <em>Sure, it should be covered</em></p><h3><strong>9. Audit Confidence</strong></h3><p>Conducing a comprehensive security audit. ...and ignoring the results</p><p>Famous Last Words: <em>We will close those gaps later...</em></p><h3><strong>8. Best Tools, Left Unmanaged</strong></h3><p>Deploying several good tools, set to autopilot. No need to manage or maintain anything </p><p>Famous Last Words: <em>Security is not that difficult...</em></p><h3><strong>7. Regulatory Compliance</strong></h3><p>Meeting the minimum requirements (defined 2 years ago)</p><p>Famous Last Words: <em>Relax, we are compliant!</em></p><h3><strong>6. One Good Tool</strong></h3><p>We just need one good tool (ex. AV) and we are set. </p><p>Famous Last Words: <em>That should do it.</em></p><h3><strong>5. IT Dependence </strong></h3><p>Cybersecurity is a tech problem, its IT’s responsibility. </p><p>Famous Last Words: <em>The IT dept has it covered.</em></p><h3><strong>4. Security by Marketing </strong></h3><p>Believing the snake-oil (deceptive marketing) salesperson that will '<em>solve</em>' your security problems</p><p>Famous Last Words: <em>We are totally protected now! (or similar derivative from the sales brochure)</em></p><h3><strong>3. Default Security Settings </strong></h3><p>Products and services come with security built in! </p><p>Famous Last Words: <em>It’s new, shiny, and looks secure. Don’t worry, we should be fine!</em></p><h3><strong>2. Security by Obscurity</strong></h3><p>Nobody knows or cares about us. We are too small to be targeted.</p><p>Famous Last Words: <em>We haven't been attacked yet...</em></p><h3><strong>1. Hope, as a Strategy</strong></h3><p>I hope we don’t get attacked. Let’s move on with more important things.</p><p>Famous Last Words: <em><meek inner voice>> Just don’t think about security because it is too scary, expensive, and complex!</em></p><p></p><p>This is the menu that evokes anger, frustration, and pity among cybersecurity professionals around the globe. Eventually it always ends in despair, blame, and a side of tears.</p><p>A solid long-term strategic plan is a necessity for an efficient and capable cybersecurity capability. Cybersecurity fails without a proper strategy. </p><p></p><p></p><p>Interested in more? Follow me on <a href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">LinkedIn</a>, <a href="https://medium.com/@matthew.rosenquist" target="_blank">Medium</a>, and <a href="https://twitter.com/Matt_Rosenquist" target="_blank">Twitter (@Matt_Rosenquist)</a> to hear insights, rants, and what is going on in cybersecurity.</p></div>Beware of Unified Cybersecurity Solutions Claiming to Help CISO'shttps://www.cisoplatform.com/profiles/blogs/beware-of-unified-cybersecurity-solutions-claiming-to-help-ciso-s2020-09-17T22:18:30.000Z2020-09-17T22:18:30.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><a href="{{#staticFileLink}}8669833055,original{{/staticFileLink}}" target="_blank"><img src="{{#staticFileLink}}8669833055,original{{/staticFileLink}}" class="align-center" alt="8669833055?profile=original" /></a></p><p class="graf graf--p">I am seeing many security vendors developing products to unify solutions into a single management interface. I fear this is just a sales tactic to gain greater market share and not intended to help the plight of CISO’s</p><p class="graf graf--p">A recent <a href="https://www.computerweekly.com/news/252484495/CISOs-buying-into-unified-security-proposition" class="markup--anchor markup--p-anchor" target="_blank">article from ComputerWeekly</a> highlights a vendor sponsored report that concludes forthcoming unified solutions are greatly desired by CISO’s and will be embraced by the industry. I am suspect that although the survey data is likely accurate, the overall conclusion is flawed.</p><p class="graf graf--p">Managing many cybersecurity products is a major headache and of course every CISO wants a magic ‘single pane’ to access all the solutions, but the industry has evolved to this state for very good reasons. There is no ‘silver bullet’ security solution that gathers data and protects everything, therefore multiple products are needed. Unfortunately, each one has their own interface.</p><p class="graf graf--p">When cybersecurity vendors begin creating a cross-vendor integrated unified solution (insert marketing buzzwords), they invariably pay more attention to the smooth integration of their products as compared to others for an up-sell opportunity. That is the moment the model breaks as the whole purpose is to keep the best tools and not be forced to one vendor just because they have some level of extensibility with other platforms. I see these as thinly veiled attempts to boost sales and not a real attempt to benefit the customer in supporting multi-vendor architectures.</p><p class="graf graf--p">I would rather see an open standard, solution agnostic, industry direction where security vendors would support open formats (ex. what STIX/TAXII has done for threat intelligence exchange) and connect via API’s to configurable integration platforms.</p><p class="graf graf--p">CISO’s should be able to benefit from a common management interface that supports the ability add/remove all the best solutions over time.</p><p class="graf graf--p graf--empty"></p><p class="graf graf--p">Interested in more? Follow me on <a href="https://www.linkedin.com/today/author/matthewrosenquist" class="markup--anchor markup--p-anchor" target="_blank">LinkedIn</a>, <a href="https://medium.com/@matthew.rosenquist" class="markup--anchor markup--p-anchor" target="_blank">Medium</a>, and <a href="https://twitter.com/Matt_Rosenquist" class="markup--anchor markup--p-anchor" target="_blank">Twitter (@Matt_Rosenquist)</a> to hear insights, rants, and what is going on in cybersecurity.</p></div>Inaccurate Predictions about Cybersecurity is Dangeroushttps://www.cisoplatform.com/profiles/blogs/inaccurate-predictions-about-cybersecurity-is-dangerous2020-11-12T19:43:30.000Z2020-11-12T19:43:30.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><iframe width="560" height="315" src="https://www.youtube.com/embed/DS4wsFe90SM?wmode=opaque" frameborder="0" allowfullscreen=""></iframe></p><p>I may offend some people, so for those who don’t want to hear my rant, skip this video.</p><p>Recent cybersecurity predictions aren’t just wrong, they are dangerous</p><p>I am disappointed in the recent comments that Michelle Zatlyn, the co-founder and COO of Cloudflare, made regarding the future of cybersecurity. </p><p>She stated Cybersecurity would be "a thing of the past the next decade" and that instead it will work like a water filtration system.</p><p>She is wrong. Dead wrong.</p></div>