podcast - All Articles - CISO Platform2024-03-28T12:33:10Zhttps://www.cisoplatform.com/profiles/blogs/feed/tag/podcastThe Cybersecurity Vault #27 - Incident Materiality and Meeting New SEC Requirements with Malcolm Harkinshttps://www.cisoplatform.com/profiles/blogs/the-cybersecurity-vault-27-incident-materiality-and-meeting-new-s2024-02-13T02:40:14.000Z2024-02-13T02:40:14.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12378848456?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/bNSaj8tE00o?si=4c4N-mkK6GqcQYp5" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p>
<p style="text-align:left;">The new SEC requirements for public companies includes reporting within 4 days of determining that a cybersecurity incident is ‘material’ to the company. But what is materiality? In this episode, I talk with Malcolm Harkins, the Chief Security and Trust officer at HiddenLayer, former CISO at Intel, and fellow at the Institute for Critical Infrastructure Technology (ICIT).</p>
<p> </p></div>Creating A Sustainable Cybersecurity Industryhttps://www.cisoplatform.com/profiles/blogs/creating-a-sustainable-cybersecurity-industry2024-02-05T03:11:50.000Z2024-02-05T03:11:50.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12373717262?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/6Zs5QW2_bW4?si=f8nua4lorzvCN_2O" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">The cybersecurity industry is facing many sustainability challenges. I enjoyed a lengthy discussion with Terry Thompson at Top Cyber Pro to highlight the strategic problems and opportunities! </p><p class="graf graf--p">Give it a watch.</p></div>The Cybersecurity Vault - Now is the Time to Improve Cybersecurity Metricshttps://www.cisoplatform.com/profiles/blogs/the-cybersecurity-vault-now-is-the-time-to-improve-cybersecurity-2024-01-01T21:59:45.000Z2024-01-01T21:59:45.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12343918879?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/HVC_slCxqHs?si=2Qg8yMEalZ89HwdN" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">We are doing cybersecurity metrics wrong! There are better ways and my guest Rick Howard, the CSO at N2K and longtime cybersecurity metrics expert, provides insights into how metrics can support cybersecurity programs and decisions.</p><p class="graf graf--p">This is a timely topic as there are more pressures on CISOs, from new regulations, emerging standards, higher Board expectations, and SEC enforcements, that are increasing the need for better cybersecurity metrics.</p><p class="graf graf--p">Rick and I probably had too much fun in this podcast, arguing and bantering. He brings a wealth of knowledge and experience to the table. I look forward to our next chat!</p><p class="graf graf--p">Follow Rick on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/rickhoward/" target="_blank">https://www.linkedin.com/in/rickhoward/</a></p><p class="graf graf--p">Follow Matthew on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p class="graf graf--p">Subscribe to the Cybersecurity Insights channel: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/CybersecurityInsights" target="_blank">https://www.youtube.com/CybersecurityInsights</a></p></div>SEC Case Against SolarWinds – Has the SEC Gone Too Far?https://www.cisoplatform.com/profiles/blogs/sec-case-against-solarwinds-has-the-sec-gone-too-far2023-12-20T17:20:54.000Z2023-12-20T17:20:54.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12331779677?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/Dydt-TiW1GE?si=WTycnJxB92VsuZL3" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p style="text-align:left;">The SEC case against SolarWinds and their CISO continues to reverberate across the cybersecurity community. I talk with Edward Amoroso, the Founder and CEO of TAG Infosphere, to discuss different aspects of the case and recent SEC requirements for disclosure of material incidents.</p><p> </p><p>SEC official announcement: <a href="https://www.sec.gov/news/press-release/2023-227">https://www.sec.gov/news/press-release/2023-227</a></p><p>SEC Complaint (.pdf) <a href="https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf">https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf</a></p><p>Ed LinkedIn profile: <a href="https://www.linkedin.com/in/edward-amoroso/">https://www.linkedin.com/in/edward-amoroso/</a></p><p>TAG Infosphere website: <a href="https://tag-infosphere.com/">https://tag-infosphere.com/</a></p><p>Follow Matthew on LinkedIn: <a href="https://www.linkedin.com/in/matthewrosenquist/">https://www.linkedin.com/in/matthewrosenquist/</a></p><p>Subscribe to the Cybersecurity Insights channel: <a href="https://www.youtube.com/CybersecurityInsights">https://www.youtube.com/CybersecurityInsights</a></p></div>Debating the SEC Charges Against SolarWinds CISOhttps://www.cisoplatform.com/profiles/blogs/debating-the-sec-charges-against-solarwinds-ciso2023-11-04T00:24:09.000Z2023-11-04T00:24:09.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/12283380258?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/s4lG_9r3uEA?si=2kmFTQeJ-9_Smsyq" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">New podcast episode on a hot cybersecurity topic! Ira Winkler and I discuss the SEC case against SolarWinds and their CISO, from different perspectives! We cover a lot of ground. Listen at your own risk!</p><p class="graf graf--p">The U.S. Securities and Exchange Commission is charging SolarWinds and its CISO with fraud and Internal Control Failures!</p><p class="graf graf--p">This will have a ripple effect on the cybersecurity industry!</p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">SEC official announcement: <a class="markup--anchor markup--p-anchor" href="https://www.sec.gov/news/press-release/2023-227" target="_blank">https://www.sec.gov/news/press-release/2023-227</a></p><p class="graf graf--p">SEC Complaint (.pdf) <a class="markup--anchor markup--p-anchor" href="https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf" target="_blank">https://www.sec.gov/files/litigation/complaints/2023/comp-pr2023-227.pdf</a></p><p class="graf graf--p">Ira Winkler’s LinkedIn Profile: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/irawinkler/" target="_blank">https://www.linkedin.com/in/irawinkler/</a></p><p class="graf graf--p">Follow Matthew on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p class="graf graf--p">Subscribe to the Cybersecurity Insights channel: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/CybersecurityInsights" target="_blank">https://www.youtube.com/CybersecurityInsights</a></p></div>The Cybersecurity Vault - Cybersecurity Efficiency & Maximizing Value with Roger Selshttps://www.cisoplatform.com/profiles/blogs/the-cybersecurity-vault-cybersecurity-efficiency-maximizing-value2023-05-24T16:10:58.000Z2023-05-24T16:10:58.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/wJInjJ6A0E4" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>In this Cybersecurity Vault episode, I talk with Roger Sels about cybersecurity resource efficiency and maximizing value. Roger is a longtime cybersecurity executive and co-founder of a startup that is focused on helping CISOs identify opportunities to optimize their spending for the best possible outcomes.</p><p>Roger and I had a lot of fun talking about cybersecurity efficiency and effectiveness, focusing on basics, strategic thinking, and practical ways to optimize resource utilization! </p><p> </p><p>Connect to Roger on LinkedIn: <a href="https://www.linkedin.com/in/rogersels/" target="_blank">https://www.linkedin.com/in/rogersels/</a></p><p>Follow Matthew on LinkedIn: <a href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p>Watch all The Cybersecurity Vault episodes: <a href="https://www.youtube.com/@thecybersecurityvault" target="_blank">https://www.youtube.com/@thecybersecurityvault</a></p><p>Thanks to our sponsor Eclipz</p></div>Cybersecurity and Privacy Are Needed for Trust – Podcast panel discussionhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-and-privacy-are-needed-for-trust-podcast-panel-disc2023-04-25T17:21:00.000Z2023-04-25T17:21:00.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/11036090470?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/-fO1t-gJn9c" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Cybersecurity and Privacy are both necessary for organizations to earn and maintain trust with their partners and customers.</p><p>This lively discussion brings together privacy, cybersecurity, and business leadership experts to unravel the benefits, risks, and challenges that digital organizations must navigate.</p><p><strong>Panelists:</strong></p><p>Michelle Dennedy and Bryan Lee - privacy experts from Privatus Consulting</p><p>Michael Gurau and Ben Matthews - business strategy consultants from Altman Solon</p><p>and Matthew Rosenquist - cybersecurity expert from Eclipz</p></div>Crucial conversations: Overcoming the 5 Areas Where CISOs Tend to Strugglehttps://www.cisoplatform.com/profiles/blogs/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-2023-03-02T19:28:22.000Z2023-03-02T19:28:22.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10978944873?profile=RESIZE_400x&width=400"></div><div><p>I had a great conversation with Marco Ciappelli and Sean Martin from ITSPmagazine Podcast discussing the mistakes and hard-learned lessons in cybersecurity!</p><p>They are such characters! A fun and informative discussion.</p><p><strong>Podcast:</strong> <a href="https://bluelava.io/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-struggle/">https://bluelava.io/crucial-conversations-overcoming-the-5-areas-where-cisos-tend-to-struggle/</a></p></div>Cybersecurity Insights - Is Cybersecurity Everyones Responsibility with Masha Sedovahttps://www.cisoplatform.com/profiles/blogs/cybersecurity-insights-is-cybersecurity-everyones-responsibility-2023-01-02T20:28:45.000Z2023-01-02T20:28:45.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10923814690?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/82ngAQMAXEI" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Should cybersecurity be everyone's responsibility? I talk with Masha Sedova - Co-Founder & President of Elevate Security to discuss the benefits, challenges, and pitfalls of placing responsibility on employees.</p><p> </p><p>This topic originated from a <a id="hashtag" href="https://www.torum.com/search/?keyword=#cybersecurity" target="_blank">#cybersecurity</a> community thread, where advocates, both for and against, expressed strong opinions about potential myths in the industry that could undermine risk management performance.</p><p> </p><p> </p></div>Nation States are Shifting the Cybersecurity Landscapehttps://www.cisoplatform.com/profiles/blogs/nation-states-are-shifting-the-cybersecurity-landscape2022-12-07T19:52:38.000Z2022-12-07T19:52:38.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10905321462?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/-c1dsluxRfM" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Nations that invest in and conduct offensive cyber-attacks are fundamentally changing the cybersecurity landscape for everyone!</p></div>The Rise of Chief Trust and Security Officershttps://www.cisoplatform.com/profiles/blogs/the-rise-of-chief-trust-and-security-officers2022-11-08T19:23:30.000Z2022-11-08T19:23:30.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10877232261?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/1VSNW6r6YV8" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>In this episode of the Cybersecurity Vault, I talk with Malcolm Harkins (Chief Security & Trust Officer at Epiphany Systems) and Robb Reck (Chief Trust and Security Officer at Red Canary) for a deep dive exploration of why the role exists, and how it can play a crucial part in the future of tech companies.</p></div>Cyber Security Sauna podcast - Matthew Rosenquist on why value is the cybersecurity blind spothttps://www.cisoplatform.com/profiles/blogs/cyber-security-sauna-podcast-matthew-rosenquist-on-why-value-is-t2022-09-13T18:10:01.000Z2022-09-13T18:10:01.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10811183889?profile=RESIZE_400x&width=400"></div><div><div><p><br />I had a great time talking with Mark Fletcher in the Cyber Security Sauna podcast, talking about why Value is the blind spot of cybersecurity and how we should maximize it!<br /> <br /><em>Fun fact</em>: we recorded this <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">podcast</a> in an actual sauna recording booth at <a href="https://thesphere.org/">SPHERE22</a>, the world’s first co-security unconference!</p></div><div> </div><div><p> <iframe style="border:none;" title="Libsyn Player" width="100%" height="90" scrolling="no" allowfullscreen=""></iframe></p></div><div><p>LISTEN TO THE PODCAST: <a href="https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot">https://cybersecuritysauna.libsyn.com/sphere-session-matthew-rosenquist-on-why-value-is-the-cybersecurity-blindspot</a></p></div><div><p> </p></div></div>Cybersecurity Vault #9 with Min Kyriannis - Dangers of Misinformationhttps://www.cisoplatform.com/profiles/blogs/cybersecurity-vault-9-with-min-kyriannis-dangers-of-misinformatio2022-07-07T21:39:37.000Z2022-07-07T21:39:37.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10629082096?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/85RfgT9xyRw" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>I had a great time talking with Min Kyriannis about the dangers of misinformation and how to begin disentangling the online web of lies and half-truths.</p></div>How Cybersecurity Risks Must Be Fixed to Build Trust in Technology Innovationhttps://www.cisoplatform.com/profiles/blogs/how-cybersecurity-risks-must-be-fixed-to-build-trust-in-technolog2022-04-28T17:14:17.000Z2022-04-28T17:14:17.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10446138261?profile=RESIZE_400x&width=400"></div><div><p class="graf graf--p">Thanks to <a class="markup--anchor markup--p-anchor" href="https://dynamicciso.com/the-future-of-cyber-security-and-digital-trust/" target="_blank">DynamicCISO</a> for a great discussion about the changing landscape of cybersecurity and how we must all adapt to drive trust into the global digital ecosystem. The key to our success is to think ahead and show leadership in managing innovation for our benefit.</p><p class="graf graf--p">Topics:</p><ul class="postList"><li class="graf graf--li">State of cybersecurity: Threat Landscape, Preparedness of Enterprises, and Solution Landscape</li><li class="graf graf--li">Countering threats who leverage technology innovation</li><li class="graf graf--li">Why trust in digital tech is the key to future innovation</li><li class="graf graf--li">How to improve the culture of cybersecurity</li><li class="graf graf--li">The future of cybercrime and emerging threats</li></ul><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/En-D1AxGGbM" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p></div>Video Interview - Taxonomy of Cybersecurity Roles & Responsibilities with Deidre Diamondhttps://www.cisoplatform.com/profiles/blogs/video-interview-taxonomy-of-cybersecurity-roles-responsibilities-2022-01-27T04:25:55.000Z2022-01-27T04:25:55.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/10049353469?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/bfgQigoAI2w" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">Dive into the ever-changing roles and responsibilities of the cybersecurity space with seasoned leader Deidre Diamond on this new episode of The Cybersecurity Vault. Learn about some of the industry’s recent and longstanding challenges and how to confidently manage the chaos.</p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Thanks for watching. Let’s communicate and collaborate together. That is how we make cybersecurity strong in protecting the global digital ecosystem.</p><p class="graf graf--p">I put out a new video about every week on various cybersecurity topics, risks, ideas, events and best practices. If you like these cybersecurity videos and are interested in more cybersecurity insights, rants, and strategic viewpoints, please click the Like button and Subscribe to the Cybersecurity Insights channel! <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p class="graf graf--p">Follow me on:</p><ul class="postList"><li class="graf graf--li">LinkedIn: <a class="markup--anchor markup--li-anchor" href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li class="graf graf--li">Medium: <a class="markup--anchor markup--li-anchor" href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li class="graf graf--li">Twitter (@Matt_Rosenquist): <a class="markup--anchor markup--li-anchor" href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>Video Interview: Winning Hearts and Minds for Security with Naomi Buckwalterhttps://www.cisoplatform.com/profiles/blogs/video-interview-winning-hearts-and-minds-for-security-with-naomi-2021-11-10T19:17:10.000Z2021-11-10T19:17:10.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9788479490?profile=RESIZE_400x&width=400"></div><div><p style="text-align:center;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/4eDea9EKYMg" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p">One of the greatest challenges for a cybersecurity leader is to convey the present digital risks upward to the c-suite and Board of Directors. Representing to executive leadership the value of security, which protects the organization’s assets, reputation, capabilities, and people, is vital to gain necessary support or quell resistance for cybersecurity initiatives.</p><p class="graf graf--p">In today’s <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">Cybersecurity Insights podcast</a>, I am talking with Naomi Buckwalter about how to communicate cybersecurity to the Board. Naomi is a virtual CISO, Director of Information Security, and the founder of the Cybersecurity Gatebreakers Foundation. She brings a wealth of experience, insights, and solid recommendations for cybersecurity leaders.</p><p class="graf graf--p">Follow Naomi on LinkedIn: <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/naomi-buckwalter/" target="_blank">https://www.linkedin.com/in/naomi-buckwalter/</a></p><p class="graf graf--p graf--empty"> </p><p class="graf graf--p">Please click the Like button if you found this insightful and subscribe to the Cybersecurity Insights channel for more interviews, best-practices, rants, and strategic viewpoints. <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p class="graf graf--p">Follow me on:</p><ul class="postList"><li class="graf graf--li">LinkedIn: <a class="markup--anchor markup--li-anchor" href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li class="graf graf--li">Medium: <a class="markup--anchor markup--li-anchor" href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li class="graf graf--li">Twitter (@Matt_Rosenquist): <a class="markup--anchor markup--li-anchor" href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>The Cybersecurity Vault - Rohit Parchuri on the Challenges of Securing Future Healthcarehttps://www.cisoplatform.com/profiles/blogs/the-cybersecurity-vault-rohit-parchuri-on-the-challenges-of-secur2021-09-02T21:23:08.000Z2021-09-02T21:23:08.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9525398488?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/ORYPemvEfHk" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p"><strong class="markup--strong markup--p-strong">The Cybersecurity Vault — Episode 2</strong> — The risks and opportunities of securing data are shifting rapidly for the healthcare industry. Rohit Parchuri who serves as the CISO for Collective Health Security, discuses the rapidly changing challenges in healthcare that will affect every American.</p><p class="graf graf--p"><a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w" target="_blank">The Cybersecurity Vault</a> — a straight talk video podcast tackling today’s biggest cyber security challenges and solutions, hosted by Eclipz CISO & cyber security influencer, Matthew Rosenquist.</p><p class="graf graf--p">Cybersecurity Vault channel: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w" target="_blank">https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w</a></p><p class="graf graf--p">To listen to this video in an audio format, find the links to the podcast version below.</p><p class="graf graf--p">Anchor: <a class="markup--anchor markup--p-anchor" href="https://anchor.fm/eclipz-io" target="_blank">https://anchor.fm/eclipz-io</a></p><p class="graf graf--p">Spotify: <a class="markup--anchor markup--p-anchor" href="https://open.spotify.com/show/3XS6uY9M0kNCJEayO5JVbl" target="_blank">https://open.spotify.com/show/3XS6uY9M0kNCJEayO5JVbl</a></p><p class="graf graf--p">To keep up with our host Matthew Rosenquist, follow or connect with him at the link below. <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p class="graf graf--p">For information on Eclipz, our sponsor, see the website below. <a class="markup--anchor markup--p-anchor" href="https://www.eclipz.io/" target="_blank">https://www.eclipz.io/</a></p><p class="graf graf--p">Episodes of The Cybersecurity Vault are produced and edited by Emily Kocis <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/emily-kocis-218002199/" target="_blank">https://www.linkedin.com/in/emily-kocis-218002199/</a></p></div>The Cybersecurity Vault - The Silent War on Digital Privacy with Andy Brownhttps://www.cisoplatform.com/profiles/blogs/the-cybersecurity-vault-the-silent-war-on-digital-privacy-with-an2021-09-02T16:57:29.000Z2021-09-02T16:57:29.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/9524833852?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/hn7xqx6KW1Q" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p class="graf graf--p"><strong class="markup--strong markup--p-strong">The Cybersecurity Vault, Episode 1 </strong> — With the growing influx of sharable personal data and the power it holds in the lives of consumers and companies alike, is it possible to create a digital space that exchanges and protects data while still holding true to values of equity, privacy and accountability? Andy Brown, CEO at Sand Hill East, joins us this week in our quest to answer this question and unpack the potential for good that powerful new digital tools pose along with the dangers of their misuse.</p><p class="graf graf--p">Andy shares his tremendous insights on innovative technology and the biggest problems that the business world is trying to solve around the value and importance of digital data. There are privacy, safety, security, and accountability challenges that industries like healthcare, finance, and technology services organizations must overcome!</p><p class="graf graf--p">Consumers can benefit from digital innovation or they can be victims.</p><p class="graf graf--p"><a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w" target="_blank">The Cybersecurity Vault</a> — a straight talk video podcast tackling today’s biggest cyber security challenges and solutions, hosted by Eclipz CISO & cyber security influencer, Matthew Rosenquist.</p><p class="graf graf--p">Cybersecurity Vault channel: <a class="markup--anchor markup--p-anchor" href="https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w" target="_blank">https://www.youtube.com/channel/UCwyi1gfiJ-MNbNIOuqQx59w</a></p><p class="graf graf--p">To listen to this video in an audio format, find the links to the podcast version below.</p><p class="graf graf--p">Anchor: <a class="markup--anchor markup--p-anchor" href="https://anchor.fm/eclipz-io" target="_blank">https://anchor.fm/eclipz-io</a></p><p class="graf graf--p">Spotify: <a class="markup--anchor markup--p-anchor" href="https://open.spotify.com/show/3XS6uY9M0kNCJEayO5JVbl" target="_blank">https://open.spotify.com/show/3XS6uY9M0kNCJEayO5JVbl</a></p><p class="graf graf--p">To keep up with our host Matthew Rosenquist, follow or connect with him at the link below. <a class="markup--anchor markup--p-anchor" href="https://www.linkedin.com/in/matthewrosenquist/" target="_blank">https://www.linkedin.com/in/matthewrosenquist/</a></p><p class="graf graf--p">For information on Eclipz, our sponsor, see the website below. <a class="markup--anchor markup--p-anchor" href="https://www.eclipz.io/" target="_blank">https://www.eclipz.io/</a></p></div>(Podcast) Analysis Of Gartner Hype Cycle For Security Operations, 2021 With Ryan Benson & Bikash Baraihttps://www.cisoplatform.com/profiles/blogs/podcast-analysis-of-gartner-hype-cycle-for-security-operations2021-08-19T06:53:21.000Z2021-08-19T06:53:21.000Zprithahttps://www.cisoplatform.com/members/pritha<div><p>Gartner Hype Cycle is the most important analyst document which helps to find out the key trends in our Industry. The acceleration in digital transformation has brought about new threats. In the 2021 Hype Cycle for Security Operations, Gartner analyzes 21 profiles and points out that alongside a focus on detection and response, a continuous assessment and exposure-based approach is emerging in the Industry.</p>
<p><strong>Key Points Of Discussion</strong></p>
<ul>
<li>Which are the new technologies/trends in Gartner Hype Cycle - 2021?</li>
<li>How to use insights from Gartner Hype Cycle for your security strategy</li>
<li>Understating the future and emerging new shifts in security landscape</li>
</ul>
<p> </p>
<p><span style="font-size:18pt;"><strong>About Speaker</strong></span></p>
<p><span style="font-size:10pt;">Ryan Benson, Ex Gartner Analyst, Director @ Stratascale</span></p>
<p><span style="font-size:10pt;">Bikash Barai, Co-founder FireCompass & CISO Platform</span></p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Podcast (Recorded)</strong></span></p>
<p><span style="font-size:10pt;"><iframe title="YouTube video player" src="https://www.youtube.com/embed/r00KuIppU1I" width="1120" height="630" frameborder="0" allowfullscreen=""></iframe></span></p></div>Podcast: How To Present Cyber Security Risk To Senior Leadership: Bikash Barai,Co founder CISO Platform & FireCompass & Allan Alford, CISO TrustMaphttps://www.cisoplatform.com/profiles/blogs/podcast-how-to-present-cyber-security-risk-to-senior-leadership-b2021-07-16T08:49:03.000Z2021-07-16T08:49:03.000ZPriyanka Aashhttps://www.cisoplatform.com/members/PriyankaAash<div><p><a href="https://www.cisoplatform.com/profiles/blogs/podcast-how-to-present-cyber-security-risk-to-senior-leadership-b" target="_blank"><img class="align-full" src="{{#staticFileLink}}9256737088,RESIZE_710x{{/staticFileLink}}" alt="9256737088?profile=RESIZE_710x" width="710" /></a></p>
<p>How To Present Cyber Security Risk To Senior Leadership: Bikash Barai,Co founder CISO Platform & FireCompass & Allan Alford, CISO TrustMap<br /> <br /> Today data breaches are almost a daily occurrence and senior leaders and boards of directors want to be assured that their cybersecurity programs are doing enough to defend their organization. However, the security teams are struggling to quantify risks, measure them and present the risks to leadership teams in a way that clearly communicates the reality of the risk an organization is accepting. </p>
<p><strong>Allan Alford, CTO, and CISO TrustMapp joined us for a Fireside Chat with Bikash Barai, Co-Founder, CISO Platform, and FireCompass on “ How To Present Cyber Security Risks To Senior Management?” Allan has been a security veteran who has played the role of CISO more than 5 times in his career, the talk starts with some of his experiences of successful board meetings.</strong></p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Podcast:</strong></span></p>
<p><iframe style="border:none;" title="How To Present Cyber Security Risk To Senior Leadership - Bikash Barai Talks to Allan Alford" src="https://www.podbean.com/player-v2/?i=58246-107495f-pb&from=embed&square=1&share=1&download=1&skin=f6f6f6&btn-skin=8bbb4e&size=300" width="100%" height="300" scrolling="no" allowfullscreen=""></iframe></p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Fireside Chat:</strong></span></p>
<p><iframe title="YouTube video player" src="https://www.youtube.com/embed/W_TyIlLCAaE" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p>
<p> </p>
<p>Reference link for fireside chat & more details on the topic: <a href="https://www.cisoplatform.com/profiles/blogs/how-to-present-cybersecurity-risks-to-the-senior-management">https://www.cisoplatform.com/profiles/blogs/how-to-present-cybersecurity-risks-to-the-senior-management</a></p>
<p> </p>
<p> </p>
<p><span style="font-size:18pt;"><strong>Podcast Summary : </strong></span></p>
<p class="p1"><strong>Q1 - What has been your most embarrassing moment in terms of reporting to the board</strong></p>
<p class="p1">A1 - Generally we have allocated budget. But there was once I had to ask for more money along with my CTO. I prepared to mention why we needed the extra money. But then it wasn’t closed to preparation needed. The board had lots of questions and I was baffled. It did not go well. It’s crucial to understand what the board wants to be able to prepare. This can vary from nature of board members, maturity of company & more</p>
<p class="p1"> </p>
<p class="p1"><strong>Q2 - What were the key factors in one of your most successful board meeting ?</strong></p>
<p class="p1">A2 - Every board is different. Some have security sub-committee. Some board members sometimes do appreciate some technical facts, not all. I had built great relationship with this particular board. And the head of the committee understood technical details more. So, what worked was a story-telling method with some technical data thrown in. Since they were enjoying, I could get into more technical details and they understood. We were able to connect better. That was probably my best experience. Definitely start with a story. Add business aligned data which you can start with. You could add some more technical data but that’s generally not a good starting point</p>
<p class="p1"> </p>
<p class="p1"><strong>Q3 - What do you prepare before board meeting ?</strong></p>
<p class="p1">A3 - First, we’ll assume we already know the board members/had our 1st meeting before.</p>
<p class="p1">Slide 1 - What did we talk about last time? Where did we get to ?What investment did it take ? We basically try to prove the previous investment was a good investment. We discussed I’ll do X and need investment Y and here is the proof of this being done. May involve timeframe based on hw much the board cares about the operations</p>
<p class="p1">Slide 2 - Top 5 Outstanding business risks. Here’s where we stand</p>
<p class="p1">Slide 3 - Here’s what I propose to do to tackle the current risk profile. So this basically becomes slide 1 in the next board meeting</p>
<p class="p1">So the flow is like - here what we did; here’s where we are; here’s what we will do next</p>
<p class="p1"><strong>Tool Tip :</strong> CMMI Analysis which says security score of the organisation. Slowly, we show the increase in betterment of security score. Imperative to highlight the top security risks. Very important to demonstrate the security operations tie to the business goals for the year.</p>
<p class="p1">There’s a huge gap in CISOs understanding of business goal and board along with security. This stitching is very important. Suppose the revenue goal is X ARR. Changing the narrative to find patterns in the customer needs / RFPs.</p>
<p class="p2"> </p>
<p class="p1"><strong>Q4 - How do you build stories ? How do yo capture the heart of the board ?</strong></p>
<p class="p1">A4 - I always start with the classic ‘once upon a time’. We knew I current security risk status and this was a business risk we needed to address. Showing the journey how the high-level risks were mitigated. Gartner has a maturity curve which is a poor man’s CMMI. Milestones are on the Gartner curve. Share the journey and credit the board and business wherever they are due. Winning over clients based on security being key-differentiator. Show the success factors tied to the security which led to the business goal success. Use actual metrics and data to add the pepper (seasoning). If there’s a bad news, share it before the board meeting. Start your meeting with positive vibes. If there’s a major decision to be taken, don’t wait till the board meeting. Talk to board members before hand and get them aligned before hand. Since board meetings are short. Marination is key to having a good barbecue</p>
<p class="p2"> </p>
<p class="p1"><strong>Q5 - How many slide do you typically have in your presentation ?</strong></p>
<p class="p1">A5 - Generally 3 to 5 for a CISO and board meeting. This will be based on how much emphasis the board has on cyber security. In case security is not a big pie of the board meeting, I’d make 1 slide. One of the biggest mistake was when I created a hall of fame and hall of shame by putting together the security scores. This went down badly with the account holders, since they directly saw themselves going down in front of the board.</p>
<p class="p2"> </p>
<p class="p1"><strong>Q6 - What to do during the board meeting ? What works well etc ?</strong></p>
<p class="p1">A6 - Definitely provide the material ahead of time so they have time to digest it and come back with their feedback and questions. I’ll present majorly to the highlight. But I am really looking forward to their questions. They might have questions like they’ve seen the current events in security and whether your organisation is prepared to handle it. Be ready for this ? Is this saving us money ? Gaining money etc. ? A CISO can be prepared for the Q&A and then generally the board meeting with security personal is about 15-20minutes</p>
<p class="p2"> </p>
<p class="p1"><strong>Q7 - Example of business metric connection with security</strong></p>
<p class="p1">A7 - Here are generally a few examples of busines alignment.</p>
<ul>
<li class="p1">Accelerate time to market. </li>
<li class="p1">Standout of competition.</li>
<li class="p1">Operational efficiency.</li>
</ul>
<p>Let’s say you have a massive role of Zero Trust in Covid. To improve efficiency, you need to make sure everyone is empowered to work from home and pumps up work from home. Mention the X factor and Y factor associated with the efficiency impact when you implemented zero trust. <br />Example MFA (multi-factor authentication). This one needs more technical details. Then show how it ties to the business goal, business risk, maturity score.</p>
<p class="p2"> </p>
<p class="p1"><strong>Q8 - Suppose you have to build a SOC. Example of showing this to the board ?</strong></p>
<p class="p1">A8 - A SOC for example. Obviously the highest risk is dealing with unknown. Not knowing what’s going on. So SOC does that. Show the reports from Gartner, CMMI that show it’s a huge business risk. Demonstrate SOC adheres to 1 or more aligns with the business goal even partial certainly helps. For e-commerce company, SOC can be used to prevent fraud which has business impact</p>
<p class="p2"> </p>
<p class="p2"><strong>Q9 - What not to include in board meeting ?</strong></p>
<p class="p1">A9 - Start with all the things you share with your team, then what you share with the peers, then what you share with the CEO. Then start rejecting what doesn’t fit into your board meeting goals. Have some basic links in the slide which has 2nd level detail. Since we start with the full folder, we can go back to details if and when needed. Demonstrate security and business control with the board.</p>
<p class="p2"> </p>
<p class="p2"><strong>Q10 - Success factors in board meeting ?</strong></p>
<p class="p1">A10 - Never include something you want to do once. Keep the same structure you will consistently present to the board. No experiments, always make sure it’s sustainable</p>
<p class="p2"> </p>
<p class="p2"><strong>Q11 - Any follow through post board meeting ?</strong></p>
<p class="p1">A11 - Having someone with you at the meeting, so they can note the commitments at the meeting. Summarise and mention the things you’re now due to do and set in the timelines. If possible, do it at the meeting. See if any areas have challenges. It sorts things and unrealistic expectations</p>
<p class="p1"> </p>
<p class="p1">(Reference link for fireside chat & more details on the topic: <a href="https://www.cisoplatform.com/profiles/blogs/how-to-present-cybersecurity-risks-to-the-senior-management">https://www.cisoplatform.com/profiles/blogs/how-to-present-cybersecurity-risks-to-the-senior-management</a>)</p></div>Top 10 Things the Industry Can Do Now to Mitigate Digital Supply-Chain Attacks!https://www.cisoplatform.com/profiles/blogs/top-10-things-the-industry-can-do-now-to-mitigate-digital-supply-2021-05-11T18:35:34.000Z2021-05-11T18:35:34.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8914003674?profile=RESIZE_400x&width=400"></div><div><p>The SolarWinds and Exchange supply-chain attacks have highlighted how vulnerable 3rd party and vendor security is for every organization. </p><p> </p><p>The industry must fundamentally change to manage the growing risks and it will take time. There are some steps we make to greatly improve the situation in the short-term.</p><p> </p><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/lUwejP_4gkI" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>There are steps we can make to greatly improve the situation in the short term to mitigate these types of menacing attacks.</p><p> </p><p>In today's video, I cover the Top 10 things we can do NOW to greatly mitigate supply-chain attacks. </p><p>For every organization out there, vendors, supplier and customers, I suggest to apply what you can.</p><p> </p><p>Let me know in the comments section if you agree/disagree or if I missed anything!</p><p> </p><p> </p><p>Interested in more cybersecurity insights, rants, and strategic viewpoints? </p><p>Subscribe to the Cybersecurity Insights channel on YouTube: <a href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p> </p><p>Follow me on:</p><ul><li>LinkedIn: <a href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li>Medium: <a href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li>Twitter (@Matt_Rosenquist): <a href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>Joshua Corman Talks To Bikash Barai On Importance Of Public Safety In Cybersecurityhttps://www.cisoplatform.com/profiles/blogs/joshua-corman-talks-to-bikash-barai-on-importance-of-public-safet2021-04-27T13:11:17.000Z2021-04-27T13:11:17.000ZPriyanka Aashhttps://www.cisoplatform.com/members/PriyankaAash578<div><p><span style="font-weight:400;"><a href="https://www.cisoplatform.com/profiles/blogs/joshua-corman-talks-to-bikash-barai-on-importance-of-public-safet" target="_blank"><img class="align-full" src="{{#staticFileLink}}9331752491,RESIZE_710x{{/staticFileLink}}" width="710" alt="9331752491?profile=RESIZE_710x" /></a></span></p>
<p> </p>
<p><span style="font-weight:400;">In our first episode of “<strong>CISO Platform Security Show</strong>”, our host and founder of CISO Platform Bikash Barai spoke with Joshua Corman, founder of “I am Cavalry” and a security veteran, who is extremely passionate about public safety in cybersecurity. </span></p>
<p><span style="font-size:14pt;"><strong>Listen To The Podcast In Your Favourite Platform:</strong></span></p>
<div class="subs">
<div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://podcasts.apple.com/us/podcast/importance-of-public-safety-in-cybersecurity-bikash/id1576638419?i=1000528936885">
<img style="margin-bottom:15px;" class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/apple.png" alt="apple.png" /> </a>
</div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://open.spotify.com/episode/1GD81Hst4ChzLU5ukVpbd9">
<img style="margin-bottom:15px;" class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/Spotify.png" alt="Spotify.png" /> </a>
</div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://music.amazon.com/podcasts/21f57d92-f673-4fa6-b638-8824bfc767a6/episodes/aeb01c37-a641-481a-a998-c7c030526ae8/the-ciso-platform-security-show-in-association-with-firecompass-importance-of-public-safety-in-cybersecurity-bikash-barai-talks-to-joshua-corman">
<img style="margin-bottom:15px;" class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/Amazon-Logo-Transparent-PNG.png" alt="Amazon-Logo-Transparent-PNG.png" /> </a>
</div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://podcasts.google.com/feed/aHR0cHM6Ly9mZWVkLnBvZGJlYW4uY29tL2Npc29wbGF0Zm9ybS9mZWVkLnhtbA/episode/Y2lzb3BsYXRmb3JtLnBvZGJlYW4uY29tLzY1MzZjYzU3LTk0ZjUtMzYwMS1iZDA3LTU1YTg4ZDVhNTM5ZQ?sa=X&ved=0CAUQkfYCahcKEwjQx6bN5KryAhUAAAAAHQAAAAAQAQ">
<img class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/google.png" alt="google.png" /> </a>
</div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://cisoplatform.podbean.com/e/joshua-corman-talks-to-bikash-barai-on-importance-of-public-safety-in-cybersecurity/">
<img class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/podbean.png" alt="podbean.png" /> </a>
</div>
<div class="col" style="margin:10px 10px 10px 0;width:60px;float:left;">
<a target="_blank" href="https://amp.pandora.com/user/8ecad6e6ef46704f1512e210ad112f14/podcasts">
<img class="img-fluid" src="https://www.firecompass.com/wp-content/uploads/2021/07/pandora.png" alt="pandora.png" /> </a>
</div>
</div>
</div>
<br />
<br />
<p><span style="font-size:14pt;margin-top:40px;display:block;"> </span></p>
<p><span style="font-weight:400;">Talking about what built Joshua’s interest in cybersecurity, Joshua mentions that people think policies ruin technology. But an author “David Rice” in a book mentioned that software is becoming concrete today. Like steel and concrete are pervasive or ubiquitous structures. But they are invisible because they are dependable and reliable. No one sits fearing that the building you are sitting in will suddenly collapse. </span></p>
<p><span style="font-weight:400;">Also, the failure rate in cybersecurity is 100%, everyone in the US has lost a credit card and despite spending lots of money on PCI compliance, 100s of fortune 500 companies have lost intellectual property and trade secrets. Due to espionage or other forms of hacking. So on a long enough timeline, you know, we can't actually secure things. </span></p>
<p><span style="font-weight:400;">Also, if you take that failure rate and now that we're putting software in medical devices, in our cars and our bodies in our voting systems, public infrastructure, oil and gas pipelines, trains, airplanes, that failure rate won't be acceptable because we're going to have a very different consequence of failure.</span></p>
<p><span style="font-weight:400;">So while Joshua does have a private-sector career, his passion is making sure that people understand the awesome responsibility that comes with cybersecurity as a profession. Because if the world is increasingly depending on digital infrastructure and it's not yet trustworthy or defensible, it falls to us to do our best, to not just protect our computers or our company, but also contribute to public safety as well.</span></p>
<p> </p>
<p><span style="font-size:14pt;"><strong>You May Listen To The Podcast Below </strong></span></p>
<p><span style="font-size:14pt;"><strong><iframe style="border:none;" title="Joshua Corman Talks to Bikash Barai On Importance Of public Safety In Cybersecurity" src="https://www.podbean.com/player-v2/?i=zikvc-101e008-pb&from=embed&square=1&share=1&download=1&skin=1&btn-skin=7&size=300" width="100%" height="300" scrolling="no" allowfullscreen=""></iframe></strong></span></p>
<p><span style="font-size:14pt;"><strong>Show Notes </strong></span></p>
<ul style="float:right;">
<li style="font-weight:400;"><span style="font-weight:400;"><span style="text-decoration:underline;"><strong>Learnings For CISO’s</strong></span> -</span><span style="font-weight:400;"> Joshua talks about a few learnings for CISOs from his personal experience. He mentions one of the few things the CISO needs to do when they get appointed is planning the first 80-90days. And that should involve asking questions and learning and understanding the organization. Understanding the local language, the lexicon, and doing a high-level cap analysis. </span></li>
</ul>
<p> </p>
<ul>
<li style="font-weight:400;"><strong><span style="text-decoration:underline;">Presenting To Board Members</span></strong><span style="font-weight:400;"> - Joshua gives out a checklist for how to manage talking to the board when you are a new CISO. Says the board needs to be respected for their skill and experience and they should be told about your organizational priorities. </span></li>
</ul>
<p> </p>
<ul>
<li style="font-weight:400;"><strong><span style="text-decoration:underline;">Hacking</span></strong><span style="font-weight:400;"> - Talking about hacking Joshua says “Hacking is like magic, there are bad wizards like Voldermort and then there are good people like Harry potter. Depends on how you use it.”</span></li>
</ul>
<p> </p>
<ul>
<li style="font-weight:400;"><strong><span style="text-decoration:underline;">Preparing A Board Presentation</span> </strong><span style="font-weight:400;">-Joshua makes a point on preparing the board presentation, says one doesn’t get too many slides to make. So one needs to “really prioritize the salient points. The board has every right to ask questions and follow-ups, so sometimes one may want to prioritize the things that would provoke more questions, and they are inviting you to do it.</span></li>
</ul>
<p> </p>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;"><strong><span style="text-decoration:underline;">Advice To CSOs</span> </strong>- </span><span style="font-weight:400;">Joshua says “ know what you are good at, improve, what you're good at and bring your compliment and your skill and your talents to that, to make the world a better place sooner”. </span></li>
</ul>
<p> </p>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;"><span style="text-decoration:underline;"><strong>Getting Ready For Failure</strong></span> - Joshua talks about accepting failure, with reinforcement that all systems will fail. But one needs to know how to avoid failure. </span><span style="font-weight:400;"> How do you tell it, tell the public how you avoid failure. And most important is what do you learn from your failure. And finally, how do you recover from it. </span></li>
</ul>
<p> </p></div>What’s Broken with M&A Cybersecurityhttps://www.cisoplatform.com/profiles/blogs/what-s-broken-with-m-a-cybersecurity2021-04-27T00:07:53.000Z2021-04-27T00:07:53.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><img src="https://storage.ning.com/topology/rest/1.0/file/get/8838591454?profile=RESIZE_400x&width=400"></div><div><p><iframe title="YouTube video player" src="https://www.youtube.com/embed/A8tsWZEPjmU" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p><p>Cybersecurity for Mergers and Acquisitions is a mess. There are a surprising number of significant unforeseen risks that can wreak havoc on M&A deals. In this week’s fireside chat, I am joined by Justin Daniels, General Counsel/Cybersecurity/Data Protection SME at Baker Donelson, and Alex Rayter, Principal at Phoenix 2.0 Inc, to discuss the due diligence, risks, and recommendations to better understand and manage the challenges.</p><p>I spent several years involved with Intel Corp. M&A projects, led the cybersecurity team, and built the processes to evaluate and manage cyber risks. Justin and Alex are currently working to help clients understand the challenges and deal with the repercussions. In our chat, we share our insights, experiences and provide insights to how acquiring companies should carefully maneuver.</p><p>Let us know your experiences and if your organization is taking cybersecurity seriously when dealing with mergers, acquisitions, and divestitures.</p><p> </p><p>Interested in more cybersecurity insights, rants, and strategic viewpoints?</p><p>Subscribe to the Cybersecurity Insights channel on YouTube: <a href="https://www.youtube.com/c/CybersecurityInsights" target="_blank">https://www.youtube.com/c/CybersecurityInsights</a></p><p>Follow me on:</p><ul><li>LinkedIn: <a href="https://www.linkedin.com/today/author/matthewrosenquist" target="_blank">https://www.linkedin.com/today/author/matthewrosenquist</a></li><li>Medium: <a href="https://medium.com/@matthew.rosenquist" target="_blank">https://medium.com/@matthew.rosenquist</a></li><li>Twitter (@Matt_Rosenquist): <a href="https://twitter.com/Matt_Rosenquist" target="_blank">https://twitter.com/Matt_Rosenquist</a></li></ul></div>AI and Cybersecurity Awareness Podcast - Cyber Risk Leaders Tell Allhttps://www.cisoplatform.com/profiles/blogs/ai-and-cybersecurity-awareness-podcast-cyber-risk-leaders-tell2020-06-02T19:14:38.000Z2020-06-02T19:14:38.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p>How will AI change the strategies of cybersecurity? Where will we see the first big impacts of attackers using AI? </p><p></p><p>Watch the Cyber Risk Leaders podcast... </p><p style="text-align:center;"><iframe width="560" height="315" src="https://www.youtube.com/embed/Pu2EgD-cmc4?wmode=opaque" frameborder="0" allowfullscreen=""></iframe></p><p>Shamane Tan and Carmen Marsh were wonderful hosts. I had a fantastic time talking about AI and cybersecurity in the Cyber Risk Leaders podcast. Additionally, Jonathan Hiroshi Rossi explains the success of organizing 10x Cybersecurity Awareness Tour across 30 countries and the value of educating all types of audiences about cybersecurity.</p><p> </p><p>Podcast: 'Cyber Risk Leaders' Tell All @ The Global Virtual Book Club EP 2: <a href="https://www.youtube.com/watch?v=Pu2EgD-cmc4">https://www.youtube.com/watch?v=Pu2EgD-cmc4</a></p></div>CyberPro Podcast - Focus of Cybersecurity is to Manage Digital Risk – Matthew Rosenquisthttps://www.cisoplatform.com/profiles/blogs/cyberpro-podcast-focus-of-cybersecurity-is-to-manage-digital-risk2021-02-24T21:40:56.000Z2021-02-24T21:40:56.000ZMatthew Rosenquisthttps://www.cisoplatform.com/members/MatthewRosenquist<div><p><iframe width="560" height="315" src="https://www.youtube.com/embed/UCKDMUaqJrM?wmode=opaque" frameborder="0" allowfullscreen=""></iframe></p><p>I had such a great time talking about the challenges, chaos, and importance of cybersecurity to preserve trust in digital technology.</p><p>6 Questions in a 9 Minute format!</p><p>Thanks <a href="https://www.linkedin.com/in/ACoAAA55rrIBGkZmaYZX-SdKGWgo2k51EcpdEbw" target="_blank">Rick Mischka</a><span> </span>and <a href="https://www.linkedin.com/company/shortarmsolutions/" target="_blank">ShortArm Solutions, Inc. / Cyber Pro Podcast</a>.</p></div>Fireside Chat - Running A Cyber Crisis Drill For The US Government, Homeland Security & Tabletops For Enterprise Board Membershttps://www.cisoplatform.com/profiles/blogs/fireside-chat-running-a-cyber-crisis-drill-for-the-us-government-2021-02-17T08:00:00.000Z2021-02-17T08:00:00.000ZPriyanka Aashhttps://www.cisoplatform.com/members/PriyankaAash578<div><p><iframe src="https://www.youtube.com/embed/HnXvq3VTBQI?wmode=opaque" width="560" height="315" frameborder="0" allowfullscreen=""></iframe></p>
<p>In our recent Fireside chat episode, we had a very well known author and cybersecurity professional, Dan Lohrmann, presently the CSO and Chief Strategist at Security Mentor Inc, and Bikash Barai, Co-Founder FireCompass discuss a bunch of things on how to effectively run a cyber crisis drill with the US Government and tabletops for enterprise board members. Below is a summary of the discussion for your reference. </p>
<p> </p>
<p> </p>
<h3><span style="font-size:18pt;"><strong>A Real-Life Crisis Example</strong></span></h3>
<p>Dan Lohrmann spoke about The NorthEast blackout of 2003, when even though the US government was prepared for Y2K, and yet 3 years later there was a power blackout in Michigan. While the govt thought it was another terrorist attack, and everyone thought it was a hacker attack but turned out it was not.</p>
<p>The point to note here was, no amount of preparation can really set you up for what is to come, and no situation will be a replica of each other. While the teams had prepared for Y2K. this blackout was still a different scenario. </p>
<p>Dan also mentioned that <strong>“security needs to be enabling, security folks need to come up with solutions and not just the problems”</strong>. </p>
<p> </p>
<p> </p>
<h3><span style="font-size:18pt;"><strong>An Exert From A Large Scale Cyber Crisis Drill </strong></span></h3>
<p>With about two decades of experience in working with the US government, Dan had some very interesting stories about cybersecurity drills to share with us. </p>
<p>The US government conducts an exercise called the Cyber storm that happens every two years. Currently, the government is on the 7th cyber storm and it is a week-long exercise.</p>
<p>Talking about the 1st Cyber Storm that happened in 2006. Dan mentions a scenario like what was shown in Die Hard 4, a catastrophic environment. A 9/11 kind of scenario was created, which was made up and yet real. Some of the biggest things were considered blown up, like the data center and most other things were hacked for over two days. The security team was overwhelmed and done by the end of it. </p>
<p>However, after two days, they were told to train the team. They had to get a bull mainframe, a general comprehensive operating system. This was necessary to pay the employees. The two bull mainframes that the team had were unusable.</p>
<p>When they contacted the bull headquarters in France to get a bull mainframe. The real cost of $12Million was hiked to $45 Million, considering it was the last piece that was in demand. The team managed to get it in $23Million after negotiation.</p>
<p>Before ending the exercise the last step is to have a “Hotwash”, where everyone discusses what went wrong, how the responses could have been better, and how in the future one can avoid these scenarios. </p>
<p>A fact pointed out during this time by a very well-known security professional was that the amount paid for the bull mainframe felt like extortion and as if you are held for a ransom. And in 2003 ransomware was farfetched, but today it’s a reality. It’s the number one story in cyber threats, while it gathered momentum in 2013 or 2014, by 2019 it became the biggest threat. And last year the attacks doubled. </p>
<p>Dan mentions <strong>“The point to consider here is one can’t predict today what’s going to happen in cybersecurity 5years from now. Coz the bad guys are constantly trying to infiltrate the networks. They are constantly trying new ways to make money”</strong> </p>
<h3> </h3>
<p> </p>
<h3><span style="font-size:18pt;"><strong>Conducting Table Tops For Enterprise Board Members </strong></span></h3>
<p>Here are some of the points discussed by Dan about conducting tabletops for enterprise board members. </p>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">The board members as a part of the exercise, because the leaders need to know what happens when there is a data breach or a ransomware attack. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">You need to have leaders from legal and finance and of course the CIOs and CISOs on board. Also, experts in different business areas, because you do know which area would be hit. For example, if a hospital is hit, the response will be different from a bank. So the leaders from different sectors need to be involved in a government drill.</span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Next, we go to CSRC ( computer security resource center), to ask the experts what would be the role of each team during the exercise. For Example, what the legal team will be doing or the tech team will be doing when such a situation arises. Questions such as “should the ransom be paid?” can be asked too. </span></li>
</ul>
<p> </p>
<p>Bikash mentioned that while driving a similar drill with an organization, something similar was conducted. Like deciding what each department should be doing at a time like this. For example, the PR and media team should be drafting responses. </p>
<p>The idea is to convert this into action items for each team. And the exercise can be broken into two parts. Where on the 1st day, people will get to know what they are supposed to do, and then the next time action items can be made. </p>
<p>To this Dan mentioned that most people who are coming to this drill need to be prepared in advance, they need to come with a plan. If a tabletop is stretched for too long, the continuity is lost. The role of cyber insurance agencies is important too when an attack scenario is pictured.</p>
<p>In one of the ransomware attacks that happened to a non-profit organization in Michigan, their data was encrypted, and they had not done a good job of taking it back up either. So their backups were encrypted too. Even though they had cyber insurance, they did not wish to pay. But the insurance company said it’s the company's decision but they could talk to the bad guys to bring the ransomware amount down and they did bring it to $1.2Mil from $5Mil. And if they had not paid the ransom they would need about $8Mil to restore all their data.</p>
<p> As a takeaway Bikash says “ I would like to say that when you do these exercises in one go you expect people to come prepared. And in my experience when people don’t know what to come prepared with, you do need a second round to make action items”. </p>
<h3> </h3>
<h3> </h3>
<h3><span style="font-size:18pt;"><strong>Things Absolutely Important For Tabletops</strong></span></h3>
<p>Dan put down these points that are very important for conducting tabletops - </p>
<p> </p>
<ol>
<li style="font-weight:400;"><span style="font-weight:400;">Prepare people in advance with a scenario before it hits them - like study real-life attacks that happened in the same industry. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Let people know of their role in managing the crisis. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Throw some curveballs at the people who are participating, for example, you select a few people and remove them from the exercise and ask them to be spectators. This is only to create a scenario, where you assume that few very critical people are not present in the scene during the attack, and in that case how the situation is handled. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">A lot of people get through the exercise and then feel they are done for a year. But there needs to be an action item for everyone. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Ask people for feedback in the end. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">And make sure people are attentive when the tabletops are going on. </span></li>
</ol>
<p> </p>
<p>Bikash recalls “ I remember one of my failure cases. Where few stakeholders entered the room about half an hour late and missed the complete context and the setting. So during the session, they mentioned that they can revive everything from the backup and we threw this curveball that the backup is encrypted too. This created a lot of confusion in the room. So I completely agree with what you mentioned about people needing to be on time and attentive when such exercises are on”. </p>
<p> </p>
<p>Dan adds “You want to always grow, the exercise should have goals and outcomes. But what is most important is, every time you do these exercises, the people are different so the nature of the exercise changes. Each time the participants are different and their nature of response would be different.” </p>
<p> </p>
<p> </p>
<h3><span style="font-size:18pt;"><strong>Predictions for 2021 - Trends</strong></span></h3>
<p>Some of the cybersecurity trends discussed by Dan and Bikash for 2021 were -<strong> </strong></p>
<ul>
<li style="font-weight:400;"><span style="font-weight:400;">Ransomware will evolve and change, we have already seen too many of these threats in the last year. The prediction is: it will only grow this year. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">With work from home becoming more and more common, multiple risks and threats are getting introduced. A lot of vendors are saying that your home network is a headquarter for hackers. </span></li>
<li style="font-weight:400;"><span style="font-weight:400;">Cloud adoption is on the rise, so cloud security is becoming more and more important. </span></li>
</ul>
<p>Bikash mentions that “ <strong>The attack surface has changed so much for organizations. People today don’t know all the assets they have or their complete attack surface. And it is continuously changing.</strong> Even the home routers, and people who are working from home, are all now part of the extended attack surface. And teams are creating new cloud assets and no one keeps a track of that. And the cloud is something that scales everything, it can scale security and it can also scale insecurity. </p>
<p>While I am a big believer in the cloud and I believe cloud, in the long run, will be more fruitful if it is utilized correctly. But what is scary at this point is that people are still not doing their cloud configuration correctly and there are about half a million open databases on the cloud currently. </p>
<p>I also want to emphasize response and recovery plans for organizations, coz it’s not always about protection. If an attack happens one needs to recover too.” </p>
<p> </p>
<p>To conclude they agreed that the industry is slowly moving towards consolidation, with zero trusts and cloud. </p>
<p> </p>
<p> </p>
<p><a href="https://www.firecompass.com/free-ransomware-assessment/" target="_blank"><img class="align-full" src="{{#staticFileLink}}9219751288,RESIZE_710x{{/staticFileLink}}" alt="9219751288?profile=RESIZE_710x" width="710" /></a></p></div>