Many organizations are ill-prepared when it comes to making sure their hospital is protected from risk, both from an organizational and IT standpoint. It's increasingly important to have a concrete risk assessment strategy, one that explicitly includes utilizing third-party (vendor) risk management. When our guest, Jesse Fosolo, joined St. Joseph’s Health in August of 2014, he's completely flipped the risk assessment and IT protocols at the hospital on its head, partnering with the legal team—more specifically, General Counsel/Chief Operating Officer, Ebony Riley. This connection between the CISO and legal counsel has proven to be a huge win for risk management throughout the organization, mapping risks through various security frameworks, including HIPAA, NIST CSF, HITRUST, and others.Listen in to get some third-party risk management insights from this New Jersey-based, 1000+ provider, 150+ location network healthcare organization created a Vendor Risk Management strategy as this dream team discuss their journey down risk management lane.____________________________GuestsEbony RileyAssociate Council, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/ebonyriley/Jesse FasoloDirector, Technology Infrastructure & Cyber Security, Information Security Officer, St. Joseph's Health (@sjh_nj)On LinkedIn | https://www.linkedin.com/in/jessefasolo/____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

As is common for the Redefining Security show, conversations are often inspired by a social post. This one about standards is no different. However, what you think about standards may be different after you listen to this episode.Some of the social comments we discuss:For a standard to be good it has to align with current capabilities and business objectives. When they don't, problems arise.Security without usability is useless.The best thing about standards at $currentEmployerName is that there are so many to choose from.What are your views on the value of standards?____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerAccidental CISOOn Twitter | https://twitter.com/AccidentalCISO____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebArcher: https://itspm.ag/rsaarchweb____________________________ResourcesInspiring Tweet | https://twitter.com/AlyssaM_InfoSec/status/1479210767513755648____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The sea is broad and deep. So is the information that is created by and for the maritime vessels floating around and underneath the surface. What is this information used for? And how can it be misused?Some OSINT should give us a few answers. Let's hear from a hacker with a passion to explore this world of open source intelligence generated by the maritime industry - commercial, defense, and otherwise.All aboard!____________________________GuestRae BakerOn LinkedIn | https://www.linkedin.com/in/rae-baker-7668644b/On Twitter | https://twitter.com/wondersmith_raeOn YouTube | https://www.youtube.com/channel/UCdPwaG4HiqFR8nV2jg_IXBw____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesOSINT on the Ocean: Maritime Intelligence Gathering Techniques - https://wondersmithrae.medium.com/osint-on-the-ocean-maritime-intelligence-gathering-techniques-2ee39e554fe1Maritime OSINT: Port Analysis - https://wondersmithrae.medium.com/maritime-osint-port-analysis-d09b4531728dYouTube: Layer 8 2020: OSINT On The Ocean: Maritime Intelligence Gathering - https://www.youtube.com/watch?v=mfHYE5XanfwYouTube: Layer 8 2021: Illuminating Maritime Supply Chain Threats using OSINT: A Suez Canal Post Mortem - https://www.youtube.com/watch?v=GGIuP6fMZ2g____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

It's time to change the way we think about cyber security training. Evidently, the cybersecurity community agrees — just look at the post made recently by Eric Thomas (you can find it in the resources section).To help us with this endeavor, Eric, a practitioner and training professional, takes us on a journey into the past, present, and future of bringing the next wave of cybersecurity professionals to market.____________________________GuestEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4Extra____________________________This Episode’s SponsorsImperva: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesInspiring post: https://twitter.com/TheEis4Extra/status/1419154490435964929____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Back in 2013, I wrote a piece for TechTarget (sadly, it’s no longer online). It focused on mobile security and app security and referenced a report that included some interesting open source software stats that showed one particular shared library’s use outpacing the others by a longshot. Can you guess which one? 🤔Eight years later, that same library is making the news again — arguably, on a much grander scale.Let's discuss. Let's learn. Let's enjoy this much-needed no-FUD, no-BS conversation. We recorded this one live - which you can watch here if you like.Ready? GO! 📺🎙🤘____________________________GuestsAlyssa MillerOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/alyssa-millerOn LinkedIn | https://www.linkedin.com/in/alyssam-infosec/On Twitter | https://twitter.com/AlyssaM_InfoSecKatie NickelsOn LinkedIn | https://www.linkedin.com/in/katie-nickels-631a044/On Twitter | https://twitter.com/likethecoinsEric ThomasOn LinkedIn | https://www.linkedin.com/in/thomasthetech/On Twitter | https://twitter.com/TheEis4ExtraMark NunnikhovenOn LinkedIn | https://www.linkedin.com/in/marknca/On Twitter | https://twitter.com/marknca____________________________This Episode’s Sponsors ____________________________ResourcesWatch the live recorded webcast: https://youtu.be/4gZoHp5LYVESimple overview video from Mark: https://www.linkedin.com/feed/update/urn:li:activity:6876932435272101888/  https://twitter.com/marknca/status/1471187984741507073____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

It seems that nearly every enterprise is in the midst of a cloud transformation. This begs the question, how and where does information security transformation fit into this bigger IT and business picture?That's exactly what we get to discuss with our guest, Helen Oakley, as she shares some thought-provoking insights regarding secure cloud transformation strategies, roadmaps, and best practices. We get to dig into her Sector CA session, Epic journey of an enterprise cloud transformation, as well.____________________________GuestHelen OakleyOn LinkedIn | https://www.linkedin.com/in/helen-oakley/On Twitter | https://twitter.com/e2hln____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/epic-journey-of-an-enterprise-cloud-transformation-while-building-security/More about Leading Cyber Ladies: https://leadingcyberladies.com/On Twitter | https://twitter.com/LadiesCyberOn LinkedIn | https://www.linkedin.com/company/leading-cyber-ladies____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The problem is not the problem, it is the way you think about the problem. Get outside the box.Fear, manipulation, influence, and deceit are some of the most powerful tools in the arsenal used by nation-state attackers and criminal actors. The most significant breaches have not occurred just because of flaws in software, or lack of proper controls. They have occurred because of the flaws in our way of thinking about the problems. Determined adversaries will use every tool in order to gain an advantage whether it’s hardware, software or wetware.Join us as our guest, Morgan Wright, takes us into the mind of the attackers from a non-technical view and explore the psychology of cybersecurity.GuestMorgan WrightOn LinkedIn | https://www.linkedin.com/in/morganwright150/On Twitter | https://twitter.com/morganwright_us____________________________This Episode’s SponsorsArcher: https://itspm.ag/rsaarchwebHITRUST: https://itspm.ag/itsphitweb____________________________ResourcesSector CA Session: https://sector.ca/sessions/what-elon-musk-and-spacex-can-teach-us-about-ransomware-and-cybersecurity/More from Morgan: https://www.morganwright.us/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Product Management: the team responsible for new product development. Information Security: the team responsible for ensuring systems and data are protected from inaccessibility, loss, theft, and misuse. How and where do these two teams collide? Let's find out.In today's episode, we catch up with information security leader Christie Chaffee. We dig into what product management is compared to security product management, looking at the connection (or disconnection, as is the case for many organizations) between the two. Tune in to hear about overlapping goals, common challenges, best practices, and more.GuestChristie ChaffeeOn LinkedIn | https://www.linkedin.com/in/ciecee/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We keep hearing the mantra that CISOs and CSOs need to be business leaders. So how come we keep seeing job descriptions and hearing about interviews that focus on the technical certifications like the CISSP and many others? That's exactly the question posed in a post on LinkedIn that caught our attention - and that of many others!Join us for a candid conversation with the post's author, a current CIO and CISO, Brian Bobo, as we explore the realities of what a CISO should be focused on and why relying on a technical security certification could turn the business looking in the wrong direction and leaving their risk profile in a bad way.From The LinkedIn PostI don’t post much but I need to go on a bit of a rant. I earned my CISSP years ago. As I am updating my CPEs to stay current I realize that almost nothing I do as a CISO counts for CPEs, I don’t even see a place to document incident management. And what does count can only really be categorized under the Security and Risk Management domain. Presenting, educating, serving on ISC(2) boards are all well and good but they still don’t make me a better CISO. There is nothing about strategy, leadership, presenting to a board, incident management, etc. As a CISO, strategy and leadership should be your focus. You should hire then allow and enable great people to do their jobs. So we need to STOP requiring Directors and above to have a CISSP and start thinking about these as leadership positions with a security focus.____________________________GuestBrian BoboOn LinkedIn | https://www.linkedin.com/in/brianbobo/____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb____________________________ResourcesLinkedIn thread that inspired this conversation: https://www.linkedin.com/posts/brianbobo_stop-requiring-cisos-to-have-a-cissp-i-don-activity-6841017539837997056-HGwu/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Leadership can make or break an organization's chance for success, and eventually, it will.  It doesn't matter what company, organization, or community teams you lead—all you do and how you do it matters for the end result.Given the nature of the function within the cybersecurity industry, someone may think that their style needs to be more decisive than most; that maybe they even and get some "wild cards" due to the uniqueness of their role. The truth is that there is no "uniqueness" in this industry, and the basic rules of effective leadership work the same for all. You are either a good leader, or you are not.Today's conversation extends well beyond cybersecurity as our guest, Scott Olson, brings to bear the realities of what it takes to be a leader in any industry, in any function, and find fulfillment in a leadership position. Becoming a leader doesn't happen magically. It also doesn't require you to excel in the roles you lead or know what it feels like to be in any position you oversee. Instead, it involves understanding and embracing the big picture and transitioning your sense of self-worth when needed."The mistake that we make in the leadership industry is that we think behaviors correlate to performance: here are the ten things that great leaders do; here are the five things that great leaders avoid. I'm an influenced leader. I'm a charismatic leader. I'm a servant leader. People don't follow you because you're a specific type of leader. People don't even follow because they like you. What I've found is that people follow you if they know you like them if they know that you value them, that you see who and what they are, that you appreciate what they're capable of, and that you appreciate that they are doing what you need." —Scott OlsonWhat does "being fascinated" have to do with good leadership? Have a listen to find out.____________________________GuestScott OlsonOn LinkedIn: https://www.linkedin.com/in/scottolsonexec/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesThe book, Can.Trust.Will. Hiring For The Human Element in the New Age of Cybersecurity., will be published here: https://www.businessexpertpress.com/Podcast | Trust, Gratitude, Mentorship And Other Lessons From A Spy Recruiter | A Conversation With Robin Dreeke | Tech Done Different With Ted Harrington: https://itspmagazine.simplecast.com/episodes/trust-gratitude-mentorship-and-other-lessons-from-a-spy-recruiter-a-conversation-with-robin-dreeke-tech-done-different-with-ted-harrington____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

So what's it like to be a CISO? We came across a thread on Twitter posted by now Deputy (and then acting) CISO of a billion-dollar crypto company that in the role for three months during the spring bull run. Aside from the burnout, what else can we glean from J.M. Porup's experience?____________________________GuestJ.M. PorupOn Twitter 👉 https://www.twitter.com/toholdaquill____________________________ResourcesInspiring thread on Twitter: https://twitter.com/toholdaquill/status/1424421690143019008____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Our guest, Robin Smith, Head of Cyber and Information Security, Aston Martin Lagonda, is a self-proclaimed advocate for lean cybersecurity. But does lean cybersecurity equate to weak cybersecurity? Only if you let it be defined that way. Robin doesn't let it be defined that way.Based on years of experience, Robin posits that cybersecurity has become key to protecting the value streams of any organization. So, for Aston Martin, it's essential that the vehicles are designed, protected, and updated to address any risk issues that could impact the business. That's a value stream. That's a security value stream.When the organization has a mindset toward cybersecurity that is predicated not just on the financial cost but on the value that can be amplified by better security, that's a critically important move forward for the organization's leaders and the industry at large.____________________________GuestRobin SmithOn Twitter 👉https://twitter.com/@machinatrilogy____________________________This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb______________________________ResourcesInfoSec London Presentation: https://www.infosecurityeurope.com/en-gb/conference-programme/session-details.2093.57923.aston-martins-road-to-zero-threats.htmlMachina 1, MachinaFilms: https://machinafilms.com____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Security teams are very technical and tactical by nature, often looking at risk through a specific lens they've developed over time. But, of course, the reality is that the possible security incident can — and likely will be — much more extensive and require different teams and expertise. One bad mishandle and an event or incident could become an even more significant risk.Successfully managing risk is not just about InfoSec; it's not just business operations, and it's not just a legal risk either. The truth is, an incident is a business risk that requires the synergy of many teams within the organization — this includes the general counsel.As you listen to this episode, hopefully, you will start thinking a little more about how legal was (and should be) involved — or not, in some cases — in the information security program planning and incident response handling.____________________________GuestsJames YarnallOn Linkedin 👉https://www.linkedin.com/in/jamesyarnall/Cody WamsleyOn Twitter 👉https://twitter.com/codywamsleyOn Linkedin 👉https://www.linkedin.com/in/codywamsley/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

While it may seem appealing — and you can certainly try — sorry, but you can't tech your way out of ethics issues.In this episode we speak to co-authors of a research paper to critique existing governance in cyber-security ethics as they did so in providing an overview of some of the ethical issues facing researchers in the cybersecurity community and highlighting shortfalls in governance practice as part of their research work and resulting publication, Ethics in cybersecurity research and practice.____________________________GuestsDr Kevin MacnishOn Twitter 👉https://twitter.com/KMacnishOn Linkedin 👉https://www.linkedin.com/in/kevinmacnish/Dr Jeroen van der HamOn Twitter 👉https://twitter.com/1sand0sOn Linkedin 👉https://www.linkedin.com/in/vdham/____________________________This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesInspiration — Ethics in cybersecurity research and practice: https://www.sciencedirect.com/science/article/pii/S0160791X19306840Smart Information Systems in Cybersecurity: An Ethical Analysis: https://www.sciencedirect.com/science/article/pii/S2515856220300080?via%3DihubCode of Ethics for Incident Response and Security Teams (ethicsfIRST): https://ethicsfirst.org/University of Twente and NCSC-NL: https://www.ncsc.nl/____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

What is an architecture? Is it a document? A process? A policy? A map? A discipline? A mindset? When you hear what it is, you may have to re-evaluate how you approach your cybersecurity program. Are you ready?“The ideal architect should be a man of letters, a skillful draftsman, a mathematician, familiar with historical studies, a diligent student of philosophy, acquainted with music, not ignorant of medicine, learned in the responses of jurisconsults, familiar with astronomy and astronomical calculations.” ― VitruviusAbout the BookCybersecurity architects work with others to develop a comprehensive understanding of the business' requirements. They work with stakeholders to plan designs that are implementable, goal-based, and in keeping with the governance strategy of the organization.With this book, you'll explore the fundamentals of cybersecurity architecture: addressing and mitigating risks, designing secure solutions, and communicating with others about security designs. The book outlines strategies that will help you work with execution teams to make your vision a concrete reality, along with covering ways to keep designs relevant over time through ongoing monitoring, maintenance, and continuous improvement. As you progress, you'll also learn about recognized frameworks for building robust designs as well as strategies that you can adopt to create your own designs.By the end of this book, you will have the skills you need to be able to architect solutions with robust security components for your organization, whether they are infrastructure solutions, application solutions, or others.GuestsDiana KelleyOn ITSPmagazine 👉 https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/diana-kelleyEd MoyleOn Twitter 👉 https://twitter.com/securitycurveOn Linkedin 👉 https://www.linkedin.com/in/edmoyle/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesBook — Practical Cybersecurity Architecture: A guide to creating and implementing robust designs for cybersecurity architects: https://www.amazon.com/Practical-Cybersecurity-Architecture-implementing-cybersecurity/dp/1838989927____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Threat intelligence automation should be how we share, not how “Intel” is produced.Yet, we continue to create more data - generate more noise - introduce more false positive - require more analysis - increase the need for correlation - which, in turn, forces the need for more automation.GuestsCyberSquarePeg (aka Rebecca Ford)On Twitter 👉 https://twitter.com/CyberSquarePegAndy PiazzaOn Twitter 👉 https://twitter.com/klrgrzOn Linkedin 👉 https://www.linkedin.com/in/andypiazza/This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesWhat's Wrong with Cyber Threat Intelligence: https://www.tandfonline.com/doi/full/10.1080/08850607.2020.1780062CTI is Better Served with Context: Getting better value from IOCs: https://klrgrz.medium.com/cti-is-better-served-with-context-getting-better-value-from-iocs-496343741f80Considerations for Leveraging Cyber Threat Feeds Effectively: https://klrgrz.medium.com/considerations-for-leveraging-cyber-threat-feeds-effectively-1d1cfa9fb140Inspiring tweet thread: https://twitter.com/klrgrz/status/1382412354063831040____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Geopolitical winds of change are upending global supply chains at an unprecedented pace and scope. There are challenges and opportunities.GuestAndrea Little LimbagoOn Twitter 👉 https://twitter.com/limbagoaOn Linkedin 👉https://www.linkedin.com/in/andrea-little-limbago/This Episode’s SponsorsEdgescan: https://itspm.ag/itspegwebKey Resources Security: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The CISO role has always been challenging. The last year brought the meaning of RESILIENCE to an all new level.GuestDr Reem Faraj AlShammariOn Twitter 👉  https://twitter.com/Q8ThundersOn Linkedin 👉  https://www.linkedin.com/in/dr-reem-faraj-alshammari-b6324159/This Episode’s SponsorsBlue Lava: https://itspm.ag/blue-lava-w2qsKey Resources Security: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Pushing the Panic or the Not Panic button may as well just be a difference in company culture. Planning, readiness, and experience are part of it, but not all of it. It all starts with how we define a crisis and how we react to it.Successfully leading an organization through a crisis is one of the most challenging – and rewarding – experiences a leader will face in their career. Effective executives understand that the foundation for crisis management planning begins long before the problem arises and is grounded in developing cultures of trust and integrity.This episode explores the role of communication, relationships, accountability, humility, kindness, and confidence in navigating a crisis, giving listeners insight into how to lead their teams and organizations through adversity.If you are looking for ways to balance risk management with incident management... Have a listen.If you want to find the best path forward to escape the chaos that often surrounds a crisis... Have a listen.If you are wondering how to come out of a disaster, recovered as opposed to broken... Have a listen.GuestParham Eftekhari, S.V.P. & Executive Director | The Cybersecurity CollaborativeThis Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Unless there's a plan that's been practiced, one's gut reaction is probably how things will roll when an incident occurs. #TableTopTuesday on Twitter from Meg Hargrove captures some of those "moments" — let's discuss.Before we do, though, do any of these sound like your go-to first step during a cyber incident?- “Brown alert”- “Cry for a minute”- “Update resume”While there may get a chuckle from someone looking in on a fake situation presented on social media, incident response is no joking matter when real life is at stake. And that's why I wanted to have a conversation with @cybersecmeg — what she is doing with #TableTopTuesday on Twitter is nothing short of brilliant: present an incident use case and get feedback from the community for how they would respond.There's no single right nor wrong answer, of course. And, the conversation doesn't just stop abruptly with an answer either — there's some good dialog from the community, presenting some solid options and some meaningful back-and-forth as the scenario unfolds.Take this scenario, for example:Credentials for your AWS cloud environment have been accidentally left hard coded into a PUBLIC GitHub repository. You check your cloud portal and find $75K worth of spend not created by your org. What do you do?Well, time us up. The incident is happening. What do you do? What should you do?First, listen to this chat with Meg and then check out the #TableTopTuesday threads to start planning and practicing.GuestMeg Hargrove, Cybersecurity Incident Response Manager (@cybersecmeg on Twitter)This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesInspiration for this conversation:https://twitter.com/cybersecmeg/status/1384603498323582976https://twitter.com/cybersecmeg/status/1379523065999155201https://twitter.com/cybersecmeg/status/1376981399719321604____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

A lot can be done by CSOs/CISOs to maximize value and reduce risks when working with PR/media. However, the path forward is not always straightforward. What are the common hiccups, screw-ups, and give-ups?As part of our ongoing "CISO functional relationships" series, in today's episode, we look at the role of PR and the media as a function of establishing and maintaining trust internally with the executives, the board, the partners, and externally with the customers and the public.There's an old saying, "There is no such thing as bad press. All press is good press," but that is precisely an "old" saying. Nowadays, branding and reputation matter, which is even more true in information security. The impact of a breach on the company's reputation and bottom line can cause some severe damage, but the story is more complex than that. Nowadays, there is an entire system that needs to change to manage reputation in the right way. The conversation with the media and the public can be more positive, constructive, and transparent.In this podcast, we talk about this and much more.GuestsMelanie Ensign, Founder & CEO, Discernible (@iMeluny on Twitter)Ed Amoroso, Founder and CEO of TAG Cyber (@hashtag_cyber on Twitter)This Episode’s SponsorsHITRUST: https://itspm.ag/itsphitwebSemperis: https://itspm.ag/semperis-1roo____________________________ResourcesMedium Post by Melanie: https://medium.com/discernible/security-privacy-incident-hiccups-f-ck-ups-and-give-ups-e972ef46c3d____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Nowadays, every company is pretty much a technology company, and as such, they all should have some understanding of quality assurance (QA). Also, an understanding of information security would be nice. The question is, how and where do these two worlds collide?And, is that security world AppSec or DevSecOps? Or is it something completely different?The QA role often approaches testing an application through user stories and use cases, working toward verifying that it does everything it is supposed to do. On the other hand, an application security team often comes to the situation from a different perspective; they try to get the system to do something it is not supposed to do, going beyond the user interface and breaking free from documented user scenarios.While these two perspectives may differ significantly, there is still a ton of shared vision for reaching the end goal: rooting out as many bugs as they can to deliver the best possible product. They also share some common challenges as they try to connect and work with the line-of-business owners, architects, IT, operations, and engineering teams. With this in mind, what, specifically, are the synergies, and how can these two teams help each other succeed? Should they be working together, or does it make sense for them to remain separate?Tune in to this episode with guests: Tom Morrissey (a long-time QA and engineering director) and Cassio Goldschmidt (a very active application security expert and OWASP leader) reach back to the past to help us understand how QA has evolved and what lessons the application security professionals can learn from their history.GuestsTom Morrissey, Director of Software EngineeringCassio Goldschmidt, Sr. Director & CISO at ServiceTitan | OWASP Chapter Leader (@CassioGold on Twitter)This Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Archer: https://itspm.ag/rsaarchwebEdgescan: https://itspm.ag/itspegweb____________________________ResourcesLearn more about OWASP: https://owasp.org/ (@owasp on Twitter)____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The human resources department within any organization is well-positioned to feel the pulse and monitor a company's culture—teams, divisions, and the organization as a whole. Because of this, it could be the ideal ally to the InfoSec team. But is it? Let's find out.Consider the lifecycle of an employee. The initial company awareness, gaining familiarity with its brand, exploring its job opportunities, moving on to the next role, all the way to retirement—or perhaps even getting fired. Of course, there's everything in-between as well, including annual performance reviews, salary and compensation discussions, workplace behavior and related training, ongoing education, promotions, and more.At each stop along their journey and throughout each of the phases within the candidate/employee journey, HR has an opportunity to help shape the company's culture by reinforcing fundamental principles, operational ethics, and the related policies and actions. Just as we should be baking information security into the products—as early, and as often as possible—we should follow this same model for building our workforce and the company culture in which they exist.There's an opportunity for InfoSec and HR to collaborate to present and discuss the value of good information security hygiene: using a password manager, connecting through a VPN, paying attention to potential leaks or loss of data, and thinking critically during a security awareness training event—these are just a few examples.The importance of security shouldn't begin once the person becomes an employee; the organization can demonstrate their investment in InfoSec well before the jobs are posted and the interviews start.On the other side of the equation, there's an opportunity to maintain security and safety for the organization by encouraging a now-former employee to continue to carry with them the lessons they've learned as they move on to another company or retire into the sunset.Easy to say, but is it that simple? How are HR departments holding on with all the new responsibilities piling up on their desk lately? Can they take one more role without a fundamental redefinition of their role within a company?There's so much to be gained here. This is definitely a conversation worth listening to, especially if you are in HR, InfoSec, or are an employee (I think that captures everyone, doesn't it?).Enjoy!NOTE: This episode is part of our "Building Better Security Relationships" series. Catch the last episode  with Legal Counsel here: http://itsprad.io/redefining-security-411GuestsDora Ross, Global Security Culture SpecialistThis Episode’s SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitwebKey Resources: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We know that SOC team members are burning out as they try to protect companies, yet many InfoSec programs repeat the same strategies expecting different results. Can we take insanity out of the incident response?That's a good question. One that we're not going to answer, but one that we will discuss and hopefully encourage you all to think about with us as we try to get to the root of the problem: what needs to change.In this podcast, we will shed some light on how SOC teams could modify their programs to embrace risk-based alerting and response enabled by information, and by doing so, filtering out as much noise as possible.To do so, Sean Martin is joined by two seasoned security operations and incident response professionals:Melissa Duncan, who is responsible for developing security content, incident response procedures, and response automation, and Kristy Westphal, who uses her hands-on experience to design, implement and manage security and operational risk programs by bringing her passion for trying to — YES! — take the insanity out of incident response.Join us for our journey as we explore how to pivot your SOC from the monotonous audit-based checking-of-boxes to a program that can manage real, high-priority, risk-based events to which your team can successfully respond.Yes, you better believe that it is actually possible to run a SOC free from insanity. It's time to break from the same 'ole routine to try something different. The real-life in-the-trenches SOC experiences recounted by Kristy and Melissa can help your program get a bit more creative and bring those needed changes to light—for the security team and for the business goals too.Perhaps a reset on one or more parts of your program will reinvigorate you and bring a renewed passion for what you do. Or, maybe not. In that case, we'll see you later as you tick that next checkbox.Let's see how you feel after listening to this one.GuestsMelissa Duncan, VP of Security Content and Response Automation at Union BankKristy Westphal, VP of CyberSecurity Incident Response Team at Union BankThis Episode’s SponsorsImperva: https://itspm.ag/imperva277117988Key Resources: https://itspm.ag/keyresources-2876____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Are technology patents helping us with innovation and collaborative creativity, or do they generate hyper complexity that is slowing our societies' advancement? Listen up, and maybe you will decide on your own.By awarding and defending technological patents, we promote innovation by offering intellectual property protection to the invention and the inventors for what they've created. However, while patents may help achieve this specific goal, we must also wonder if we may be reaching the opposite results in particular situations.Suppose companies can do research that can be used for good but is locked away in a patent (or any other intellectual property protection vehicle, for that matter). Are we really achieving what we want and what is ultimately good for humanity?Since most systems are comprised of multiple parts, how can things get built while components of the bigger system remain protected under IP law? How do we balance promoting innovation, protecting innovation, and protecting society from ourselves?What if Superman goes bad?Do great responsibilities really come with great power?If artificial intelligence invents something, does it also own the patent for it?Of this, and many other exceptional things, we ponder—all in today's podcast.GuestsJoanna Chen, Patent Attorney at Polsinelli (@chenjoanna on Twitter)Puya Partow, Partner at Seyfarth Shaw LLP (@PuyaPatent on Twitter)This Episode’s Sponsors:Nintex: https://itspm.ag/itspntwebImperva: https://itspm.ag/imperva277117988RSA Security: https://itspm.ag/itsprsaweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

The amount of work security teams have to handle is increasing exponentially and takes a severe toll on their ability to keep up with the threats. Thankfully, there is technology. Bring on security automation!Automation sounds simple enough, right? But is it? And do security teams automate the right things?When considering security automation, it's natural to look at the opportunity purely from a security operations perspective: responding to an incident, taking care of alerts, and looking into threat intelligence. But there's much more to it than that.What are some of the basics of automation that teams get right?What impact does that automation have on protection, detection, monitoring, and response?How can security automation drive value not only for the InfoSec team but for the business overall?When you dive deeper into this, you'll hopefully realize there are many IT- and business-related processes that you can—and should—be automating and integrating into your InfoSec program regularly. That's what we do in this episode with Dolby Labs' Tomasz Bania.Tomasz presents some examples for how organizations can take a set of single actions, bringing them all together to potentially get to a point where you are doing the entire end-to-end process, leveraging a fully-automated—or, at least, a mostly-automated—implementation.In this episode, we get into some real-world cases that InfoSec teams can take and operationalize. We also take the opportunity to talk about the relationship amongst business types, their level of maturity, and whether or not there is such thing as "automation culture." If there is, can we actually automate that too?If you want, even more, be sure to catch Tomasz's RSAC 365 session (link below).GuestTomasz Bania, Cyber Defense Manager at Dolby LaboratoriesThis Episode’s Sponsors:Nintex: https://itspm.ag/itspntwebImperva: https://itspm.ag/imperva277117988RSA Security: https://itspm.ag/itsprsaweb____________________________ResourcesRSAC 365 Session: Scaling Your Defenses: Next Level Security Automation for Enterprise____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Way too often, we think of cybersecurity professionals as if they come from another galaxy; Aliens, with no understanding of the business and not much to contribute to it. Well, it's not true. In this series, we explain why.There are exciting intersections between law, compliance, security, privacy, contracts, and business. It's time we talk about the value of building a strong relationship between information security and the legal team.Suppose things were not already uneasy; to make things even more interesting, let's consider policy differences around the world. These can impact how organizations define and run their business, collect and store their data, protect their information and systems, and demonstrate that they are doing the "right thing." Toss in the 3rd-party vendor ecosystem, and now we're having fun. Unless, of course, the InfoSec and legal teams are working in silos, unknowingly causing the other team angst and pain—or worse—actively working against each other, bringing disruption to operational efficiencies and harm to the overall business.Legal processes have been around for donkeys years. InfoSec practices, not so much. So, how do two lawyers familiar with security and privacy law (among other things)—and that also have a hand in information security practices—view the relationship between the two roles?We're glad you asked. Have a listen to find out.GuestsCody Wamsley, Associate at Dorsey & Whitney LLP (@codywamsley on Twitter)Diego Fernández, Partner IP, IT & Privacy - RegTech- Marval, O'Farrell & Mairal (@DferDiego on Twitter)This Episode’s Sponsors:Nintex: https://itspm.ag/itspntwebImperva: https://itspm.ag/imperva277117988RSA Security: https://itspm.ag/itsprsaweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Many organizations leverage regulations and standards to help them define their security and privacy programs, and in doing so, spend time and money creating policies, implementing controls, and monitoring for exceptions. But what happens when the regulation or standard changes?There's a seemingly constant barrage of change in the law and standards—and even in the supporting management/controls frameworks. Depending on where the company is headquartered, where it does business. Also, where its customers reside, where the customers' data resides, what type of customer data the company holds and interacts with—and what industry sector(s) the company operates in. All of this determines which of these regulations and standards they must adhere to. A change in any of these elements means a re-evaluation of the organization's risk profile and implementation of the mitigating controls.This probably makes sense to many reading this. But what's missing from this equation? More than you may think.To uncover the potential impact of the business operations, risk management program, security operations, and ultimately the business's bottom line, Sean Martin has a 1:1 chat with Indiana University Health CISO, Mitch Parker. The two look at the  v4 PCI-DSS update, currently in development and due to release sometime in the middle of 2021, as the driver for this conversation.There's a lot to consider—and plan for—when changes occur. Don't get caught with a surprise if you can avoid it. Prepare yourself, your staff, and your peers at the executive level for what's to come.GuestMitch Parker, CISO, Indiana University Health (@mitchparkerciso on Twitter)Resources3 blogs related to the pending v4 PCI-DSS standard:https://blog.pcisecuritystandards.org/pci-dss-looking-ahead-to-version-4.0https://blog.pcisecuritystandards.org/pci-dss-v4-0-anticipated-timelines-and-latest-updateshttps://blog.pcisecuritystandards.org/3-things-to-know-about-pci-dss-v4-0-developmentThis Episode’s Sponsors:Nintex: https://itspm.ag/itspntwebImperva: https://itspm.ag/imperva277117988____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

We've had enough conversations about the relationship between technology, cybersecurity, and technology to know that people have different expectations, hopes, and visions. Some utopian, some dystopian, and some are Marcus J. Ranum.We met Marcus J. Ranum a few years ago during an ISSA Los Angeles Summit, where we had an inspiring and thought-provoking conversation about the idea of needing the equivalent of a Geneva Convention for cybersecurity. Given the many twists and turns the conversation had, it was at that point that we knew Marcus had a different perspective on cyber life, as many other professionals do.Jump ahead a few years to our partnership with ISSA International and we find ourselves with the opportunity to have an extended Luminaries Series chat with Marcus—this time looking at things through the lens of our Redefining Security channel. We take a look at the past, where Marcus was instrumental in bringing to life the first information security firewalls, and from there, we leaped into the present and the future. Buckle up, because it is not a pleasant stroll in the park, and it got pretty dark, very quickly.In 1976, when Marcus "got into computing," the deployment of systems involved running a wire to a terminal, plugging it in, and enabling the operating system. And, when we say "enabling the operating system" we mean actually building a kernel for your system that you were going to run it on, configuring the hardware, and configuring the device drivers that you needed in the operating system for the hardware that you were going to run everything on."We didn't have all these gigantic driver frameworks as we do nowadays. Everything was kind of low and slow, and lean and mean… it had to be because there wasn't infinite amounts of memory nor infinite amounts of processing power. And that had a direct effect on the way security evolved." —Marcus J. RanumFast forward 40+ years—where have we landed—where are we headed?As you will hear, Marcus has a very dark view of the future of security; a future that involves software engineers, hardware engineers, increased complexity, ongoing abstraction, and an overall lack of comprehension of how things work. This story may be ripe for the picking for a Hollywood flick to hit your favorite streaming service. However, it may not be the traditional Hollywood ending that you might expect.Come on, join us for this journey. It's one you won't want to miss being part of. Is there hope for the future of technology and humanity?Maybe. Maybe not.Guest(s)Marcus J. RanumResourcesBook: The Myth of Homeland Security by Marcus Ranum: https://www.amazon.com/Myth-Homeland-Security-Marcus-Ranum/dp/0471458791Book: Huawei and Snowden Questions: https://openlibra.com/en/book/the-huawei-and-snowden-questionsThis Episode’s Sponsors:Nintex: https://itspm.ag/itspntwebImperva: https://itspm.ag/imperva277117988____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Cybersecurity and business haven't played the same game — mostly because they did not understand each other. Thankfully, these days, security can not only be the business protector but a driving force for growth.We often hear stories about digital transformation and moving on-premises data centers to the cloud, but seldom get to listen to some of the specifics for many of these business-defining projects. Who's involved and how are these critical relationships established and maintained are essential factors to understand the real value an InfoSec team can bring to the business.CISOs and their business peers that fail to connect the dots between cyber risk management and the business objectives can actually be doing the business a disservice, namely with the language, the jargon, and the mysteriousness about what both sides are trying to accomplish. Let's face it, many organizations don't realize it, but they are making things too complicated.Listen to today's story to hear how our guest, Joshua Scott (former Realtor.com’s CISO), supported the business, making things really simple to understand while providing quick feedback that allowed the organization to move things along and grow.Ultimately, it was about establishing relationships and open communications across the organization that reduced operational burden while also reducing the potential impact of a threat."Really getting the organization to care about security was hard; it was really hard. That's why I started focusing on understanding what was important to them."—Joshua Scott.GuestJoshua Scott, former CISO, Realtor.comThis Episode’s Sponsors:RSA Security: https://itspm.ag/itsprsaweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Zero Trust sounds impressive and futuristic, but it isn't really a new concept — and what does it actually mean? It is not that different from past trust models such as Trust But Verify and Least Privilege.So, here we are once again, stating the obvious: if we don't think differently about the problems we face, we're not going to be able to solve them.Security practitioners and managers are bombarded by marketing messages that require decoding and interpretation, and how to make a decision is more than a matter of trust v literally. Do they listen to analysts, vendors, auditors, their peers, or their gut?Security professionals and their teams are expected to keep up with the changes as new industry reports come out and new technologies are brought to market. Still, they are often forced to continuously think differently about the problems they face in a confusing, distracting, and counterproductive way. This is simply not good for our industry nor our businesses' security.In today's episode, we muse and question the status quo that has characterized our industry for the past 20 years. We go beyond this debate and beyond the Zero Trust concept to look at how organizations should evaluate not just their tech stack but also their teams, operations, and processes. We reflect on where trust fits in, how it plays a crucial role in a security program, and why it isn't binary in nature.Yes, you must think differently, but it's not a good idea to rely on others to think differently for you. Think for yourself and your organization — as you are the one that knows what matters the most for your business.Then, put your thinking cap on and enjoy this episode of Redefining Security."You have this perfect plan, but then you hit the real world and no plan survives contact with the enemy." —Dr. Zulfikar Ramzan"Why do we keep doing this? We continue to chase technology. Why do we not think about the human? Why do we think about the process and procedures? Zero Trust would be great if we could actually know where the hell all the data was inside an environment." —Chris Roberts"We are our own worst enemy. We produce something that is beautiful in our head, but it doesn't work in practice."  —Francesco Cipollone"We're always looking for the easy button as an industry and then blame vendors when they buy the easy button and it doesn't work." —Siân JohnGuest(s)Siân John | Zulfikar Ramzan | Chris Roberts | Francesco CipolloneThis Episode’s Sponsors:Nintex: https://itspm.ag/itspntweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

Once upon a time—not that long ago—the Information Security field had no rules, definitions, tools, or framework, and it was a new frontier to be discovered and conquered. Now, looking back, we sure have come a long way.In this episode of the Business of Security channel, we travel in time with Matthew Rosenquist. Together we take a look back to understand how we got to today and what the future of Security and the CISO role is going to be.Back then, individuals and teams were undoubtedly working on risk mitigation, controls implementation, and fraud management, but it was a reactive and binary approach to problem-solving. As we compare and contrast the past to the present, it's hard to imagine the similarities from a security program definition and execution perspective; many today complain that their teams are overwhelmed with data, events, and incidents, creating burnout. Looking back, being overwhelmed by data wasn't really possible as the sources of data, types of data, and quantity of data can't even compare to what teams are dealing with today.As complexity, experience, business models, and technology solutions grew, philosophy and methodology had to change and mature with the technology and the business drivers that have transformed the security field in today's reality.Today's Security Management must be driven by business values and a proactive mentality. We are starting to see that in many industry verticals, advanced technologies, privacy, policies, etc.We will never win or even catch up when we're reactive."That's the first challenge, I think, in anyone's career. Where are you passionate? What are you good at? How are you going to contribute? You're not going to solve the world. Right? But you play a role. You're a piece in a bigger puzzle; find out where you fit and go with it." —Matthew Rosenquist"We never catch up when we're reactive. And, unfortunately, there's an axiom in our industry: security's never relevant until it fails. We need to break that axiom. We need to start thinking about the risks. And we're starting to do that." —Matthew RosenquistGuestMatthew Rosenquist, CISO at Eclipz.ioThis Episode’s Sponsors:RSA Security: https://itspm.ag/itsprsaweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships

In today's episode, we get to connect with Ramy Katrib, Founder & CEO, and Nancy Jundi, COO - both of DigitalFilm Tree in Los Angeles.How do CEOs and their executive-level peers make decisions about their cybersecurity investments and how do the project and measure what is the outcome for that investment?Ramy and Nancy recognized the value of information security early on in the company’s development and found that investments in a combination of traditional infosec technologies and customized in-house-developed cybersecurity capabilities proved to be a competitive differentiator viewed as a luxury service by their clients.Join us for a great story about telling — and protecting — the stories we see on TV, the big screen, and connected devices.Guest(s)Ramy Katrib, CEO | Nancy Jundi, COOThis Episode’s Sponsors:RSA Security: https://itspm.ag/itsprsaweb____________________________To see and hear more podcasts and webcasts about Redefining CyberSecurity for your business, tune in to ITSPmagazine at:https://www.itspmagazine.com/redefining-cybersecurityAre you interested in advertising on ITSPmagazine?👉 https://www.itspmagazine.com/sponsorship-introductionAre you interested in sponsoring an ITSPmagazine podcast?👉 https://www.itspmagazine.com/podcast-series-sponsorships