CISO Tradecraft®

#125 - Cyber Ranges (with Debbie Gordon)


Listen Later

Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in. Ranges are a full replica of an enterprise network with real tools, traffic, and malware. They allow teams to practice detecting and responding to attacks in a safe environment. Debbie Gordon, founder of Cloud Range, explains how ranges can help organizations accelerate experience and reduce risk in cybersecurity. She emphasizes the importance of educating an organization's user base to become the first and last lines of defense against cyber threats. By training non-technical executives to spot suspicious activity and bring it to the attention of the security team, organizations can minimize the damage caused by phishing attacks, ransomware, and other cyber threats. Gordon also highlights the importance of team training in cybersecurity because it's not just about individual skills, but also about how teams work together to respond to threats. By practicing together in a range environment, organizations can improve their processes, handoffs, and speed in detecting and responding to attacks.

Special thanks to our sponsor Cloud Range Cyber for supporting this episode.

Website: www.cloudrangecyber.com

Full Transcripts: https://docs.google.com/document/d/1yWenwauzfAiQYafFW0Iew33vbzvlO2BO

Chapters

  • 00:00 Polished Security Programs need Policy, Practice, and Proof
  • 00:54 Policy
  • 02:47 Practice
  • 03:44 Proof
  • 04:28 How to Apply the Concepts of Ranges to Help Organizations
  • 06:05 The importance of Experiential Learning
  • 07:48 The Importance of following Procedures
  • 12:12 The Benefits of Team Training for Cyber Ranges
  • 15:33 The Importance of Muscle Memory
  • 20:22 How to Maximize Your Investment in Cybersecurity (KPIs & Measurable Results)
  • 24:33 The Advantages of using the MITRE ATT&CK® Framework
  • 27:41 The Advantages of Following ISO Standards
  • 31:36 How to Improve your Cloud Range Exercises
  • 33:22 How to use Cognitive Aptitude Assessments for Workforce Development
  • 37:44 How to level the Playing field for Cyber Talent
  • 39:39 The Importance of Degrees in Cyber Security
  • 41:03 Making the CISO's job easier
  • ...more
    View all episodesView all episodes
    Download on the App Store

    CISO Tradecraft®By CISO Tradecraft®

    • 4.8
    • 4.8
    • 4.8
    • 4.8
    • 4.8

    4.8

    48 ratings


    More shows like CISO Tradecraft®

    View all
    Risky Business by Patrick Gray

    Risky Business

    363 Listeners

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast) by Johannes B. Ullrich

    SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)

    633 Listeners

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec by Jerry Bell and Andrew Kalat

    Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec

    371 Listeners

    Hacked by Hacked

    Hacked

    175 Listeners

    CyberWire Daily by N2K Networks

    CyberWire Daily

    1,009 Listeners

    Smashing Security by Graham Cluley & Carole Theriault

    Smashing Security

    313 Listeners

    Click Here by Recorded Future News

    Click Here

    385 Listeners

    Malicious Life by Malicious Life

    Malicious Life

    926 Listeners

    Darknet Diaries by Jack Rhysider

    Darknet Diaries

    7,830 Listeners

    Cybersecurity Today by Jim Love

    Cybersecurity Today

    141 Listeners

    CISO Series Podcast by David Spark, Mike Johnson, and Andy Ellis

    CISO Series Podcast

    187 Listeners

    Hacking Humans by N2K Networks

    Hacking Humans

    308 Listeners

    Defense in Depth by David Spark, Steve Zalewski, Geoff Belknap

    Defense in Depth

    72 Listeners

    Cyber Security Headlines by CISO Series

    Cyber Security Headlines

    120 Listeners

    Risky Bulletin by risky.biz

    Risky Bulletin

    33 Listeners