Sign up to save your podcasts
Or
Share Amplifying Your Security Posture
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Amplifying Your Security Posture
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/)
In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Matt Southworth (@bronx), CISO of Priceline.
Thanks to this week's podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
- When you manage too many people you get to a point of saturation. Are you doing security or are you managing people?
- Core success comes from looking outside your immediate staff for security help. Most common programs are Security Champions and Security Prime. The first are just people outside of the InfoSec team who really want to learn about security, and the Prime players are actually implementing it.
- Look for ways to reduce overheard in terms of paperwork, meetings, and unnecessary programs. If what you're doing is not helping, stop doing it.
- Empower individuals to make their own decisions about security without the chain of command of approvals.
- Avoid giving orders, because once you do you'll always be called into a meeting on that topic.
- Use artificial intelligence (AI) to take work off of the security operations center (SOC) and incident response team.
- The "lazy" sysadmin who automates all his tasks is a highly productive member.
- Communicate to everyone that security requires the entire company's support, not just the security staff.
And here's Jan Schaumann's presentation at BsidesNYC 2016 entitled "Defense at Scale". Matt mentioned it on the show.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/)
In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Matt Southworth (@bronx), CISO of Priceline.
Thanks to this week's podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
- When you manage too many people you get to a point of saturation. Are you doing security or are you managing people?
- Core success comes from looking outside your immediate staff for security help. Most common programs are Security Champions and Security Prime. The first are just people outside of the InfoSec team who really want to learn about security, and the Prime players are actually implementing it.
- Look for ways to reduce overheard in terms of paperwork, meetings, and unnecessary programs. If what you're doing is not helping, stop doing it.
- Empower individuals to make their own decisions about security without the chain of command of approvals.
- Avoid giving orders, because once you do you'll always be called into a meeting on that topic.
- Use artificial intelligence (AI) to take work off of the security operations center (SOC) and incident response team.
- The "lazy" sysadmin who automates all his tasks is a highly productive member.
- Communicate to everyone that security requires the entire company's support, not just the security staff.
And here's Jan Schaumann's presentation at BsidesNYC 2016 entitled "Defense at Scale". Matt mentioned it on the show.
More shows like Defense in Depth
View all
Hacked
187 Listeners
Security Now (Audio)
2,002 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
371 Listeners
Risky Business
375 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
638 Listeners
CyberWire Daily
1,020 Listeners
Smashing Security
321 Listeners
Click Here
415 Listeners
Darknet Diaries
8,007 Listeners
Cybersecurity Today
178 Listeners
Hacking Humans
314 Listeners
CISO Series Podcast
189 Listeners
Cyber Security Headlines
136 Listeners
Risky Bulletin
46 Listeners
Hacker And The Fed
171 Listeners