It is crucial to know what role the CISO/security leader plays when it comes to risk. In today's #CyberSunday Michael talks about working with asset owners/business leaders before, during, and after a risk assessment.

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

Keep up with HOU.SEC.CON

·      Houstonseccon.com

·      LinkedIn

·      Twitter

·      Facebook

·      Instagram

Check out our other show

·      HOU.SEC.CAST

Risk assessments have inherent value for the business if done correctly. But there can also be explicit value for the business in performing a risk assessment and implementing a security program based on that assessment. In this #CyberSunday, Michael talks about both.

Mentioned Twitter/X Post: 

https://x.com/mattjay/status/1730618458272866622?s=46&t=LUbuPP0qd83nb1-gVcAXLw

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

Before you can figure out what risks to accept, you have to prioritize the risk. Before you can prioritize risk, you have to get visibility in your environment to determine what your risks are made of. In today's #CyberSunday, Michael talks about the benefits of risk prioritization and visibility into your environment to find those risks. 

Mentioned LinkedIn Post: 

https://www.linkedin.com/feed/update/urn:li:activity:7124455952996581376

Thank you to Forescout for sponsoring this episode!

Want to reach out to the host? Email us at [email protected]

In this episode:

Hosted By: Michael Farnum

Editing By: Lauren Lynch

Keep up with HOU.SEC.CON

Houstonseccon.com

LinkedIn

Twitter

Facebook

Instagram

Check out our other show

HouSecCast

A CISO recently shared a LinkedIn post regarding speaking engagements. In this post he advised security leaders to ONLY accept paid engagements as their time is valuable. In this week’s #cybersunday Michael, who is not only a CISO but the founder of a cybersecurity conference, pushes back on this idea in favor of giving back to the community by sharing your time and knowledge. 

Mentioned LinkedIn Post: 

https://www.linkedin.com/posts/davidedelvecchio_when-asked-to-participate-as-a-speaker-to-activity-7126136985928237056-feIk/?utm_source=share&utm_medium=member_ios

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

Reviewing accepted risks is a crucial part of a risk management program. In today's #cybersunday, Michael talks about some important best practices like considering risk tolerance changes, involving business units in your review process, and others.

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

Some recent notable #cybersecurity breaches have come from #socialengineering attacks. Humans are always going to fall for this, but we can help lessen the success of these attacks via awareness training. Michael talks in today’s #cybersunday about how #securityawarenesstraining can be targeted and doesn’t have to be so boring and difficult. 

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

If you're looking for an MDR (Managed Detection and Response) vendor, the temptation is to think of them as a product company versus a services company. On this #cybersunday, Michael talks about why that happens, why it can lead to more confusion when trying to decide which vendor to go with, and some of the things you need to think about that can help you choose.

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

The Barracuda ESG Vulnerability is still causing havoc, with the vendor telling their customers to replace the box. In this CyberSunday, Michael discusses some of the implications and considerations of this kind of vulnerability in an important and widely-deployed security device. 

Things Mentioned:

·      https://www.mandiant.com/resources/blog/barracuda-esg-exploited-globally

·       https://www.infosecurity-magazine.com/news/barracuda-appliances-exploited/

·      https://www.rapid7.com/blog/post/2023/06/08/etr-cve-2023-2868-total-compromise-of-physical-barracuda-esg-appliances/

Want to reach out to the host? Email us at [email protected]

Hosted By: Michael Farnum

Editing By: Lauren Lynch

There are a few paths to getting into cybersecurity, and not all of them are considered “technical”. But what does that mean? In this #CyberSunday, Michael talks about a discussion around GRC as a career path and if it is “technical” or not. 

Things Mentioned:

·      https://www.linkedin.com/posts/mikesportfolio_cybersecurity-informationsecurity-infosec-activity-7097581791925993472-6ZN7?utm_source=share&utm_medium=member_desktop

How do you work towards a solution for a problem like Shadow IT with people when everyone wants to try to throw tech at it? On today's #CyberSunday, I talk about how using security champions in your company can help. 

#ShadowIT #cybersecurity #securitychampions