Sign up to save your podcasts
Or
Share Cyderes’ Stephen Fridakis on Why IT & CISOs Are the Moon (They Reflect)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Cyderes’ Stephen Fridakis on Why IT & CISOs Are the Moon (They Reflect)
Cyderes' CISO in Residence Stephen Fridakis’s vulnerability management framework rejects the "list problem" mindset — scan, report, patch what you can — in favor of contextual risk assessment. His approach asks four critical questions: Is this vulnerability applicable to my environment? Can it actually be exploited? Will exploitation expose sensitive data? This methodology allowed his teams to deprioritize even critical vulnerabilities like Log4J when they existed in inaccessible systems with no valuable data, redirecting resources to genuinely exploitable exposures.
During a suspected ransomware incident at a major media company, Stephen made the call to force overnight MFA and rotate all passwords across the entire ecosystem without email access since it was compromised. Production teams were frustrated, help desk tickets surged, but they didn't miss a single millisecond of production schedules. His decision-making framework centers on three elements: what happened (in human language, not technical jargon), what's at stake (customer data, operations, downtime), and the likelihood plus consequences of inaction. Security, he argues, should reflect the mission like the moon reflects the sun: never the star of the show, but essential to protect what matters.
Topics Discussed:
Listen to more episodes:
Apple
Spotify
YouTube
View all episodes
By Dropzone AICyderes' CISO in Residence Stephen Fridakis’s vulnerability management framework rejects the "list problem" mindset — scan, report, patch what you can — in favor of contextual risk assessment. His approach asks four critical questions: Is this vulnerability applicable to my environment? Can it actually be exploited? Will exploitation expose sensitive data? This methodology allowed his teams to deprioritize even critical vulnerabilities like Log4J when they existed in inaccessible systems with no valuable data, redirecting resources to genuinely exploitable exposures.
During a suspected ransomware incident at a major media company, Stephen made the call to force overnight MFA and rotate all passwords across the entire ecosystem without email access since it was compromised. Production teams were frustrated, help desk tickets surged, but they didn't miss a single millisecond of production schedules. His decision-making framework centers on three elements: what happened (in human language, not technical jargon), what's at stake (customer data, operations, downtime), and the likelihood plus consequences of inaction. Security, he argues, should reflect the mission like the moon reflects the sun: never the star of the show, but essential to protect what matters.
Topics Discussed:
Listen to more episodes:
Apple
Spotify
YouTube