Sign up to save your podcasts
Or
Share Disrupting Breaches and Advancing Information Security with David Tyburski
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Disrupting Breaches and Advancing Information Security with David Tyburski
Join us this week as we engage in an enlightening conversation with David Tyburski, VP of Information Security and the CISO of Wynn Resorts. With over 15 years in the field, David offers his expertise on the significance of infrastructure and cybersecurity in today's increasingly digital world. Get ready to uncover the intriguing challenges he has faced, his strategies for data protection, and his outlook on the inevitability of breaches in security.
We explore the critical role of identity management and access control in cybersecurity. Listen in as we dissect the crucial aspects of identity management, and learn why pre-authorization and continuous monitoring are indispensable in warding off potential intruders. We take you through the necessity of automating security processes and how this can relieve an audit team's burden and let them concentrate on more pressing matters.
Finally, we take a step back and look at the broader picture - leadership in the advancement of the security field. Drawing on David’s experiences, he shares tips on networking, professional growth, and the importance of understanding the industry we’re in.
Key Quotes
-You need to know who has access to all of those systems, all of those applications, all of that data. There's a big problem of managing that access, especially as people come into a company, move through their positions, leave an organization, there's a problem of over-provisioning. People have more access than they really need.
-We've kind of flipped the attestation over in, as well so that we do both sides of it. And we do what's called a pre-authorization. So, based on our rollback model, we say these roles are approved to do these things in these applications. And if you don't have that authority assigned, At the beginning, you can't even request that access because we've already determined you shouldn't have it. So by, by looking at the attestation in reverse, we've been able to say, okay, now we can kind of build a framework around who should have access.
-You got to know the who, the what, the where, and [who] approves. You got to be able to authenticate it. And then you have to prove that you did the right things.
-It's just good hygiene and cleanup practices to say, the new roles don't need it, get rid of it, right? Let the people who are, who need to do that do it, but take it away from the people who don't. It's not even taking the malicious statement out of it, of somebody doing it intentionally, bad permission. It happens because of time and how people move around in the organization. And you have to realize you got to fix for that too.
- You need tooling like Veza to help you decide how does Audit find it, and then how do I find it faster than audit? And then how do I make sure that I retool my processes so that it never occurs to begin with?
-Security professionals, unlike hackers, tend to try to hold everything close to their chest and not share, but that's changing. I do think that's great that it's, I'm a big proponent of sharing, sharing processes, sharing techniques, sharing everything we can. At least sharing what you can.
Time Stamps
4:05-Regulations in the gaming industry
10:25-Radical ideas in identity problems/solutions
16:35-Adapting to new roles and access necessities
18:10-Working with your internal audit teams for maximum efficiency
29:15-Advice for future cybersecurity leaders
Links
- Follow David on LinkedIn
- Check out all things Wynn Resorts
Identity Radicals is sponsored by Veza, the Identity Security Company. Learn more about Veza by checking out:
- Why Veza, Why Anything, Why Now
- Veza on YouTube
- Veza.com
Or, schedule a demo with our identity security experts to learn how Veza's Access Control Platform can lead your organization to least privilege.
View all episodes
By VezaJoin us this week as we engage in an enlightening conversation with David Tyburski, VP of Information Security and the CISO of Wynn Resorts. With over 15 years in the field, David offers his expertise on the significance of infrastructure and cybersecurity in today's increasingly digital world. Get ready to uncover the intriguing challenges he has faced, his strategies for data protection, and his outlook on the inevitability of breaches in security.
We explore the critical role of identity management and access control in cybersecurity. Listen in as we dissect the crucial aspects of identity management, and learn why pre-authorization and continuous monitoring are indispensable in warding off potential intruders. We take you through the necessity of automating security processes and how this can relieve an audit team's burden and let them concentrate on more pressing matters.
Finally, we take a step back and look at the broader picture - leadership in the advancement of the security field. Drawing on David’s experiences, he shares tips on networking, professional growth, and the importance of understanding the industry we’re in.
Key Quotes
-You need to know who has access to all of those systems, all of those applications, all of that data. There's a big problem of managing that access, especially as people come into a company, move through their positions, leave an organization, there's a problem of over-provisioning. People have more access than they really need.
-We've kind of flipped the attestation over in, as well so that we do both sides of it. And we do what's called a pre-authorization. So, based on our rollback model, we say these roles are approved to do these things in these applications. And if you don't have that authority assigned, At the beginning, you can't even request that access because we've already determined you shouldn't have it. So by, by looking at the attestation in reverse, we've been able to say, okay, now we can kind of build a framework around who should have access.
-You got to know the who, the what, the where, and [who] approves. You got to be able to authenticate it. And then you have to prove that you did the right things.
-It's just good hygiene and cleanup practices to say, the new roles don't need it, get rid of it, right? Let the people who are, who need to do that do it, but take it away from the people who don't. It's not even taking the malicious statement out of it, of somebody doing it intentionally, bad permission. It happens because of time and how people move around in the organization. And you have to realize you got to fix for that too.
- You need tooling like Veza to help you decide how does Audit find it, and then how do I find it faster than audit? And then how do I make sure that I retool my processes so that it never occurs to begin with?
-Security professionals, unlike hackers, tend to try to hold everything close to their chest and not share, but that's changing. I do think that's great that it's, I'm a big proponent of sharing, sharing processes, sharing techniques, sharing everything we can. At least sharing what you can.
Time Stamps
4:05-Regulations in the gaming industry
10:25-Radical ideas in identity problems/solutions
16:35-Adapting to new roles and access necessities
18:10-Working with your internal audit teams for maximum efficiency
29:15-Advice for future cybersecurity leaders
Links
- Follow David on LinkedIn
- Check out all things Wynn Resorts
Identity Radicals is sponsored by Veza, the Identity Security Company. Learn more about Veza by checking out:
- Why Veza, Why Anything, Why Now
- Veza on YouTube
- Veza.com
Or, schedule a demo with our identity security experts to learn how Veza's Access Control Platform can lead your organization to least privilege.