Sign up to save your podcasts
Or
Share InfoSec Fatigue
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
InfoSec Fatigue
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/)
Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp?
Check out this post for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Helen Patton (@OSUCISOHelen) CISO, The Ohio State University.
Thanks to this week's podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.
On this episode of Defense in Depth, you'll learn:
- Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught.
- Are we able to prove risk reduction to show that our efforts are successful?
- Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity.
- Disagreement on how you lead a discussion. Should it be story-based or data-based?
- Classic complaint about cybersecurity is success is measured by the absence of activity.
- Preventative security is not easily quantifiable as reactive security.
- CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, framework compliance, pen test results, and threat modeling.
- FUD (fear, uncertainty, and doubt) may be effective in the short run, but it's exhausting. It never works in the long term.
- Approach cybersecurity altruistically. If it benefits you and those around you, then it's worth doing.
- Lean on security vendors to help you show the value of their product. The business impact will be on the CISO's shoulder, but the vendor should help build the case.
View all episodes
By David Spark, Steve Zalewski, Geoff Belknap
4.8
7373 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/)
Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp?
Check out this post for the basis of our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Helen Patton (@OSUCISOHelen) CISO, The Ohio State University.
Thanks to this week's podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.
On this episode of Defense in Depth, you'll learn:
- Are we sliding in our effort to get ahead of security issues? There's a sense the tools and our ability isn't keeping up with the onslaught.
- Are we able to prove risk reduction to show that our efforts are successful?
- Those people who don't burn out are the ones who thrive on the technical and political challenges of cybersecurity.
- Disagreement on how you lead a discussion. Should it be story-based or data-based?
- Classic complaint about cybersecurity is success is measured by the absence of activity.
- Preventative security is not easily quantifiable as reactive security.
- CISOs have to step up and show evidence of security's success in the most understandable and digestible format. Suggested measures and metrics: likelihood and impact, business impact analysis, security program maturity curve, framework compliance, pen test results, and threat modeling.
- FUD (fear, uncertainty, and doubt) may be effective in the short run, but it's exhausting. It never works in the long term.
- Approach cybersecurity altruistically. If it benefits you and those around you, then it's worth doing.
- Lean on security vendors to help you show the value of their product. The business impact will be on the CISO's shoulder, but the vendor should help build the case.
More shows like Defense in Depth
View all
Hacked
186 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
370 Listeners
Risky Business
372 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
652 Listeners
CyberWire Daily
1,026 Listeners
Smashing Security
318 Listeners
Click Here
419 Listeners
Darknet Diaries
8,075 Listeners
Cybersecurity Today
177 Listeners
Hacking Humans
316 Listeners
CISO Series Podcast
195 Listeners
Cybersecurity Headlines
139 Listeners
Risky Bulletin
45 Listeners
Hacker And The Fed
167 Listeners