Sign up to save your podcasts
Or
Share Keep Pouring. I'll Tell You When I've Had Enough Security.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Keep Pouring. I'll Tell You When I've Had Enough Security.
All links and images for this episode can be found on CISO Series (https://cisoseries.com/keep-pouring-ill-tell-you-when-ive-had-enough-security/)
When do we hit the diminishing returns of too much cybersecurity? How will we know? Will a bell go off? Will our cup runneth over?
This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Tony Sager, svp, chief evangelist, Center for Internet Security.
Thanks to this week's podcast sponsor, AppOmni.
AppOmni is the leading provider of SaaS security and management platform for the enterprise. AppOmni provides unprecedented data access visibility, management and security of SaaS, enabling organizations to secure mission-critical and sensitive data. With AppOmni, organizations can automatically and continuously enforce rules for data access, data sharing and third-party applications.
On this week's episode
Looking down the security roadmap
Dean Webb of ForeScout asked this great question on Peerlyst. "What are the things that are the hardest to fix that leave organizations the most vulnerable?" These are not the quick security fixes or low hanging fruit, but rather the big projects that nobody wants that often never get finished. What are they and is there any way to make them not so painful?
It’s time for “Ask a CISO”
sitdownson on reddit's AskNetSec asked, "How and when did you decide to specialize?" Sultan_of_Ping answered, "For most people it's not a decision, the specialization comes to them." Do you get a taste of everything and then determine which one you're passionate about? Do you read market demands (e.g. cloud security) and go in that route? What have you seen your colleagues do?
What's Worse?!
A "What's Worse?!" first - FOUR scenarios. Which one is worst?
Here's some surprising research
We're revisiting the Verizon Data Breach Investigations Report. Tony's organization, Center for Internet Security had a hand in the report and specifically at the end where you map the CIS top 20 to the breach findings. In particular, the report notes that there are 171 safeguards that are grouped based on the resources and risks the organizations are facing. Has anything shifted significantly in this most recent report?
What’s the return on investment?
Tip of the hat to Norman Hunt, Deputy CISO, GEICO, who sent this article from HelpNet Security about a study on CEOs and CISOs approaches to "When is security enough security?" There seems to be a disparity with CEOs being more confident with the security that CISOs. I have to assume that mature understanding of risk is the biggest contributor, and the nature of the job of a CISO who sees more threats than the CEO, but only in a cyber context. A CEO sees all the other risks. What causes such swings in opinions?
View all episodes
By David Spark, Mike Johnson, and Andy Ellis
4.8
183183 ratings
All links and images for this episode can be found on CISO Series (https://cisoseries.com/keep-pouring-ill-tell-you-when-ive-had-enough-security/)
When do we hit the diminishing returns of too much cybersecurity? How will we know? Will a bell go off? Will our cup runneth over?
This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Tony Sager, svp, chief evangelist, Center for Internet Security.
Thanks to this week's podcast sponsor, AppOmni.
AppOmni is the leading provider of SaaS security and management platform for the enterprise. AppOmni provides unprecedented data access visibility, management and security of SaaS, enabling organizations to secure mission-critical and sensitive data. With AppOmni, organizations can automatically and continuously enforce rules for data access, data sharing and third-party applications.
On this week's episode
Looking down the security roadmap
Dean Webb of ForeScout asked this great question on Peerlyst. "What are the things that are the hardest to fix that leave organizations the most vulnerable?" These are not the quick security fixes or low hanging fruit, but rather the big projects that nobody wants that often never get finished. What are they and is there any way to make them not so painful?
It’s time for “Ask a CISO”
sitdownson on reddit's AskNetSec asked, "How and when did you decide to specialize?" Sultan_of_Ping answered, "For most people it's not a decision, the specialization comes to them." Do you get a taste of everything and then determine which one you're passionate about? Do you read market demands (e.g. cloud security) and go in that route? What have you seen your colleagues do?
What's Worse?!
A "What's Worse?!" first - FOUR scenarios. Which one is worst?
Here's some surprising research
We're revisiting the Verizon Data Breach Investigations Report. Tony's organization, Center for Internet Security had a hand in the report and specifically at the end where you map the CIS top 20 to the breach findings. In particular, the report notes that there are 171 safeguards that are grouped based on the resources and risks the organizations are facing. Has anything shifted significantly in this most recent report?
What’s the return on investment?
Tip of the hat to Norman Hunt, Deputy CISO, GEICO, who sent this article from HelpNet Security about a study on CEOs and CISOs approaches to "When is security enough security?" There seems to be a disparity with CEOs being more confident with the security that CISOs. I have to assume that mature understanding of risk is the biggest contributor, and the nature of the job of a CISO who sees more threats than the CEO, but only in a cyber context. A CEO sees all the other risks. What causes such swings in opinions?
More shows like CISO Series Podcast
View all
Security Now (Audio)
1,973 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
182 Listeners
CyberWire Daily
1,007 Listeners
Smashing Security
311 Listeners
Click Here
402 Listeners
Darknet Diaries
7,869 Listeners
Cybersecurity Today
170 Listeners
Hacking Humans
315 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners