Sign up to save your podcasts
Or
Share Security Made the Mess. They Should Clean It Up.
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
Security Made the Mess. They Should Clean It Up.
Security is suffering from a serious Rodney Dangerfield "I get no respect" problem. What has often been seen as the department of "no" is struggling under that brand image. That's probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it'll be their responsibility to dig themselves out.
Here's what you'll hear on the latest episode of the CISO/Security Vendor Relationship Podcast:
- Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers vs. problem creators.
- Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer's time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft.
- We play "What's Worse?!" In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications.
- Uggh, WAFs are NOT magical boxes: In a round of "Please, Enough. No, More." we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks.
- How can you be a great customer? We turn the tables from "Ask a CISO" to "Ask a Vendor" and ask what it takes to be a great customer. Vendors would like you to ttop kicking the tires and talk about solving real problems.
- Plus a ten-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling.
Special thanks to Signal Sciences for sponsoring this episode. If you're using WAFs, make sure you read "Three Ways Legacy WAFs Fail," by their head of research, James Wickett.
As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Zane Lackey (@zanelackey), co-founder and CSO for Signal Sciences and author of the new book from O'Reilly, "Building a Modern Security Program."
Sponsor the PodcastIf you'd like to sponsor the podcast, contact David Spark at Spark Media Solutions.
View all episodes
By David Spark, Mike Johnson, and Andy Ellis
4.8
190190 ratings
Security is suffering from a serious Rodney Dangerfield "I get no respect" problem. What has often been seen as the department of "no" is struggling under that brand image. That's probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it'll be their responsibility to dig themselves out.
Here's what you'll hear on the latest episode of the CISO/Security Vendor Relationship Podcast:
- Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers vs. problem creators.
- Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer's time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft.
- We play "What's Worse?!" In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications.
- Uggh, WAFs are NOT magical boxes: In a round of "Please, Enough. No, More." we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks.
- How can you be a great customer? We turn the tables from "Ask a CISO" to "Ask a Vendor" and ask what it takes to be a great customer. Vendors would like you to ttop kicking the tires and talk about solving real problems.
- Plus a ten-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling.
Special thanks to Signal Sciences for sponsoring this episode. If you're using WAFs, make sure you read "Three Ways Legacy WAFs Fail," by their head of research, James Wickett.
As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Zane Lackey (@zanelackey), co-founder and CSO for Signal Sciences and author of the new book from O'Reilly, "Building a Modern Security Program."
Sponsor the PodcastIf you'd like to sponsor the podcast, contact David Spark at Spark Media Solutions.
More shows like CISO Series Podcast
View all
Hacked
187 Listeners
Security Now (Audio)
2,011 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
372 Listeners
Risky Business
371 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
651 Listeners
CyberWire Daily
1,028 Listeners
Smashing Security
317 Listeners
Click Here
418 Listeners
Darknet Diaries
8,077 Listeners
Cybersecurity Today
175 Listeners
Hacking Humans
315 Listeners
Defense in Depth
73 Listeners
Cybersecurity Headlines
139 Listeners
CISO Tradecraft®
48 Listeners
Security You Should Know
9 Listeners