Sign up to save your podcasts
Or
Share The Cyber Kitchen Episode 005 - Inside the ISO 27001 Kitchen: Engineering Security Beyond the Recipe (Part 2)
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
The Cyber Kitchen Episode 005 - Inside the ISO 27001 Kitchen: Engineering Security Beyond the Recipe (Part 2)
Welcome back to The Cyber Kitchen where cybersecurity gets sliced, diced, and served up with just enough spice to keep things interesting. Hosted by TrustNet‘s Jamie Kerem with CISO and founder, Trevor Horwitz.
“Controls aren’t mandatory by default. Justification is.”
In this episode, Inside the ISO 27001 Kitchen: Engineering Security Beyond the Recipe (Part 2), Jamie and Trevor build on the foundations introduced in Part 1 and go deeper into how ISO 27001 controls are engineered in modern cloud-first environments.
The focus shifts to operational maturity, covering SaaS governance through defined exit strategies, secure CI/CD pipelines with shift-left practices, and continuous validation through dynamic testing and API discovery.
From data masking in non-production environments and immutable logging to anomaly-based monitoring, secrets orchestration, and automated key rotation, the conversation highlights how controls must be continuously validated, not just implemented.
Take the conversation further:
* TrustNetInc.com
* https://www.linkedin.com/company/trustnet-inc
* https://www.linkedin.com/in/trevorhorwitz/
* https://www.linkedin.com/in/jamie-kerem
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit trustnetinc.substack.com
View all episodes
By TrustNetWelcome back to The Cyber Kitchen where cybersecurity gets sliced, diced, and served up with just enough spice to keep things interesting. Hosted by TrustNet‘s Jamie Kerem with CISO and founder, Trevor Horwitz.
“Controls aren’t mandatory by default. Justification is.”
In this episode, Inside the ISO 27001 Kitchen: Engineering Security Beyond the Recipe (Part 2), Jamie and Trevor build on the foundations introduced in Part 1 and go deeper into how ISO 27001 controls are engineered in modern cloud-first environments.
The focus shifts to operational maturity, covering SaaS governance through defined exit strategies, secure CI/CD pipelines with shift-left practices, and continuous validation through dynamic testing and API discovery.
From data masking in non-production environments and immutable logging to anomaly-based monitoring, secrets orchestration, and automated key rotation, the conversation highlights how controls must be continuously validated, not just implemented.
Take the conversation further:
* TrustNetInc.com
* https://www.linkedin.com/company/trustnet-inc
* https://www.linkedin.com/in/trevorhorwitz/
* https://www.linkedin.com/in/jamie-kerem
This is a public episode. If you would like to discuss this with other subscribers or get access to bonus episodes, visit trustnetinc.substack.com