Sign up to save your podcasts
Or
Share This Is the Year I'm Going to Lose Weight and Care About Security
Share to email
Share to Facebook
Share to X
Share to email
Share to Facebook
Share to X
Or
This Is the Year I'm Going to Lose Weight and Care About Security
All links and images for this episode can be found on CISO Series
https://cisoseries.com/this-is-the-year-im-going-to-lose-weight-and-care-about-security/
Every year I say I'm going to do it. I'm going to get healthy and be much better about securing my digital identity and my data. But then after about two weeks I give up, use the same password across multiple accounts, and eat a pint of Häagen-Dazs.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Dan Walsh, CISO, VillageMD. Our sponsored guest this week is Drew Rose, (@livsecaware)CSO, Living Security
Thanks to our podcast sponsor, Living Security
Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers.
On this week's episode
What would you advise?
Over on the AskNetSec subreddit, a pentester wants out. The redditor is looking for exit opportunities into another job in cybersecurity. Other redditors suggested IT audit, SOC operations, incident response, forensics. What would be an ideal next step for a pentester?
We don’t have much time. What’s your decision?
What happens when a previous employer of yours gets hacked and your information is potentially stolen. This happened to a redditor who asked this question on the cybersecurity subreddit. If nothing has actually happened, what can they do and what can potentially happen? Is a warning of "I may be compromised" to anyone going to do anything?
"What's Worse?!"
Jason Dance of Greenwich Associates delivers a really annoying "What's Worse?!" scenario.
Please, Enough. No, More.
The topic is "Security Awareness Training". David prefaces this with a top finding from a Forrester report that said, "Unless You Capture Hearts And Minds, No Amount Of Training Will Work". So with that said, what have people heard enough about with regard to security awareness training and what would they like to hear a lot more?
Pay attention. It’s security awareness training time
What if security behavior was rated as a performance score, suggested Ashish Paliwal of SONY. In his LinkedIn article, he agreed you can't train yourself to better security. It requires positive reinforcement. He suggested psychometric tests and a scoring system where you would gain points for good security behavior and lose points for bad security behavior (-10 for clicking on a phish, +10 for reporting). Creative ideas that he acknowledges have lots of challenges. The focus here is changing human behavior, possible the hardest feature to implement. What user experience does change behavior? And why would or why wouldn't Ashish's suggestions work?
View all episodes
By David Spark, Mike Johnson, and Andy Ellis
4.8
183183 ratings
All links and images for this episode can be found on CISO Series
https://cisoseries.com/this-is-the-year-im-going-to-lose-weight-and-care-about-security/
Every year I say I'm going to do it. I'm going to get healthy and be much better about securing my digital identity and my data. But then after about two weeks I give up, use the same password across multiple accounts, and eat a pint of Häagen-Dazs.
This episode is hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Dan Walsh, CISO, VillageMD. Our sponsored guest this week is Drew Rose, (@livsecaware)CSO, Living Security
Thanks to our podcast sponsor, Living Security
Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers.
On this week's episode
What would you advise?
Over on the AskNetSec subreddit, a pentester wants out. The redditor is looking for exit opportunities into another job in cybersecurity. Other redditors suggested IT audit, SOC operations, incident response, forensics. What would be an ideal next step for a pentester?
We don’t have much time. What’s your decision?
What happens when a previous employer of yours gets hacked and your information is potentially stolen. This happened to a redditor who asked this question on the cybersecurity subreddit. If nothing has actually happened, what can they do and what can potentially happen? Is a warning of "I may be compromised" to anyone going to do anything?
"What's Worse?!"
Jason Dance of Greenwich Associates delivers a really annoying "What's Worse?!" scenario.
Please, Enough. No, More.
The topic is "Security Awareness Training". David prefaces this with a top finding from a Forrester report that said, "Unless You Capture Hearts And Minds, No Amount Of Training Will Work". So with that said, what have people heard enough about with regard to security awareness training and what would they like to hear a lot more?
Pay attention. It’s security awareness training time
What if security behavior was rated as a performance score, suggested Ashish Paliwal of SONY. In his LinkedIn article, he agreed you can't train yourself to better security. It requires positive reinforcement. He suggested psychometric tests and a scoring system where you would gain points for good security behavior and lose points for bad security behavior (-10 for clicking on a phish, +10 for reporting). Creative ideas that he acknowledges have lots of challenges. The focus here is changing human behavior, possible the hardest feature to implement. What user experience does change behavior? And why would or why wouldn't Ashish's suggestions work?
More shows like CISO Series Podcast
View all
Security Now (Audio)
1,970 Listeners
Risky Business
361 Listeners
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
628 Listeners
Defensive Security Podcast - Malware, Hacking, Cyber Security & Infosec
366 Listeners
Hacked
184 Listeners
CyberWire Daily
1,008 Listeners
Smashing Security
311 Listeners
Click Here
400 Listeners
Darknet Diaries
7,874 Listeners
Cybersecurity Today
172 Listeners
Hacking Humans
314 Listeners
Defense in Depth
76 Listeners
Cyber Security Headlines
129 Listeners
Risky Bulletin
33 Listeners
Hacker And The Fed
158 Listeners