Your Password Is Too Long. Please Shorten It.
This week’s episode is hosted by me, David Spark , producer of CISO Series and Mike Johnson . Our guest is Terrance Cooley , CISO, United States Air Force JADC2 R&D Center. Here are the issues we discussed. Please jump in with your thoughts.
Are your hiring practices designed to reduce risk? Chalk this up as a “great idea, but geez, is it really feasible?” In a McKinsey and Company article , they suggested mapping out all your security staff and then demonstrate that if you hired specific priority roles you can reduce roles the quickest. Mike Johnson thought it was a logical idea, but nobody has 150 security professionals to hire all at once, as the article suggested. He did question their recommendation of starting at the top and then building an incident response team. The incident responders are doing the work so they need to be in first with some basic management in place.
Broker marketplaces of susceptible targets are popular because they’re more cost efficient. Malicious attackers would rather just pay someone to give them the weakest link than to find it themselves. It’s way cheaper. There is a long history of this that just keeps growing, such as botnets, ransomware as a service, compromised credit cards and usernames/passwords all for sale on the dark web.
Could you please lower your security standards so we can work with you? Some IT vendors are so myopic to the purpose of security standards that they make inappropriate requests solely so their products can work in your environment. For example, one CISO told me about a vendor's tool that had a problem with the company's long passwords, so they requested the password requirements be lowered. And Mike is amused by the phishing test platforms that require you to whitelist them, so your technical controls don’t intercept their phishing emails. Um, then I guess we don’t need you.
No matter what the conditions, you always need to strive for a supportive culture. A frustrated redditor who is managing a lot with a lean security team feels overwhelmed and doesn’t know what to do. While most redditors responded that the person is getting burnt out, another redditor who faced a similar situation that lasted for four years, said they were able to work through it because there was a fantastic culture and great support. If you want to keep staff, no matter how difficult the environment, you must build a supportive culture. There are too many options for great talent to go somewhere else.
You can listen to this week’s episode here or over on our blog where you can read the full transcript. If you aren’t already subscribed to CISO Series Podcast on your favorite podcast app, please go ahead and do that right now.
Thanks to Dr. Dustin Sachs, DCS, CISSP, CCISO of World Fuel Services for providing this week’s “What’s Worse?” scenario.
HUGE thanks to our sponsor Varonis
Best advice I ever got in security...
"Fight through failure. Success is at the other side." -?Terrance Cooley, CISO, Air Force JADC2 R&D Center
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily?Cyber Security Headlines?newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
CISO Series Newsletter ?- Twice every week
Cyber Security Headlines Newsletter ?- Every weekday
领英推荐
Cyber Security Headlines - Week in Review
Make sure you?register on YouTube ?to join the LIVE "Week In Review" this Friday for?Cyber?Security?Headlines?with?CISO Series?reporter? Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT?for a short 20-minute discussion of the week's cyber news. Ed Covert actually won't be our guest. He will be replaced with another great security leader. Stay tuned.
Thanks to our Cyber Security Headlines?sponsor,? Cerby
What Can You Automate Without Needing to Increase Staff?
In this preview video for this Friday's Super Cyber Friday, Brian Vecci , field CTO, Varonis , discussed what's doable and not doable in security automation. And why you must automate the easy stuff you should be automating.?
The discussion all begins at 1 PM ET/10 AM PT on Friday, January 20, 2023 with me, Brian, and? Ken Collins , sr. director, information security, Sunbelt Rentals, Inc. ?We'll have fun conversation and games, plus at the end of the hour (2 PM ET/11 AM PT) we'll do our meetup.
Thanks to our Super Cyber Friday sponsor, Varonis
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at?cisoseries.com .
Interested in sponsorship,?contact me,? David Spark .
Collaborate ? Deliver ? Iterate. ??
1 年"Fight through failure. Success is at the other side." -?Terrance Cooley, CISO, Air Force JADC2 R&D Center ????????????????????? Love ?? that. Also: learn through failure, or you might not get the chance to keep fighting.
??Chief Cybersecurity Technologist | ??Researcher in Cyber Risk Behavioral Psychology | ??? Building a Network of Security Leaders
1 年Mike Johnson and Terrance Cooley taking the side of the "nuclear bomb" as opposed to "death by a thousand paper cuts"...love it!