DiscoverCSO Perspectives (public)
CSO Perspectives (public)
Claim Ownership

CSO Perspectives (public)

Author: CyberWire Inc.

Subscribed: 21Played: 495
Share

Description

Encore seasons of the popular CyberWire Pro podcast hosted by Chief Analyst, Rick Howard. Join Rick and the Hash Table experts as they discuss the ideas, strategies and technologies that senior cybersecurity executives wrestle with on a daily basis. For the latest seasons ad-free along with essays, transcripts, and bonus content, sign up for CyberWire Pro.

21 Episodes
Reverse
Rick discusses this history of identity management up to the current state.
Four members of the CyberWire’s hash table of experts: Tom Quinn - CISO - T. Rowe Price Associates Nikk Gilbert - CISO - Cherokee Nation Businesses Dawn Cappelli - VP of Global Security and CISO for Rockwell Automation Gary McAlum - CSO- USAA discuss the things they worry about when it comes to data loss protection.
Rick discusses data loss protection as a first principle strategy using NIST and Forrester as a guide. The new thing to consider is running a deception network.
Four members of the CyberWire’s hash table of experts: Jerry Archer - Sallie Mae CSO Ted Wagner - SAP National Security Services CISO Steve Winterfeld - Akamai Advisory CISO Rick Doten - Centene CISO discuss the things they worry about when it comes to incident response.
Rick discusses incident response as a best practice for the network defender community, talks briefly about Zoom and how well their communications plan worked earlier this year when the network defender community called their web conferencing app out on several security issues, and how poorly OPM handled their incident response when the Chinese stole the PII of every person that worked in the U.S. government. Finally, he talks about the birth of incident response and the most influential cybersecurity book ever: “The Cuckoo’s Egg.”
Four members of the CyberWire’s Hash Table of experts: Don Welch: Interim CIO of Penn State University Helen Patton: CISO for Ohio State University Bob Turner: CISO for the University of Wisconsin at Madison Kevin Ford: CISO for the State of North Dakota discuss SOC Operations in terms of intrusion kills chains, defensive adversary campaigns, insider threats, cyber threat intelligence, zero trust, SOC automation, and SOC analyst skill sets.
For the 20th anniversary of 9/11, Rick Howard, the Cyberwire’s CSO, Chief Analyst, and Senior Fellow, recounts his experience from inside the Pentagon running the communications systems for the Army Operations Center.
The idea of operations centers has been around as far back as 5,000 B.C. This show covers the history of how we got from general purpose operations centers to the security operations centers today, the limitations of those centers, and what we need to do as a community make them more useful in our infosec program.
This is the eighth and final essay in this series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles.
This is the seventh show in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. First principles Zero trust Intrusion kill chains Resilience DevSecOps Risk assessment We are building a strategy wall, brick by brick, for a cyber security infosec program based on first principles. The foundation of that wall is the ultimate and atomic first principle: Reduce the probability of material impact to my organization due to a cyber event. That’s it. Nothing else matters. This simple statement is the pillar, on which we can build an entire infosec program. This next building block will start the second course of the wall because it directly supports all of the other strategic bricks we have already laid. This brick is called cyber threat intelligence operations.
This is the sixth episode in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.
This is the fifth essay in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.
This is the fourth show in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. The first show explained what first principles are in general and what the very first principle should be for any infosec program. The second show discussed zero trust. The third show covered intrusion kill chains. This show will cover resilience.
This is part three in a series that Rick Howard, CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.
This is part two in a series that Rick Howard, The CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why zero trust is a cornerstone building block to our first principle cybersecurity infosec program. And here is the key takeaway - building it is not as hard to do as you think.
This week's CSO Perspectives is the first in a series of shows about cybersecurity strategy. Rick Howard discusses the concept of first principles as an organizing principle and how the technique can be applied to cybersecurity to build a foundational wall of infosec practices that are so fundamental as to be self-evident; so elementary that no expert in the field can argue against them; so crucial to our understanding that without them, the infrastructure that holds our accepted best practice disintegrates like sand castles against the watery tide.
Rick Howard discusses counterintelligence operations by commercial vendors on the Dark Web and the kinds of intelligence that can be found.
Conveying risk to the company leadership, the metrics collection required to do it, how heat maps are generally bad science, and the requirement for precise modeling of the risk environment.
Rick Howard, the CyberWire’s Chief Analyst, CSO, and Senior Fellow discusses his favorite cyber novels to distract us from our current emergency situation: "Threat Vector” by Tom Clancy and Mark Greaney, “Neuromancer,” by William Gibson, “Breakpoint,” by Richard A. Clarke, and his favorite hacker novel of all time, “Cryptonomicon,” by Neal Stephenson.
Rick Howard, the CyberWire’s Chief Analyst, discusses the Artificial Intelligence hype. Listen as Rick talks about the emergence of machine learning as a key tool to the detection of cyber adversaries (and the need for big data to pursue that strategy). He also discusses the transition of SIEMS from on-prem devices to cloud-delivered services in order to facilitate the implied big data collection requirement. And, you'll hear about the emergence of XDR that may well fulfill the promise on-prem SIEMs could never deliver: real-time anomaly detection.
loading
Comments 
Download from Google Play
Download from App Store