By Farhaad Nero
The world of the CISO is becoming an almost thankless job. No matter what you do, how well you present to the Board, how complete your program is, it seems your back is always against the wall.
The business complains of the burden security places on operations, the delays it causes, the relationships it destroys, etc. Whatever you do, you know that a data breach is coming. What you really hope for is that it never happens on your watch.
At the end of each and every day, it is the passion that we security professionals have that bring us back the next morning into that hot seat once again. We love the challenge; we love the cat and mouse game.
Barnabas Health CISO Hussein Syed Speaks with Security Current's Vic Wheatman
Healthcare providers have some of the most complicated environments with a multitude of systems, users and regulatory mandates. And often, according Barnabas Health CISO Hussein Syed, this leads to one of the biggest challenges -- a misunderstood environment.
There are concerns over compliance. And with the Internet of Medical Things various equipment are now networked, making data leakage a greater concern. Compounding this is are third party providers from physicians to billing agents working with healthcare providers making security even more difficult.
As you'll hear from Hussein Syed it is a balancing act to provide access while ensuring security.
Security Current's Vic Wheatman Speaks with CYREN's Lior Kohavi
Some 2.5 billion emails containing malware were sent in 2014. Malware URLs are on the rise. Phishing URLs are on the rise. And according to CYREN's 2015 Cyber Threats Yearbook it doesn't appear that attackers will be letting up any time soon.
The CYREN report, which analyzed 5 trillion Internet transactions, found that while high-profile breaches like Home Depot and Sony made headlines, attackers have set their sights on enterprises of all sizes and notoriety. No organization is immune. It also found that BYOD, consumer grade products, are creating new vulnerabilities in the enterprise.
Knowing the threat sources and how armies of botnet machines are being spawned to spread malware is key to building effective defensive strategies.
In this sponsored podcast, Security Current's Vic Wheatman speaks with Lior Kohavi, CYREN's Chief Technology Officer. They discuss the reports findings and how cloud-based security solutions are being use to predict and subsequently mitigate against attacks.
Or read the complimentary Cyber Threat Yearbook
By David Sheidlower
A CISOs Guide to Principles of Data Privacy and Security examines the key issues surrounding data privacy and security.
In this eBook, Sheidlower, currently CISO of an international media and advertising firm, provides his perspective on topics, which include privacy policies, big data, consent, governance and security.
According to the author: “The fundamental principles of privacy and security continue to evolve. I’ve tried to look into each of them from the consent process, which most people find problematic, to the need for a framework for data protection, which is where an organization’s security program comes in.”
The eBook has been lauded by Sheidlower’s peers, with Larry Whiteside Jr., CISO of the Lower Colorado River Authority (LCRA), stating: “It provides thought provoking and actionable information on issues that are top of mind for us – data privacy and security. I highly recommend reading it.”
As the news of breaches across multiple sectors continues the role of the Chief Information Security Officer (CISO) has never been more important.
The CISO is not only responsible for protecting the organization they are tasked with enabling the business. And with the CISO speaking in both business and technical languages, they are quickly gaining visibility with the Board of Directors that needs to understand, and to provide resources for, enterprise security.
In this podcast, Daniel Conroy, the CISO of Synchrony Financial, a leading financial institution, speaks with Security Current's Vic Wheatman about the CISO role, the definition of security intelligence and what keeps him up at night.
A practitioners tips on being a successful leader
Sharing information on cyber threats
Are technical audits effective?
Vic Wheatman Speaks with Gartner's Dr. Anton Chuvakin
How big a market is Security Analytics? If you ask our guest, Gartner Research VP Dr. Anton Chuvakin you'll hear that there actually is no specific or defined market called Security Analytics. He says that while there are technology providers offering products or services so labeled they all do somewhat different things in different ways.
There are vendors who look at packets, others that look at logs or roles and those that look at malware among other things and they all carry a label of analytics but according to Dr. Chuvakin the fact that all of the vendors do different things in different ways indicates that there is no market that you can just go to and buy a security analytics product.
By Gary Hayslip
In this last discussion we will cover some educational sites and a couple of sites that have useful tools that I have used over the years to recertify or increase my knowledge of new technologies.
We will start with education sites. I am first going to list some adult education sites located here in San Diego as examples of schools where you can go to work on a certification or learn a new skill.
I have found many of these two-year colleges and adult education facilities to have excellent labs for working for example on Cisco certifications or the latest Network/Cloud Security certifications. So let’s take a look at a couple of such organizations in San Diego, and similar ones in your area and see what courses they offer.