On-demand Webinar: Bracing for the Next Big Attack? How to Build an Effective Incident Response Plan

Presented by:
Zocdoc CISO Brian Lozada Exabeam CMO Rick Caccia

An incident response (IR) plan will either make or break your organization in 2017. History has shown that no organization is immune to cyber threats, increasing the need for effective response. Unfortunately, many IT professionals feel their organizations’ IR capabilities are ineffective.

How do you improve your IR plan?

In this webinar, Zocdoc CISO Brian Lozada, and Exabeam CMO Rick Caccia discuss the challenges faced as well as provide strategies to help you:

  • Automate response procedures with incident workflows and playbooks
  • Reduce response time and errors
  • Increase productivity of all IR and SOC staff
  • Connect and coordinate all of your security technologies with orchestration

                                                                Watch Now 

San Diego CISO Gary Hayslip Talks Strategies for Building Executive Buy-in, Security Tech and Leveraging the Cloud

CISO Gary Hayslip Speaks with CISO David Cass

The city of San Diego is a $4 billion business and it doesn’t shut down. As you’ll hear in this discussion between Gary Hayslip, the city’s CISO, and David Cass, Global CISO IBM Cloud and SaaS, San Diego is a smart city which is continuously rolling out new technologies to facilitate 'the business' while bolstering its security.

In this podcast, recorded during the RSA Conference, Hayslip talks about joining the city as its first CISO some three years ago and how he established a five-year-plan which leveraged established frameworks like the National Institute of Standards and Technology (NIST) to increase the security of the city and its 24 networks and 40 departments.

The two also discuss ‘cloud first’ initiatives, resilient networks and the role of the CISO, which Hayslip provides practical guidance on with his book “A CISO Desk Reference Guide: A Practical Guide for CISOs.”

                                                                Listen Now 

Maxim Integrated CISO Speaks with Sophos Enduser Security Group SVP & GM on Ransomware, IoT and Hacking as a Business

CISO Matt Hollcraft Interviews Dan Schiappa of Sophos

In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.

In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous. 

                                                                 Listen Now 

Supreme Court – Meet Social Media

By Mark Rasch
Attorney and Cybersecurity Expert 

Once again the United States Supreme Court steps into the thicket of how and when the States may regulate the content and actions of users or social media. 

In oral arguments on February 27, the Supreme Court considered the constitutionality of a North Carolina law that prohibited the use of Facebook or other social media sites by registered sex offenders. The case presents the issue of whether social media and similar websites are essentially necessities in public life.

The Statute

The North Carolina statute provides that it is a crime for a registered sex offender “to access a commercial social networking Web site where the sex offender knows that the site permits minor children to become members or to create or maintain personal Web pages on the commercial social networking Web site.” 

                                                                Read More 



The Map of Cybersecurity Domains

By Henry Jiang
CISO and Managing Director at Oppenheimer & Co. Inc.

Recently, I posted a picture of a mind-map that I created just called "The Map of Cybersecurity Domains (v1.0)." The map was put together as a way to clear my head by fully immersing myself in the world of cybersecurity day-in and day-out for the past few years, and constant reminder that just how complex and vast the subject can be. 

To the people outside of cybersecurity world, even to the people who are involved with cybersecurity, they often form their viewpoints that sometimes are limited by their understanding, and confined by the functions of their roles. 

How many times a cyber security practitioner such as myself when mentioning to other people what I do, and other people would response by one of the followings:

a) oh, you are a hacker, can you break into my computer? haha,

b) ok, I got it, you are doing something with computers...   

When you visit a new city, a new country, or a new place, you usually want to get a hold of a map to orient yourself. Why not a map for the world of cybersecurity? Over the years, as a trained network architect, I always liked to draw diagrams to  convey complex designs or ideas to share with other people, so this skill comes pretty handy in the cyber world.

The map version 1.0 was first published on LinkedIn as a photo not as an article. Within days, the post went viral, with over 180,000 views in about a week of time and still counting. I received many constructive feedbacks from the LinkedIn community that I felt so compelled to publish an updated version of the map to:

- incorporate some really good advices from the people who had read my original post; 

- correct misspelled words; 

- properly explain what the map is about, and what it is not about;

- share the map in other file format (PDF, free mind-map app, etc.) so the information can be distributed and modified more easily. 

The World of Cybersecurity Map Version 2.0

The map is about capturing key areas of cybersecurity practice in interconnected ways. The practice of cybersecurity is not just about "hacking." With the map, one should realize that hacking, perhaps a more appropriate definition of such activities should be "authorized penetration test" which is a sub-domain under "Risk Assessment," or under a another sub-domain called "Active Defense" under "Security Operation."

The map is not based on a particular standard or framework. However, being a CISSP myself, you can certainly see some of familiar components from ISC2. For example, Security Engineering and Security Operations.

                                                                                            Read more 


10 CISOs Say Cyber Insurance is Growing and Evolving, but Adoption Comes with Caveats

Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.

10 CISOs Say Passwords are Failing and Must be Augmented or Supplanted

Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.

Security Current eBook 

A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower


The Benefits of Tokenization: A Podcast with Jason Witty, US Bancorp EVP and CISO

Jason Witty, US Bancorp EVP and CISO 

Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.  

He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.

Listen Now!

How to Unlock Cybersecurity Talent

By Daniel Conroy
Synchrony Financial Chief Information Security Officer

Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.

There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.

Read more!



About Security Current | Privacy Policy | Subscribe to our newsletter