By Mark Rasch
Attorney and Cybersecurity Expert
It sounds like a classic law school exam question. A border patrol agent in the United States, without adequate provocation or justification, fires a shot across the Mexican border, hitting an innocent Mexican teenager in the head – killing him.
Does the family of the deceased have any recourse in the US courts, specifically under the Fourth and Fifth Amendments through the unjustified use of deadly physical force? That’s what the Supreme Court will decide after oral argument on February 21, in a case called Hernandez v. Mesa.
The holding will be significant because of its implications for cyberspace. If the US government can “shoot” foreigners overseas with impunity because the Fourth Amendment does not apply, then it can seize documents or records remotely from non US servers (provided it isn’t infringing the privacy rights of US citizens). It can also take down botnets, webpages, domains, and IP ranges without bothering to get a warrant because – well, ‘merica.
CISO Gary Hayslip Speaks with CISO David Cass
The city of San Diego is a $4 billion business and it doesn’t shut down. As you’ll hear in this discussion between Gary Hayslip, the city’s CISO, and David Cass, Global CISO IBM Cloud and SaaS, San Diego is a smart city which is continuously rolling out new technologies to facilitate 'the business' while bolstering its security.
In this podcast, recorded during the RSA Conference, Hayslip talks about joining the city as its first CISO some three years ago and how he established a five-year-plan which leveraged established frameworks like the National Institute of Standards and Technology (NIST) to increase the security of the city and its 24 networks and 40 departments.
The two also discuss ‘cloud first’ initiatives, resilient networks and the role of the CISO, which Hayslip provides practical guidance on with his book “A CISO Desk Reference Guide: A Practical Guide for CISOs.”
CISO Matt Hollcraft Interviews Dan Schiappa of Sophos
In this podcast Matt Hollcraft, Maxim Integrated CISO, discusses common threat vectors – what is old and what is new – with Dan Schiappa, SVP & GM, Sophos Enduser Security Group. They talk about ransomware, the mobile workforce, Internet of things and hacking as a business.
In this sponsored podcast, you’ll also hear about approaches that enterprises can take to reduce threats, which are increasingly sophisticated and continuous.
Monext's Laurent Klefstad Speaks With Security Current
Ensuring continuous compliance while reducing complexity is essential to bolstering security for many organizations, in particular, those that process credit card data.
In this Tufin-sponsored podcast, IBM’s David Cass talks with Monext’s Laurent Klefstad, Leader for Systems, Network and Telecom, about automated security policy orchestration and how it allows the French company to save time and money by reducing the complexity of its networks and firewalls.
Klefstad explains how Monext’s implementation of the Tufin solution provided Monext continuous compliance and the ability to reduce its firewall rules, of which there were about 3,000, by upwards of 20 percent. He also talks ROI, staffing implications and business enablement.
Security Current, the premier information and collaboration community by CISOs for CISOs, named ROMAD Cyber Systems the winner of its Security Shark Tank® during RSA Conference 2017. Held in San Francisco on February 14, 2017 at the Four Seasons Hotel, the event brought security solution providers face-to-face with potential buyers.
Participating vendors were given 15 minutes each to pitch their solution to the panel of information security executives interested in innovative technologies. The executives scored each vendor based on innovation and vision, ease of use and implementation, value to the industry, and the presenter’s ability to clearly and effectively articulate the value and differentiator.
Robert Herjavec, founder & CEO of leading MSSP Herjavec Group, served as event host and David Hahn, CISO for Hearst, served as the panel moderator.
The CISO panel included:
Colin Anderson, CISO, Levi Strauss & Co.
Meg Anderson, VP & CISO, Principal
Tom Baltis, VP, Chief Technology Risk Officer & CISO, Delta Dental Insurance Company
Devon Bryan, CISO, Federal Reserve System
David Cass, VP & Global CISO, IBM Cloud & SaaS
Curtis Coleman, VP & CISO, Seagate Technology
Daniel Conroy, CISO, Synchrony Financial
Rajesh David, Director of Information Security and Architecture, GE Capital
Franklin Donahoe, CISO, Mylan
Frank Fischer, EVP & CSO, Deutsche Boerse
Ajit Gaddam, Chief Architect, Visa
Sara Griffith, CISO, Euronet Worldwide, Inc.
Tim Held, SVP & Deputy CISO, US Bancorp
Matt Hollcraft, CISO, Maxim Integrated
Manish Khera, Senior Director, Royal Bank of Canada
George LLano, Global CISO, iHeartMedia
Chris Lugo, CISO, Danaher
John Masserini, CSO, MIAX Options
Mike Molinaro, CISO, BioReference Laboratories
Jasper Ossentjuk, CISO, TransUnion
David Peach, CISO, The Economist Group
Vanessa Pegueros, VP & CISO, DocuSign
David Rooker, CISO, Actian Corporation
Hussein Syed, CISO, RWJBarnabas Health
Patricia Titus, CISO, Markel Corporation
Anil Varghese, CISO, Service King
CISOs said a key benefit of participating in the Security Shark Tank was that it enabled them to engage with their peers as they learned about innovative solutions.
“The Security Shark Tank provides great exposure to new thoughts around cybersecurity defenses as well as a great opportunity to engage with my CISO peers to hear how they are leveraging new technology and automation to improve their information security programs,” said Principal CISO Meg Anderson.
Security Shark Tank winner ROMAD Cyber’s patented Malware Genetics™ genome sequencing technology profiles entire malware families, enabling users to proactively detect and stop emerging threats. CISOs rated ROMAD highest in the areas of innovation and vision, ease of use/integration and the importance of the challenge the technology solves.
"ROMAD's technology is impressive in both its simplicity and innovation. This new approach to endpoint protection has the potential to bring real value to the enterprise. Congrats to Igor Volovich and all of the ROMAD team for a second Security Shark Tank win," said Matt Hollcraft, CISO for Maxim Integrated.
Ten CISOs from across industries share insight on the future of cyber insurance and tips for success.
Ten CISOs from across industries weigh in on the effectiveness of passwords, with most predicting that the days are numbered for the password as the sole authentication method.
A CISOs Guide to Principles of Data Privacy and Security
By David Sheidlower
Jason Witty, US Bancorp EVP and CISO
Tokenization is helping render data theft obsolete. Jason Witty, US Bancorp EVP and CISO, is in the midst of completing a multi-year tokenization integration project, for which his team won the recent ISE North America Project of the Year Award in the Financial Services category.
He discussed the many benefits of tokenization with David Cass, Global CISO IBM Cloud & SaaS, including fraud prevention and the reduction of risk and the attack surface. They discuss how it is a complex process, which is “simple” to implement but difficult to adopt. Witty also touches on the many unintended business benefits.
By Daniel Conroy
Synchrony Financial Chief Information Security Officer
Today the cybersecurity sector is fraught with the challenge of a diminished talent pool. Cisco’s report, “MitigatiListng the Cybersecurity Skills Shortage,” highlights the worldwide shortage of one million information security professionals. It sends out a disturbing warning to the cybersecurity industry to bridge this gap immediately or face consequences with significant costs.
There is no doubt that the number, scale, and sophistication of operational technology attacks will continue to increase thereby putting connected transportation, health, energy and financial systems at risk.