Here is our highlights video from Super Cyber Friday“Hacking Complexity: An hour of critical thinking about how to consolidate and simplify a security program.”
Our guests for this discussion were:
- David Richardson (@docgravel), vp, product, Lookout
- Sonja Hammond, CISO at National Veterinary Associates
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Lookout
Best Bad Idea
Congrats to Dutch Schwartz, principal security specialist, AWS for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Put all your tools in a sock, then hit the security staff over the head with it.” – Stephanie Kass, analyst, SMB Technology Consulting
“Believe all of the claims of the sales person/vendor, so you only have to buy one tool to solve all of your problems!” – Jonathan Waldrop, senior director, cyber security, Insight Global
“Spend the whole budget on tools and zero for staff to use them. This stuff just runs itself, right?” – Duane Gran, corporate director of information security, Converge Technology Solutions Corp.
“Just buy all the tools. Don’t worry about configuring or using them, so long as you can check a box on your assessments.” – Brian Colt, information security engineer, DASH Financial Technologies
10 percent better
“Have an awareness of Gaps and Overlaps between all the tools in your toolbox” – Jerry Gitchel, thought instigator, Make Technology Work, Inc.
“Keep a catalog of all your tools and their features so when gaps are identified, you can reference it to determine if you already have a tool to address that gap.” – Duane Gran, corporate director of information security, Converge Technology Solutions Corp.
“Whiteboard your workflows and automation schema with your vendors and third parties so they truly understand how your teams operate. Automation + APIs for the win!” – Dutch Schwartz, principal security specialist, AWS
“Include training for your team in any new tool you purchase.” – Jonathan Waldrop, senior director, cyber security, Insight Global
Quotes from the chat room
“I’ve found many ‘best of platform’ aren’t nearly as integrated in practice. Often the company has bought niche players and integrated them to varying levels of success.” – Duane Gran, corporate director of information security, Converge Technology Solutions Corp.
“Systemic Risk’ is an emergent property of complex systems. It emerges from no single component of the system, but rather the density of connections and the degree of non-linear dependencies.” – Mike Wilkes, CISO, SecurityScorecard
“We always say people > process > tools, but then all vendor review does the exact opposite priority in the questions asked.” – Duane Gran, corporate director of information security, Converge Technology Solutions Corp.
“The best vendors I’ve worked with include training in the sale… it’s not an add-on price.” – Jonathan Waldrop, senior director, cyber security, Insight Global
“Our biggest challenge is that there are so many business applications and security tools that change behavior or update on the fly, that representation of an environment changes computer to computer, and hour to hour at times. The exact argument we had back in ‘patch and pray’ change control days.” – Dennis Underwood, CEO, Cyber Crucible, Inc.
“I routinely see a general lack of continuous improvement mindsets when assessing cyber programs. Empower and reward teams for identifying improvement areas that eliminates complexity. This should run across not just tools but also processes.” – Thomas Torgerson, senior cyber risk advisor, Cyturus Technologies, Inc.