Here are five minutes of the best moments of CISO Series Video Chat, ”Hacking Cloud Vulnerabilities: An hour of critical thinking of the risk and reward of cloud-based vulnerability management”.
Our guests for this discussion were:
- Steve Lodin (@stevelodin), sr. director security, Sallie Mae
- Ed Bellis (@ebellis), CTO, Kenna Security
Got feedback? Join the conversation on LinkedIn.
HUGE thanks to our sponsor Kenna Security
Best Bad Ideas
Congrats to Shawn Bowen, global head of IT security & compliance (CISO), Restaurant Brands International for winning this week’s Best Bad Idea.
Other honorable mentions go to:
“Leverage 2-3 competitive cloud services for every application/work function so you spread your risk out amongst vendors…” – Carlota Sage, CEO, Tulle Software Services
“Disable the left button on all mice so employees can’t click on malicious links.” – Jim MacLeod, consultant
Best quotes from the chatroom
“All the cloud services try to make you use things that no one else has. They want lock-in. Which isn’t helpful for multi-cloud cut-over.” – Ian Poynter, consultant
“CIS is just a baseline; you need to set what your baseline is and where CIS maps to it and then monitor systems for drift” – David Zendzian, Tanzu global field CISO, VMware
“Ultimately, you are limiting yourself when you decide to use more than one cloud provider, whether that means controls or tools or anything else.” – Ian Poynter, consultant
“G-Suite’s default is to allow anyone to spin up GCP projects. Just brutally bad initial config” – Anatoly Chikanov, director of information security, Enel X