Best moments from “Hacking Proactive Security” – Super Cyber Friday

By
Andrew Freels
-

Here is another highlight video from Super Cyber Friday “Hacking Proactive Security: An hour of critical thinking about continually testing your defenses to improve your security posture.”

Our guests for this discussion were:

Watch the full video.

Got feedback? Join the conversation on LinkedIn.

HUGE thanks to our sponsor PlexTrac

PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time.

Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

Best Bad Idea

Congrats to Brian Colt, information security engineer, DASH Financial Technologies for winning this week’s Best Bad Idea.

Other honorable mentions go to:

“Hire Lapsus$ before you get breached by them…” – Shawn M Bowen, VP, information security (CISO), World Fuel Services

“Only hire pen testers with proven technical skills shown by past criminal history.” – Ross Young, CISO, Caterpillar Financial Services Corporation

“Remove user access to all files not opened in 30 days. If you don’t use them you don’t need it.” – Ross Young, CISO, Caterpillar Financial Services Corporation

“Threat hunting is conducted using the classic stand-up arcade game Pac-Man.” Brian Colt, information security engineer, DASH Financial Technologies

“Turn off all servers during lunch time. If developers aren’t watching them you don’t want to risk them going down.” – Ross Young, CISO, Caterpillar Financial Services Corporation

“Use “Cards Against Humanity” to predict upcoming threats and orient defenses around that happening. Distribute a card deck to the board so they can play along.” – Ted Bardusch, CTO, Termly

10 percent better

“If you have a security team in any form, you’re doing proactive security.” … The key is building a strategy around setting a prioritization.” – Jonathan Waldrop, senior director, cyber security, Insight Global

“Hire security people for all IT jobs (inverting the idea of asking IT people to do the security work).” – Shawn M Bowen, VP, information security (CISO), World Fuel Services

Quotes from the chat room

“Proactive security means that you are keeping up on emerging trends… My board asked for a slide on this.” – Renee Guttmann, former CISO, VC advisor

“The NACD board of directors on cyberrisk says that boards must be current on emerging risk, not just compliance.” – Renee Guttmann, former CISO, VC advisor

“If your entire company thinks that security is IT’s responsibility and they have no part in it, you are boned.” – Ian Poynter, vCISO, Kalahari Security

“If you want to win over culture, you need to get really good on gamification concepts. It’s the best way to change culture.” – Ross Young, CISO, Caterpillar Financial Services Corporation

“People need to understand how they play a part in something that impacts the value of the company.” – Ian Poynter, vCISO, Kalahari Security

“People need to relate it to their home life and be given skills they are motivated to take home and use with family and friends.” – Gabe Silva, CISO, PDC TECHNOLOGY, Inc.