Here are six minutes of the best moments from “Hacking User Access: An hour of critical thinking on managing initial and ongoing access to network and data”.
Joining me for this discussion were:
- Corey Marshall, director of solutions engineering, F5
- Chris Hatter, CISO, Nielsen
Got feedback? Join the conversation on LinkedIn.
Thanks to our sponsor, F5
Best Bad Ideas
A respectable 45 bad ideas were delivered in last week’s CISO Series Video Chat with brand new winner Kevin Hakanson, principal cloud solutions architect for OpsCompass taking top prize. Here are a few of the honorable mentions.
“‘Single’ sign-on. Sign in once and stay authenticated forever.” – Sam Small, CSO, ZeroFOX
“Hire a human authentication team and have all access requests be approved manually 24/7.” – Danielle Simon, director – channel, alliances, partnerships, CybelAngel
“Your MFA key is inside the Game of Operation. You have 5 seconds to extract it from the funny bone, else it resets.” – Dutch Schwartz, strategic lead, AWS Global Security Services Team, AWS
“You keep every privilege ever granted you, even from prior companies.” – Larry Rosen, manager, security architect, GBQ Partners
Best quotes from the chat room
“Even bad MFA can be better than none at all…Remember the SIM porting attacks are possible, but not something that my mother can do.” – Ian Poynter, consultant
“Jokes aside, as a Cyber Vendor , if you can let the user pay to “not do anything with security – purely “nothing” , you are RICH!” – Eli Migdal, CEO, Boardish
“In my experience achieving true SSO is unrealistic. The goal really is to reduce access accounts as much as possible, not necessary having ONE account.” – Carlos Rodriguez, director, IT security & risk, Citizens Property Insurance Corporation