Paul’s Security Weekly (Video)
Technology
Matt Coose is the founder and CEO of cybersecurity compliance firm Qmulos, previously the director of Federal Network Security for the National Cyber Security Division of the (DHS).
CISOs carry the ultimate burden and weight of compliance and reporting and are often the last buck. Says Coose, best-of-breed is better described as best-to-bleed-the-budget: it’s a bottom-up, tech-first, reactive approach for acquiring technology as opposed to managing risk. Coose shares his top considerations below for how CISOs can navigate the crowded market of cybersecurity tools when cost is highly scrutinized, but regulations keep growing.
Platforms are what every vendor dreams of being called, but no platform does it all, says Coose.
Coose shares what smart CISOs and mature organizations understand, that others don’t:
• There’s no “buying their way out of security issues or into a better risk posture.” They understand the need to evolve to a top-down, risk-driven, inherently business-aligned, dynamically adaptable, and evidence-based security management strategy.
• That looking at technology choices through the lens of risk controls (and the related data provided by technology that implements those controls) enables credible and transparent strategic tech portfolio management decisions that are immune to vendor preferences or the latest market(ing) fads.
• The need for meaningful security and risk measurement and the difference between leading and lagging indicators.
• The original intent of security and regulatory compliance as a model for proactive and consistent risk management (leading indicator), not just a historical reporting and audit function (lagging indicator).
• That managing risk, compliance, and security as distinct and separate functions is not only wasteful and inefficient, but denies the enterprise the ability to cross-leverage significant people, process, and technology investments
Show Notes: https://securityweekly.com/psw-814
Exploits Make You More Secure - PSW #830
Pen Testing As A Service - Seemant Sehgal - PSW #830
Vulnrichment, Hardware Hacking, VPNs - PSW #829
The Impacts Of Cryptocurrency - Nicholas Weaver - PSW #829
Hacker Heroes - Jeremiah Grossman - PSW #828
Corporate Ransomware Deep Dive - Mikko Hypponen - PSW #828
ChatGPT Writes Exploits - PSW #827
Kicking Off With Crypto - PSW #827
Your TV Is Scanning You - PSW #826
Advising The President On Cyber-Physical Resilience - Philip Venables - PSW #826
Hacker Heroes - Winn Schwartau - PSW #825
PCI 4.0 - PSW #825
Why Is Your TV & NAS On The Internet? - PSW #824
Digging Into Supply Chain Security - James McMurry - PSW #824
It's A Minifilter! - PSW #823
XZ - Backdoors and The Fragile Supply Chain - PSW #823
Crypto, Bluetooth Vulns, Unsafe Locks - PSW #822
Are we winning? - Jason Healey - PSW #822
A Dive into Vulnerabilities and Compliance - PSW #821
Securing All The Things - Josh Corman - PSW #821
Create your
podcast in
minutes
It is Free
Insight Story: Tech Trends Unpacked
Zero-Shot
Fast Forward by Tomorrow Unlocked: Tech past, tech future
The Unbelivable Truth - Series 1 - 26 including specials and pilot
Acquired