CISO Series Podcast
Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/empowered-working-together-to-pile-on-the-cyber-guilt/)

We can all be more secure if we work together as a team to shame those who don't agree with how we approach security.

This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Chris Hatter, CISO, Nielsen.

On this week's episode

Mike's confused. Let's help him out.

Mike inspired this brand new segment with his question to the LinkedIn community, asking what's the big deal with 5G security? The story I heard about 5G is just sheer volume over unsecured networks. But Mike said, we've been dealing with unsecured networks since 2G and 3G and we dealt with them using Transport Layer Security or TLS, and implementing other services such as multi-factor authentication or MFA. Mike called out to the community to clue him in as to why we should be more concerned with 5G.

Does shaming improve security?

Thanks to Mark Eggleston, CISO, Health Partners Plans for alerting me to Chris Castaldo, CISO of Dataminr, and his post about Rob Chahin's "Single Sign-On or SSO Wall of Shame". Chahin, who is the head of security at Eero, purports that SSO should be a standard feature in applications and websites that allow for secure sign on through third party identity services, such as Google and Okta. Single sign-on is a significant boon for security and management simplicity and Chahin argues that many companies force users to pay dearly to enable SSO.

What's Worse?!

A grand financial decision in this scenario.

Is this the best solution?

According to a recent article in the Wall Street Journal, there is an ever slight trend of CISOs moving away from reporting to the CIO, opting instead to report directly to the CEO. Why is this trend happening? What are the benefits and disadvantages?

Security Tip by Steve Prentice sponsored by ExtraHop

 

With hacks and breaches becoming all too commonplace and even encrypted data still vulnerable to hackers who can read and copy it, focus is now being placed on Quantum Communication as a potential next option. This is a technique that encodes data into photons of light, each of which can carry multiple copies of ones and zeroes simultaneously, but which collapses into a single one-and-zero if tampered with. Basically, the scrambling of data to an unusable format.

Although Quantum communication has been development for a few years, researchers in China have apparently already outfitted a fleet of drones that will soon be able to communicate upwards to its already launched Quantum satellites and downwards to ground stations while remaining stable in flight.

This paves the way for the field of quantum teleportation, a glamorous term whose uses and actual development are no longer just the realm of science fiction. For data at least.

More from our sponsor ExtraHop.

Close your eyes. Breathe in. It’s time for a little security philosophy.

Simon Goldsmith, adidas, said, "I’ve been having some success in replacing risk with uncertainty. By which I mean not having a threat, vulnerability or impact made tangible creates uncertainty which is next to impossible to factor into any modern decision making process. If I make it tangible, it becomes a risk and I can help you make a better decision. Puts value on turning uncertainty to risk and fights FUD."

Direct download: CISO_Vendor_02-11-2020_FINAL.mp3
Category:podcast -- posted at: 5:30am PDT