All links and images for this episode can be found on CISO Series (https://cisoseries.com/lets-blow-our-entire-marketing-budget-at-rsa/)

Security professionals only think about security one week out of the year, right? So let's drop every single dollar we have budgeted for marketing on the last week of February. Whaddya say?

This episode was recorded in person at Intel's offices in Santa Clara, California. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest is Tom Garrison (@tommgarrison), vp and gm of client security strategy at Intel (@IntelNews).

David Spark, CISO Series, Tom Garrison, Intel, and Mike Johnson,
CISO/Security Vendor Relationship Podcast.

Thanks to this week's podcast sponsor, Intel.

The globalization of technology has created an environment of complicated supply chains with limited transparency. Intel’s Compute Lifecycle Assurance (CLA) initiative solves this through a range and tools and solutions that deliver assurances of integrity throughout the entire lifetime of a platform --from build to retire.

On this week's episode

There’s got to be a better way to handle this

Next week is RSA and by podcast law we're required to talk about it. We offer up tips on maximizing the following: education, engagement, and follow up.

What’s the return on investment?

On Peerlyst, John Mueller, a security architect with the US Navy, suggested ways to use incident response metrics to help determine whether your cybersecurity program is improving. But as Mueller points out, it's not easy as you could fool yourself into believing you're doing well if you don't valuable discovery tools. We discuss methods to measure improvements in security programs.

What's Worse?!

A really tough one that delivers a split decision.

Please, enough. No, more.

Our topic is trust and hardware manufactures. We discuss what we've heard enough about with trusting hardware manufacturers of tech products, and then we discuss what we'd like to hear a lot more.

The fable of Walt Disney having been cryogenically frozen to be revived in an age where the science to do so existed is just that – a fable. But there is still something to be taken from that when it comes to documents archived on the cloud or consigned to data landfills. Just because encrypted data cannot be easily decrypted by hackers using today’s tools, that doesn’t mean tomorrow’s tools can’t do the job and revive the information stored inside.

When threat actors take it upon themselves to steal data, through hacking, ransomware, or AI, they might, of course be searching for material that is immediately exploitable, such personal data, or data that has immediate value in being returned or unlocked as in the case of ransomware.

But other players are in it for the long game, counting on the fact that the inexorable momentum of progress will lead to a decryption solution in time for stolen archived data to still be of use for future crimes, frauds and deep fakery.

More from our sponsor ExtraHop.

Close your eyes. Breathe in. It’s time for a little security philosophy.

I got back from Tel Aviv where cybersecurity professionals find themselves innovating out of necessity. They're often short on resources. We discuss the kinds of exercises we've tried to help ourselves and our team to think creatively about cybersecurity.

One suggestion is the interrogation technique of "Five Whys" to get at the root reason of why we make our choices.