CISO/Security Vendor Relationship Podcast
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

Categories

Hacking Media Production Podcast
podcast

Archives

2019
August
July
June
May
April
March
February
January

2018
December
November
October
September
August
July
June

2014
February

2013
June
May
April
March
February
January

August 2019
S M T W T F S
     
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Syndication

Security is suffering from a serious Rodney Dangerfield "I get no respect" problem. What has often been seen as the department of "no" is struggling under that brand image. That's probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it'll be their responsibility to dig themselves out.

Here's what you'll hear on the latest episode of the CISO/Security Vendor Relationship Podcast:

  • Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers vs. problem creators.
  • Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer's time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft.
  • We play "What's Worse?!" In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications.
  • Uggh, WAFs are NOT magical boxes: In a round of "Please, Enough. No, More." we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks.
  • How can you be a great customer? We turn the tables from "Ask a CISO" to "Ask a Vendor" and ask what it takes to be a great customer. Vendors would like you to ttop kicking the tires and talk about solving real problems.
  • Plus a ten-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling.

Special thanks to Signal Sciences for sponsoring this episode. If you’re using WAFs, make sure you read “Three Ways Legacy WAFs Fail,” by their head of research, James Wickett.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Zane Lackey (@zanelackey), co-founder and CSO for Signal Sciences and author of the new book from O'Reilly, "Building a Modern Security Program."

Sponsor the Podcast

If you'd like to sponsor the podcast, contact David Spark at Spark Media Solutions.

Direct download: CISO_Vendor_8-26-18_FINAL.mp3
Category:podcast -- posted at: 2:52pm PDT