Mon, 25 February 2019
CISO/Security Vendor Relationship Podcast and series is available at CISOSeries.com.
We're giving away private networks to everybody. Even if you think you don't need one, you want one. It's all on this week's episode of CISO/Security Vendor Relationship Podcast.
Thanks to this week's sponsor, OpenVPN
Create an economical and secure private network for your company with OpenVPN. Used by Fortune 500 companies and IT, Access Server keeps your internal data safe with end-to-end encryption, secure remote access, and extension for your centralized unified threat management. Go to openvpn.net/ciso-series to test drive Access Server for free.
On this episode
What's a CISO to do?
A few years back I interviewed Francis Dinha about hiring talent. Dinha had the fortune to be able to mine his own community of people of open source volunteers. It's become a great resource for hiring talent. Finding those passionate communities are key for finding talent. We discuss other possible resources and why it's critical or maybe not critical to hire people who've contributed to the open source community.
Why is everybody talking about this now?
Given the number of default passwords being used and connected devices with little to no security, does achieving "zero trust" have to be the InfoSec equivalent of climbing Mt. Everest? We discuss simplifying security architecture so achieving "zero trust" isn't a badge of honor but rather something everybody can easily do.
Another round where we debate an open source conundrum.
Please, enough. No, more.
What have we heard enough with VPNs and what would we like to hear a lot more?
Let's dig a little deeper
John Prokap, CISO of HarperCollins, said on our live NYC recording, "If you patch your systems, you will have less threats that will hurt you." I posted John's basic security advice as a meme, and it got a flurry of response. My favorite came from Greg Van Der Gaast of CMCG who said, "The fact that this is quote/post-worthy in 2019 boggles my mind." The issue of "why aren't you doing this" came up and people discussed integration issues, hard to keep up, and the fact that patches can often break applications. Is this a cycle that's impossible to break?