What is the future of cybersecurity and what changes are organizations making? Should the government implement more defined rules to protect businesses from cyber attacks?

What can businesses do to prepare for the cybersecurity bills that recently passed through The House?

Top Answer : We're doing some reorganization to prepare for these changes. With so much overhead, you can't move at the speed that your developers and organization want. My data security monitor is helping me drive a threat modeling library right now so that I can advance. They need to test this stuff, so hopefully, that will provide some empowerment.

Assume that you're organization has a ransomware attach, what would you recommend to bod

Top Answer : Have an IRT ready and trained.

Related Tags
You work for a financial institution and are currently a custodian for digital assets (or think about doing so) . What is the most important to you between security, ease of use, asset fluidity or crypto coverage?

Top Answer : I would say both security and ease of use. Security at all cost, doesn't make sense, because if your cost of protecting information assets is more that the assets or more that your revenue, you won't be in business. However, the Government is a different entity.

Related Tags
Outsourcing Cybersecurity Tools and ProcessesOutsourcing Cybersecurity Tools and Processes

How many cybersecurity tools and processes are teams outsourcing in 2021?

Related Tags
Do you believe it when cyber security solutions claim they’re using AI?

Top Answer : There are a number of cyber security vendors that claim they have AI embedded in their tools—CrowdStrike comes to mind, among others. They have some automation but it’s not nearly what we would define as AI.

Related Tags
What are the greatest advantages offered by SASE?

Top Answer : Every vendor is calling themselves SASE now. The CISOs and CIOs that I speak with say, "We're working on being secure now because we're going to get SD-WAN." But it's a secure access service edge (SASE) company so it has all the security protections built-in. When you actually dig down into it, SASE is just a multiprotocol label switching (MPLS) replacement, except you can use public lines or open internet connections. So, what makes it SASE is adding Zscaler or some security tool on top of that. We had a huge discussion with a SASE industry leader recently and they fully admitted that networking really hasn't changed in the last 30-40 years. You still have your firewall, switches, routers, gateways, WiFi, etc. We just have a different way of accessing it now. Instead of a firewall you just throw in your huge SD-WAN appliance, depending on how you're setting it up, and you do all your security and network management from there. I'm not sure how that’s different, besides the internet connections and the simplicity of rolling it out.  I'm a big SD-WAN user, so I was a VeloCloud customer back in 2014 because I had offices all over the world and it didn't make any sense to pull out network stacks. I just shipped out a little VeloCloud box with some arrows and stickers that said, "Plug internet in here, plug switch in here." And we could see those come online as the receptionist plugged them in—it was simple and easy and it worked. It wasn't perfect, but it was better than waiting 90 days to get a MPLS connection and an AT&T internet connection. I could do things instantly—that's the advantage I see of SD-WAN, but I don't see any security advantages to it.

Related Tags
Is WeWork a secure office solution for a hybrid or fully remote workforce?

Top Answer : My first experience with a WeWork location outside of the US was in Berlin. I opened my laptop and scanned the entire block of IPs that I had access to. I think I was on the guest network, so I only expected the internet. I shouldn't have been able to see anyone else. But I saw everyone: not just live hosts, I saw open ports, too. Open ports were all I needed to see, and at that point I saw my employees, but I also saw folks from the HP space and Amazon is above us. And at that point, I had to make a determination: It should not be up to WeWork to secure my end users. We're in their space. For me to try to bring in my own personal area network (PAN) appliance or firewall and own access points (APs) is not worth the investment because we could be here for just six months to a year. So we started to focus on the endpoint, which ended up being a lot more efficient from a cost and labor perspective.

Are below the operating system vulnerabilities a top concern for your organization?

Top Answer : This is a great question and I would love to here from the people who put “No” as there answer and why? All vulnerabilities should be a top priority or at least have a plan in place to the timeframe they need to be remediate by based on the risk.

Can SASE fit into an adaptive security model?

Top Answer : We’re in a dynamic, ever-moving world that requires an adaptive security model. I don't know if SASE does that. One of the things we're playing with is constantly assessing who you are, where you are, how you are. If you’re on an airplane, no, you can't look at that file now. It’s not happening.

What is the “FREE” space in the center of your InfoSec Bingo card?

Top Answer : Well, I've been waiting for weeks for someone to take a crack at this one... I'll start! Cyber Insurance 🤷‍♂️

Related Tags
Should coworking spaces increase their on-site security measures?

Top Answer : I sat down with WeWork and talked to their IT teams and my first question was, "Is your WiFi password the same globally?" They said, yes and it never changes. They treat it as a Starbucks. At that point, your responsibility—in IT or security—is to treat every single end point as an office. Especially if you're going to have people in a fully remote work environment. So with that being said, something like a secure access service edge (SASE) could be beneficial if it's not just your run-of-the-mill cloud access security broker (CASB) plus SD-WAN.

Related Tags