The Balancing Act by Security Compass
Kim Wuyts - Privacy Threat Modeling with LINDDUN

Kim Wuyts - Privacy Threat Modeling with LINDDUN

December 23, 2021

Today we are joined by Kim Wuyts from KU Leuven, to talk about privacy threat modeling. We will start by discussing what LINDDUN is and the difference between privacy threat modeling and security threat modeling. We will then discuss how a framework like LINDDUN can be used in DevSecOps pipelines as part of an evolving knowledge base. For those who wish to provide feedback to the LINDDUN team, Kim will share some ways that you can reach out to her team. Privacy is a critical part of our software that is often neglected. With new regulations and standards emphasizing both privacy and security, we need a consistent approach to help guide policy creation and software development activities.

 

Nick Deshpande - Data Governance

Nick Deshpande - Data Governance

December 20, 2021

Today we are joined by Nick Deshpande to talk about data governance and security. We will start by introducing the concept of data governance and the business importance of data governance. We will dig deeper and discuss who is responsible for creating and managing a data governance program. When looking at data governance as an enabler, we will turn our attention to three use cases: DevSecOps, Threat Modeling, and Zero Trust. In concluding, Nick will share his thoughts on where he sees data governance evolving over the next 12-18 months.

 

Kyle Lai - Complying With CMMC

Kyle Lai - Complying With CMMC

December 17, 2021

Today we are joined by Kyle Lai, Founder and CISO of KLC Consulting, to talk about CMMC. We will start by discussing the governance and ownership aspects of CMMC. Once a CMMC program has kicked off, teams usually have to overcome some challenges. We will discuss the top challenges with achieving CMMC compliance. In an era of DevSecOps, we will turn our attention to the importance of automation and conclude by discussing the impact of CMMC in the near future.

K Royal - Think about User Privacy When Developing Your Software

K Royal - Think about User Privacy When Developing Your Software

November 29, 2021

Today we are joined by K Royal, Associate General Counsel & DPO of TrustArc, to talk about Software Development and Privacy. We will start by discussing what the intersection of privacy and software development looks like. We will examine the essential competencies required to produce privacy compliant software and touch on automated privacy checking in the context of DevSecOps pipelines. We will conclude by discussing where privacy is headed in the next 12-18 months. Producing privacy compliant software is becoming increasingly important in light of government regulations.

Mark Simos - Using Security Reference Architectures

Mark Simos - Using Security Reference Architectures

November 19, 2021

Today we are joined by Mark Simos, Lead Cybersecurity Architect at Microsoft, to talk about leveraging security reference architectures to operationalize security. We will talk about our current context and the democratization of security and DevOps across the enterprise. Since security touches so many parts of the organization, this is where the role of security reference architectures becomes critical in creating an onramp for cross-functional teams. They help coordinate activities and programs against measurable business outcomes. We will conclude by looking forward to the next 18-24 months and what to expect.

 

#podcast #cybersecurity 

Michael Isbitski - Executive Overview on Securing Your APIs

Michael Isbitski - Executive Overview on Securing Your APIs

November 12, 2021

Today we are joined by Michael Isbitski, Technical Evangelist at Salt Security, to talk about API Security. Our systems and platforms today are largely driven by API integrations. We will start by discussing ownership of API security in an organization. This will lead into a discussion about convincing a business stakeholder to invest in API security. Given how complex our applications are today, we will talk about some of the biggest challenges with securing our APIs. As security paradigms continue to evolve, we have gone from perimeter based security to Zero Trust. We will conclude by discussing how API security fits into Zero Trust.

 

Carmichael Patton - Lessons from Zero Trust Implementations

Carmichael Patton - Lessons from Zero Trust Implementations

October 29, 2021

Today we are joined by Carmichael Patton, Senior Security Architect at Microsoft, to talk about Zero Trust. We will talk about the value proposition along with ownership and accountability for a Zero Trust program. It is important that Zero Trust aligns with business priorities. We will also discuss the rollout of Zero Trust and some important lessons learned from previous implementations. 

Rob Akershoek - The Importance of a Security Reference Architecture

Rob Akershoek - The Importance of a Security Reference Architecture

October 15, 2021

Today we are joined by Rob Akershoek from DXC, to talk about security reference architectures. We will start by discussing why we need a security reference architecture. This will lead us into governance and who is responsible for creating a security reference architecture. Since we don’t have a standard security reference architecture in the industry, we will explain how to start creating a security reference architecture. In conclusion, we will share some of the work being done by The Open Group around security reference architectures. 

Mark Timms - The Human Side of Cyber Security

Mark Timms - The Human Side of Cyber Security

September 30, 2021

Today we are joined by Mark Timms, Senior Manager, Cybersecurity Education & Awareness Behavioural Science at RBC, to talk about the human side of cyber security. We will talk about what motivates people to embrace a security program and what triggers drive the intended behavior. Building a security culture takes intentionality and a coordinated set of activities that focuses on the person. We will conclude with a consideration on how we should think about measuring the outcome. Cyber security is top of mind for many organizations and understanding the human side will help to drive meaningful programs that align with personal and organizational motivations.

Leaders in Product Security - Clay Carter

Leaders in Product Security - Clay Carter

September 17, 2021

In this episode, Clay Carter talks about product security in our critical infrastructure- specifically, water! Clay discusses the unique challenges and opportunities of product security in the water industry, the intersection with business partners like safety, importance of domain expertise, and the effect of seeing the products you help secure impact your day to day life.

Podbean App

Play this podcast on Podbean App