November 19, 2021
Today we are joined by Mark Simos, Lead Cybersecurity Architect at Microsoft, to talk about leveraging security reference architectures to operationalize security. We will talk about our current context and the democratization of security and DevOps across the enterprise. Since security touches so many parts of the organization, this is where the role of security reference architectures becomes critical in creating an onramp for cross-functional teams. They help coordinate activities and programs against measurable business outcomes. We will conclude by looking forward to the next 18-24 months and what to expect.
November 12, 2021
Today we are joined by Michael Isbitski, Technical Evangelist at Salt Security, to talk about API Security. Our systems and platforms today are largely driven by API integrations. We will start by discussing ownership of API security in an organization. This will lead into a discussion about convincing a business stakeholder to invest in API security. Given how complex our applications are today, we will talk about some of the biggest challenges with securing our APIs. As security paradigms continue to evolve, we have gone from perimeter based security to Zero Trust. We will conclude by discussing how API security fits into Zero Trust.
October 29, 2021
Today we are joined by Carmichael Patton, Senior Security Architect at Microsoft, to talk about Zero Trust. We will talk about the value proposition along with ownership and accountability for a Zero Trust program. It is important that Zero Trust aligns with business priorities. We will also discuss the rollout of Zero Trust and some important lessons learned from previous implementations.
October 15, 2021
Today we are joined by Rob Akershoek from DXC, to talk about security reference architectures. We will start by discussing why we need a security reference architecture. This will lead us into governance and who is responsible for creating a security reference architecture. Since we don’t have a standard security reference architecture in the industry, we will explain how to start creating a security reference architecture. In conclusion, we will share some of the work being done by The Open Group around security reference architectures.
September 30, 2021
Today we are joined by Mark Timms, Senior Manager, Cybersecurity Education & Awareness Behavioural Science at RBC, to talk about the human side of cyber security. We will talk about what motivates people to embrace a security program and what triggers drive the intended behavior. Building a security culture takes intentionality and a coordinated set of activities that focuses on the person. We will conclude with a consideration on how we should think about measuring the outcome. Cyber security is top of mind for many organizations and understanding the human side will help to drive meaningful programs that align with personal and organizational motivations.
September 17, 2021
In this episode, Clay Carter talks about product security in our critical infrastructure- specifically, water! Clay discusses the unique challenges and opportunities of product security in the water industry, the intersection with business partners like safety, importance of domain expertise, and the effect of seeing the products you help secure impact your day to day life.
August 30, 2021
Today we are joined by Malu Septien Milan, President of Cryptopon, to talk about tying security to business value. We will start by explaining the gap between security and business expectations. This has an impact on how security teams scale as they become increasingly relevant in business operational risk where DevOps is driving “continuous everything”. We will then round off the discussion by turning to the business side to consider what they can do to help close the gap. In an era where going digital is a top priority, closing the security-business gap is crucial to balancing security with operational risk.
July 23, 2021
Today we are joined by Jack Freund, Head of Cyber Risk Methodology at VisibleRisk, to talk about cyber security risk and business value. We will start by discussing the gap between cyber security and business value. In bridging these two domains, we eventually need to consider different risk models. We will discuss cyber security risk modeling approaches and challenges. We will then conclude by looking at where cyber security risk modeling is going over the next 18 to 24 months. This discussion will serve both security and risk practitioners who focus on threat modeling or risk assessments and want to understand how their efforts can align with the broader trend around risk modeling.
June 11, 2021
Leaders in Product Security: In the eleventh episode of this series, we are joined by Sean Poris, Director, Product Security at Verizon Media, to talk about the role of engineering in a service organization. We will discuss the evolving pace of software development, the critical contributions of security champions, and balancing security by design with security assurance.