The Balancing Act by Security Compass

Today we are joined by Nick Deshpande to talk about data governance and security. We will start by introducing the concept of data governance and the business importance of data governance. We will dig deeper and discuss who is responsible for creating and managing a data governance program. When looking at data governance as an enabler, we will turn our attention to three use cases: DevSecOps, Threat Modeling, and Zero Trust. In concluding, Nick will share his thoughts on where he sees data governance evolving over the next 12-18 months.

Today we are joined by Kyle Lai, Founder and CISO of KLC Consulting, to talk about CMMC. We will start by discussing the governance and ownership aspects of CMMC. Once a CMMC program has kicked off, teams usually have to overcome some challenges. We will discuss the top challenges with achieving CMMC compliance. In an era of DevSecOps, we will turn our attention to the importance of automation and conclude by discussing the impact of CMMC in the near future.

Today we are joined by K Royal, Associate General Counsel & DPO of TrustArc, to talk about Software Development and Privacy. We will start by discussing what the intersection of privacy and software development looks like. We will examine the essential competencies required to produce privacy compliant software and touch on automated privacy checking in the context of DevSecOps pipelines. We will conclude by discussing where privacy is headed in the next 12-18 months. Producing privacy compliant software is becoming increasingly important in light of government regulations.

Today we are joined by Mark Simos, Lead Cybersecurity Architect at Microsoft, to talk about leveraging security reference architectures to operationalize security. We will talk about our current context and the democratization of security and DevOps across the enterprise. Since security touches so many parts of the organization, this is where the role of security reference architectures becomes critical in creating an onramp for cross-functional teams. They help coordinate activities and programs against measurable business outcomes. We will conclude by looking forward to the next 18-24 months and what to expect.

#podcast #cybersecurity 

Today we are joined by Michael Isbitski, Technical Evangelist at Salt Security, to talk about API Security. Our systems and platforms today are largely driven by API integrations. We will start by discussing ownership of API security in an organization. This will lead into a discussion about convincing a business stakeholder to invest in API security. Given how complex our applications are today, we will talk about some of the biggest challenges with securing our APIs. As security paradigms continue to evolve, we have gone from perimeter based security to Zero Trust. We will conclude by discussing how API security fits into Zero Trust.

Today we are joined by Carmichael Patton, Senior Security Architect at Microsoft, to talk about Zero Trust. We will talk about the value proposition along with ownership and accountability for a Zero Trust program. It is important that Zero Trust aligns with business priorities. We will also discuss the rollout of Zero Trust and some important lessons learned from previous implementations. 

Today we are joined by Rob Akershoek from DXC, to talk about security reference architectures. We will start by discussing why we need a security reference architecture. This will lead us into governance and who is responsible for creating a security reference architecture. Since we don’t have a standard security reference architecture in the industry, we will explain how to start creating a security reference architecture. In conclusion, we will share some of the work being done by The Open Group around security reference architectures. 

Today we are joined by Mark Timms, Senior Manager, Cybersecurity Education & Awareness Behavioural Science at RBC, to talk about the human side of cyber security. We will talk about what motivates people to embrace a security program and what triggers drive the intended behavior. Building a security culture takes intentionality and a coordinated set of activities that focuses on the person. We will conclude with a consideration on how we should think about measuring the outcome. Cyber security is top of mind for many organizations and understanding the human side will help to drive meaningful programs that align with personal and organizational motivations.

In this episode, Clay Carter talks about product security in our critical infrastructure- specifically, water! Clay discusses the unique challenges and opportunities of product security in the water industry, the intersection with business partners like safety, importance of domain expertise, and the effect of seeing the products you help secure impact your day to day life.

Today we are joined by Malu Septien Milan, President of Cryptopon, to talk about tying security to business value. We will start by explaining the gap between security and business expectations. This has an impact on how security teams scale as they become increasingly relevant in business operational risk where DevOps is driving “continuous everything”. We will then round off the discussion by turning to the business side to consider what they can do to help close the gap. In an era where going digital is a top priority, closing the security-business gap is crucial to balancing security with operational risk.