Interview on diversity and security
Last month at the AT&T Business Summit, Javvad Malik and I talked about increasing diversity in cybersecurity, and I unveiled my secret weapon for tweets. (Spoiler: she’s 11).
Similar Posts
Experts Weigh In on Data-First Modernization
“This will vary by industry and size of business,” notes Kayne McGladrey, cybersecurity strategist at Ascent Solutions. “A social media company losing control of their content for an hour has a very different risk profile than a manufacturing company being unable to manufacture products.”
What Is The Most Cogent CISO Reporting Structure?
“Ultimately the CSO should report to the Chief Risk Officer, the CRO- because ultimately cyber security is about managing risk at a technical level and at a regulatory level. The natural alignment is with risk. Also maintain a very healthy relationship with internal counsel- especially if there’s chief counsel. Have a coffee every once in a while. And have a healthy relationship with the CIO.”
What is the last thing to do before the end of the year?
I hope you’ve already had a risk definition conversation- get in front of the board or in front of your CIO or in front of your CFO, whoever is going to ultimately pay the bill. And then for anything where you know you can’t afford it because you’ve seen a reduction in your budget as a consequence of the pandemic- have that conversation early with your cyber insurance broker.
How Can The Industry Do A Better Job Of Promoting Emerging Technologies In Physical Security Environments?
The security industry can do a better job of promoting emerging technologies in security environments by linking their solutions to measurable outcomes that matter to CISOs. Those outcomes could be to either reduce sales friction or to show measurable progress in key risk indicators that board members care about. For example, while according to the recent “The Impact of Technology in 2025 and Beyond: an IEEE Global Study,” 48% of technologists said that the top application for AI in 2025 will be real-time cybersecurity vulnerability identification and attack prevention, vendors should still be prepared to explain how investments in their solutions can produce progress over time and support agreed-upon business objectives, outside of the technical benefits. Unfortunately, most emerging technologies primarily discuss technical benefits and features, not business outcomes. For example, if a CISO cares about multifactor authentication coverage, vendors should explain how their solution improves coverage and ties that to higher business resiliency. That would also reduce friction in B2B sales where a high degree of MFA coverage could be cited as a key control in a SOC 2 type 2 report, for example.
How hackers used little-known credit-card feature to defraud Lansdale woman, $1.99 at a time
“It’s low effort for them. Once they set up the subscription and unless the subscription is canceled, they don’t have to do any other work and they can resell access to that subscription,” he said. “So it’s a guaranteed line of profit for them until somebody goes and notices there’s been a problem.”
Criminals typically resell access to the services on secondary markets, McGladrey said. Criminals may resell a streaming service that’s normally $10 per month for $5, netting the thieves $5 monthly. While a single crime is not that profitable, there have been cases where groups have reaped millions of dollars by charging small amounts to hundreds of thousands of consumers, he said.
Using AI Isn’t As Easy As It Seems
“Realistically, the use of AI in cybersecurity will help to reduce the punishing cognitive load on tier one analysts in the security operation center,” said IEEE Senior Member Kayne McGladrey. “Rather than having to comb through a needlestack looking for a needle, AI promises to automate much of the correlation across vast amounts of data that humans struggle with.”