We Look for Candidates Who Already Know Everything
This week’s episode of CISO Series Podcast is hosted by me, David Spark , producer of CISO Series and Mike Johnson . Our sponsored guest is Matthew Radolec , sr. director incident response and cloud operations, Varonis . This is what we discussed on the show.
On the job training programs are critical for bringing in and grooming cyber talent. Future cybersecurity talent is frustrated. The industry demand for cybersecurity professionals is huge, but the openings for green cyber people eager to get into the field are few. They want professional training, and they want the hiring companies to provide the training. Problem is not enough companies have training programs in place and as a result they can only hire experienced cyber talent, shutting out those who want to get in.
Can we secure the insane growth of APIs? According to reports by Google Cloud, the average large company has three times the number of APIs than just a year ago, and more than half are communicating with outside entities, said Rob Lemos in an article on DarkReading. Mike Johnson said that rapid growth is actually easy to manage because APIs are well defined as they’re machine consumable. Having an API plan may be difficult, but once you have one the growth should be manageable. Matt Radolec notes that once we start introducing APIs we’re introducing people getting access to APIs. That is an issue, but the problem really comes down to managing access, said Johnson.
Where do automated breach simulation programs fall short? “I have yet to meet a breach simulation system that can emulate the creativity of a human. But I don't think that's what the tools are meant for,” said Johnson. “I think of these solutions as continuous regression testing for my security controls. I've used breach simulation tools quite well in the past to validate that my prevention and detection controls were functioning properly. And they’re also valuable to detect where in a chain of controls something might be broken.”
How do we market the zero trust “approach?” “I'd like to hear less about how someone has a zero trust product and more about products and capabilities that help me attain a goal where I don't trust the network and don't have to trust the network,” said Johnson. And Radolec offers the suggestion of drilling down to the different subcomponents of zero trust, such as zero trust account management, zero trust Cloud application management, zero trust data management, etc.
Listen to the full episode right here or over on our blog where you can read the entire transcript. If you haven’t subscribed to CISO Series Podcast via your favorite podcast app, please go ahead and do so now.
Thanks to Dr. Dustin Sachs, DCS, CISSP, CCISO for supplying our “What’s Worse?!” scenario.
HUGE thanks to our sponsor, Varonis
Who should be listening to the CISO Series podcast?
"Everyone should be listening to the CISO Series podcast because it’s quality content across a broad range of topics in cyber. Whether you’re new to cyber, or you’re a guru, the CISO Series podcast is for you." - Matt Radolec, sr. director incident response and cloud operations, Varonis
Can You Build a Security Program on Open Source?
"Sometimes we’ll have open source software that’s addressing a new problem in the industry that hasn’t been taken care of yet or hasn’t been looked at. And then there will be other software that is the commercial, heavy duty, heavy lifting software that’s doing some scanning, or some monitoring, or observation, or data analysis, or those kind of things. So, it’s definitely a combination of the two." - DJ Schleen , distinguished security architect, Yahoo Paranoids
Listen to full episode of "Can You Build a Security Program on Open Source?"
Subscribe to our newsletters on LinkedIn!
We've got our bi-weekly and daily Cyber Security Headlines newsletters available right here on LinkedIn. Go ahead and subscribe to one or both!
Recommended by LinkedIn
CISO Series Newsletter - Twice every week
Cyber Security Headlines Newsletter - Every weekday
Cyber Security Headlines - Week in Review
Make sure you register on YouTube to join the LIVE "Week In Review" this Friday for Cyber Security Headlines with CISO Series reporter Richard Stroffolino . We do it this and every Friday at 3:30 PM ET/12:30 PM PT for a short 20-minute discussion of the week's cyber news. Our guest will be JJ A. , CISO, FanDuel .
Security Strategies for Volatile Cloud Containers
In this video, Jimmy Mesta 🤙 , CTO, RAD Security and I chatted as to why we need to have a discussion around Kubernetes and container security. It's what's defining cloud today. So if you're trying to build a cloud security program, securing Kubernetes has to be a part of that program.
Please join us on Friday, March 17th, 2023 for Super Cyber Friday for our conversation “Hacking Kubernetes: An hour of critical thinking on dealing with new and emerging complex and transient container environments.”
Thanks to our Super Cyber Friday sponsor, KSOC
Thank you for supporting CISO Series and all our programming
We love all kinds of support: listening, watching, contributions, What's Worse?! scenarios, telling your friends, sharing in social media, and most of all we love our sponsors!
Everything is available at cisoseries.com.
Interested in sponsorship, contact me, David Spark.