It didn’t all change in March 2020. Not really. The UK high street has been in the throes of a gradual revolution for decades. From the rise of ecommerce, to the birth of mobile, social commerce, and a growing emphasis on experience, change has been underway for a while. In fact for many, the pandemic has acted as a wake-up call. Digital transformation was no longer a ‘nice to have’ but a matter of survival. Necessity sparked innovation and customers are enjoying more flexibility and conveni ...
…
continue reading
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
مشابه O'Reilly Security Podcast - O'Reilly Media Podcast
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Ever wondered what makes great go-to-market leaders grow, even when the going gets tough? We have, too. And we’re on a mission to uncover the magic that makes that growth happen. This is Go-to-Market Magic, the show where we talk to go-to-market leaders and visionaries about the “aha!” moments they experience and the pivotal decisions they’ve made, all in the name of growth. And we’re not just talking about revenue growth that goes up and to the right — we’ll also discuss how they improve th ...
…
continue reading
The Partnership Economy explores the power of partnerships through candid conversations and stories with industry leaders. Our hosts, David A. Yovanno, CEO and Todd Crawford, Co-founder, of impact.com, unpack the future of partnerships as a lever for scale and an opportunity to put the consumer first.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
How do I start an online business? How do I build a brand online? How do I get traffic and attention to my online business? The biggest question is, can I start a business online and replace my current JOB? Welcome to The Rock Your Brand podcast show where we answer ALL of these questions and a ton MORE! Scott Voelker, the host will share with you everything you need to know and help you to build a Future Proof Business that will allow you the ultimate Freedom. Scott shares tips and strategi ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
))
Christie Terrill on building a high-caliber security program in 90 days
Manage episode 192111002 series 1211161
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
The O’Reilly Security Podcast: Aligning security objectives with business objectives, and how to approach evaluation and development of a security program.
In this episode of the Security Podcast, I talk with Christie Terrill, partner at Bishop Fox. We discuss the importance of educating businesses on the complexities of “being secure,” how to approach building a strong security program, and aligning security goals with the larger processes and goals of the business.
Here are some highlights:
Educating businesses on the complexities of “being secure”
This is a challenge that any CISO or director of security faces, whether they're new to an organization or building out an existing team. Building a security program is not just about the technology and the technical threats. It's how you're going to execute—finding the right people, having the right skill sets on the team, integrating efficiently with the other teams and the organization, and of course the technical aspects. There's a lot of things that have to come together, and one of the challenges about security is that companies like to look at security as its own little bubble. They’ll say, ‘we'll invest in security, we'll find people who are experts in security.’ But once you're in that bubble, you realize there's such a broad range of experience and expertise needed for so many different roles, that it's not just one size fits all. You can't use the word ‘security’ so simplistically. So, it can be challenging to educate businesses on everything that's involved when they just say a sentence like, ‘We want to be secure or more secure.’
Security can’t (and shouldn’t) interrupt the progress of other teams
The biggest constraint for implementing a better security program for most companies is finding a way to have security co-exist with other teams and processes within the organization. Security can’t interrupt the mission of the company or stop the progress and projects other IT teams already have in progress. You can’t just halt everything because security teams are coming in with their own agendas. Realistically, you have to rely on other teams and be able to work with them to make sure the security team could make progress either without them or alongside them.
Being able to work collaboratively and to support the teams with your security goals is absolutely critical. Typically, teams have their own projects and agendas, and if you can explain how security will actually help those in the end—they want to participate in your work as well but it's also integrated. You have to rely on each other.
How to approach security program strategy and planning
The assessment of a security program usually starts with a common triad of people, process, and technology. On the people side, there’s reevaluating the organizational structure—how many people should there be? What titles should they have? What should the reporting structure be? What should security take on itself versus what responsibility should we ask IT to do or let them keep doing?
Then, for processes, there can be a lot of pain points. When we develop processes, including the foundational security practices, we start with the ones that would solve immediate problems to show value and illustrate what a process can achieve. A process is not just a piece of paper or a checklist intended to make people's lives more difficult—a process should actually help people understand where something is at in the flow, and when something will get done. So, defining processes is really important to win over the business and the IT teams.
Then finally on the technology side, we try to emphasize that you should first evaluate the tools you already have. There may be nothing wrong with them. Look at how they're being used and if they're being optimized. Because investing, not just the upfront investment in security technology but the cost to replace that, perhaps consulting cost or churn cost of having to rip and replace, can be very high and can derail some of your other progress. To start, you should make sure you’re using every tool to its fullest capacity and fullest advantage before going down the path of considering buying new products.
43 قسمت
اشتراک گذاری
Manage episode 192111002 series 1211161
محتوای ارائه شده توسط O'Reilly Media. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط O'Reilly Media یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
The O’Reilly Security Podcast: Aligning security objectives with business objectives, and how to approach evaluation and development of a security program.
In this episode of the Security Podcast, I talk with Christie Terrill, partner at Bishop Fox. We discuss the importance of educating businesses on the complexities of “being secure,” how to approach building a strong security program, and aligning security goals with the larger processes and goals of the business.
Here are some highlights:
Educating businesses on the complexities of “being secure”
This is a challenge that any CISO or director of security faces, whether they're new to an organization or building out an existing team. Building a security program is not just about the technology and the technical threats. It's how you're going to execute—finding the right people, having the right skill sets on the team, integrating efficiently with the other teams and the organization, and of course the technical aspects. There's a lot of things that have to come together, and one of the challenges about security is that companies like to look at security as its own little bubble. They’ll say, ‘we'll invest in security, we'll find people who are experts in security.’ But once you're in that bubble, you realize there's such a broad range of experience and expertise needed for so many different roles, that it's not just one size fits all. You can't use the word ‘security’ so simplistically. So, it can be challenging to educate businesses on everything that's involved when they just say a sentence like, ‘We want to be secure or more secure.’
Security can’t (and shouldn’t) interrupt the progress of other teams
The biggest constraint for implementing a better security program for most companies is finding a way to have security co-exist with other teams and processes within the organization. Security can’t interrupt the mission of the company or stop the progress and projects other IT teams already have in progress. You can’t just halt everything because security teams are coming in with their own agendas. Realistically, you have to rely on other teams and be able to work with them to make sure the security team could make progress either without them or alongside them.
Being able to work collaboratively and to support the teams with your security goals is absolutely critical. Typically, teams have their own projects and agendas, and if you can explain how security will actually help those in the end—they want to participate in your work as well but it's also integrated. You have to rely on each other.
How to approach security program strategy and planning
The assessment of a security program usually starts with a common triad of people, process, and technology. On the people side, there’s reevaluating the organizational structure—how many people should there be? What titles should they have? What should the reporting structure be? What should security take on itself versus what responsibility should we ask IT to do or let them keep doing?
Then, for processes, there can be a lot of pain points. When we develop processes, including the foundational security practices, we start with the ones that would solve immediate problems to show value and illustrate what a process can achieve. A process is not just a piece of paper or a checklist intended to make people's lives more difficult—a process should actually help people understand where something is at in the flow, and when something will get done. So, defining processes is really important to win over the business and the IT teams.
Then finally on the technology side, we try to emphasize that you should first evaluate the tools you already have. There may be nothing wrong with them. Look at how they're being used and if they're being optimized. Because investing, not just the upfront investment in security technology but the cost to replace that, perhaps consulting cost or churn cost of having to rip and replace, can be very high and can derail some of your other progress. To start, you should make sure you’re using every tool to its fullest capacity and fullest advantage before going down the path of considering buying new products.
43 قسمت
همه قسمت ها
×
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
مشابه O'Reilly Security Podcast - O'Reilly Media Podcast
It didn’t all change in March 2020. Not really. The UK high street has been in the throes of a gradual revolution for decades. From the rise of ecommerce, to the birth of mobile, social commerce, and a growing emphasis on experience, change has been underway for a while. In fact for many, the pandemic has acted as a wake-up call. Digital transformation was no longer a ‘nice to have’ but a matter of survival. Necessity sparked innovation and customers are enjoying more flexibility and conveni ...
…
continue reading
Custom Manufacturing Industry podcast is an entrepreneurship and motivational podcast on all platforms, hosted by Aaron Clippinger. Being CEO of multiple companies including the signage industry and the software industry, Aaron has over 20 years of consulting and business management. His software has grown internationally and with over a billion dollars annually going through the software. Using his Accounting degree, Aaron will be talking about his organizational ways to get things done. Hi ...
…
continue reading
Ever wondered what makes great go-to-market leaders grow, even when the going gets tough? We have, too. And we’re on a mission to uncover the magic that makes that growth happen. This is Go-to-Market Magic, the show where we talk to go-to-market leaders and visionaries about the “aha!” moments they experience and the pivotal decisions they’ve made, all in the name of growth. And we’re not just talking about revenue growth that goes up and to the right — we’ll also discuss how they improve th ...
…
continue reading
The Partnership Economy explores the power of partnerships through candid conversations and stories with industry leaders. Our hosts, David A. Yovanno, CEO and Todd Crawford, Co-founder, of impact.com, unpack the future of partnerships as a lever for scale and an opportunity to put the consumer first.
…
continue reading
Bitcoin groundbreakers share personal stories of how Bitcoin is changing lives for the better. Host Mauricio Di Bartolomeo, co-founder and CSO of Ledn, speaks with leading Bitcoin voices, entrepreneurs, and human rights advocates to hear their unique journey and practical real-world examples of how Bitcoin has made a positive impact in their lives. Brought to you by Ledn, a leading financial services company built for Bitcoin & digital assets. Ledn offers a suite of lending, saving and tradi ...
…
continue reading
Welcome to the What’s Next! Podcast. I’ve met so many brilliant people as I traveled the globe and have had some fascinating conversations that I’ve wished had been recorded so I could share them with you - this podcast was a way for me to recreate those moments and let you in on some fantastic insights. My current conversations center around one objective: what's next for companies and individuals as they look to innovate and grow. I hope these conversations inspire you as much as they have ...
…
continue reading
The award-winning WIRED UK Podcast with James Temperton and the rest of the team. Listen every week for the an informed and entertaining rundown of latest technology, science, business and culture news. New episodes every Friday.
…
continue reading
How do I start an online business? How do I build a brand online? How do I get traffic and attention to my online business? The biggest question is, can I start a business online and replace my current JOB? Welcome to The Rock Your Brand podcast show where we answer ALL of these questions and a ton MORE! Scott Voelker, the host will share with you everything you need to know and help you to build a Future Proof Business that will allow you the ultimate Freedom. Scott shares tips and strategi ...
…
continue reading
Show notes are at https://stevelitchfield.com/sshow/chat.html
…
continue reading
Wharton faculty and industry leaders discuss their latest research, books, and relevant business topics. Hosted on Acast. See acast.com/privacy for more information.
…
continue reading
Player FM - برنامه پادکست
با برنامه Player FM !
با برنامه Player FM !
