محتوای ارائه شده توسط Robert Wood and Sidekick Security. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Robert Wood and Sidekick Security یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
<div class="span index">1</div> <span><a class="" data-remote="true" data-type="html" href="/series/this-is-womans-work-with-nicole-kalil">This Is Woman's Work with Nicole Kalil</a></span>
Together, we're redefining what it means, looks and feels like, to be doing "woman's work" in the world today. With confidence and the occasional rant. From boardrooms to studios, kitchens to coding dens, we explore the multifaceted experiences of today's woman, confirming that the new definition of "woman's work" is whatever feels authentic, true, and right for you. We're shedding expectations, setting aside the "shoulds", giving our finger to the "supposed tos". We're torching the old playbook and writing our own rules. Who runs the world? You decide. Learn more at nicolekalil.com
محتوای ارائه شده توسط Robert Wood and Sidekick Security. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Robert Wood and Sidekick Security یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively.
Takeaways
Application security is evolving, requiring a focus on both technology and human factors.
Understanding the organization's current state is crucial for building an effective AppSec program.
Coverage and efficacy are key metrics for assessing AppSec initiatives.
Engaging developers is essential for successful security practices.
In larger organizations, security efforts can become check-the-box activities.
The lines between cloud security and application security are increasingly blurred.
Posture management tools are emerging to address skill gaps in AppSec.
An asset-centric approach to security is gaining traction in the industry.
New security professionals should prioritize understanding key business use cases.
The future of security will require blending traditional practices with new technologies.
Sound Bites
"Good judgment comes from experience."
"You have to have the humility to recognize."
Chapters
00:00 Introduction to Application Security and Its Evolution
02:59. Building an Effective AppSec Program
05:51. Understanding Coverage and Efficacy in AppSec
08:58. Engaging Developers in Security Practices
11:52. Navigating Federated Environments in Security
14:55. The Blurred Lines Between Cloud and Application Security
17:46. The Role of Posture Management Tools in AppSec
21:10. The Importance of Asset-Centric Security
23:55. Advice for New Security Professionals
26:45. Final Thoughts and Future Trends in Security
محتوای ارائه شده توسط Robert Wood and Sidekick Security. تمام محتوای پادکست شامل قسمتها، گرافیکها و توضیحات پادکست مستقیماً توسط Robert Wood and Sidekick Security یا شریک پلتفرم پادکست آنها آپلود و ارائه میشوند. اگر فکر میکنید شخصی بدون اجازه شما از اثر دارای حق نسخهبرداری شما استفاده میکند، میتوانید روندی که در اینجا شرح داده شده است را دنبال کنید.https://fa.player.fm/legal
In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively.
Takeaways
Application security is evolving, requiring a focus on both technology and human factors.
Understanding the organization's current state is crucial for building an effective AppSec program.
Coverage and efficacy are key metrics for assessing AppSec initiatives.
Engaging developers is essential for successful security practices.
In larger organizations, security efforts can become check-the-box activities.
The lines between cloud security and application security are increasingly blurred.
Posture management tools are emerging to address skill gaps in AppSec.
An asset-centric approach to security is gaining traction in the industry.
New security professionals should prioritize understanding key business use cases.
The future of security will require blending traditional practices with new technologies.
Sound Bites
"Good judgment comes from experience."
"You have to have the humility to recognize."
Chapters
00:00 Introduction to Application Security and Its Evolution
02:59. Building an Effective AppSec Program
05:51. Understanding Coverage and Efficacy in AppSec
08:58. Engaging Developers in Security Practices
11:52. Navigating Federated Environments in Security
14:55. The Blurred Lines Between Cloud and Application Security
17:46. The Role of Posture Management Tools in AppSec
21:10. The Importance of Asset-Centric Security
23:55. Advice for New Security Professionals
26:45. Final Thoughts and Future Trends in Security
In this conversation, Robert Wood and Mads Bundgaard Nielsen delve into the complexities of cyber risk quantification, exploring Mads' journey into this niche field, the importance of a business-first approach to risk management, and the distinctions between compliance and effective risk management. They discuss foundational steps for initiating risk quantification, the significance of stakeholder engagement, and the challenges of measuring non-financial impacts. The conversation also touches on the limitations of existing risk assessment tools and scoring systems, emphasizing the need for a more nuanced understanding of risk in cybersecurity. In this conversation, Robert Wood and Mads Bundgaard Nielsen delve into the complexities of vulnerability management and risk quantification in cybersecurity. They discuss the challenges organizations face in prioritizing vulnerabilities, the inefficiencies in third-party risk management, and the future of cyber risk quantification. Mads emphasizes the importance of understanding organizational attributes for effective risk management and shares valuable resources for those looking to enhance their knowledge in this field. Takeaways Cyber risk quantification is often misunderstood and challenging to implement. A business-first approach is crucial for effective risk management. Compliance and risk management serve different purposes and should not be conflated. Defining clear outcomes is essential before starting any quantification project. Simplifying measurement processes can lead to better insights. Stakeholder engagement is vital for successful risk decision-making. Non-financial impacts can be just as important as financial metrics. Quantification should not be an all-consuming task; focus on key scenarios. Understanding the problem space is more important than technical expertise in quantification. Existing risk tools often provide inadequate assessments, necessitating a more tailored approach. It's not true risk quantification, but some level of more specific measurement to vulnerabilities. Our ambition of mitigating vulnerabilities is much larger than our capacity. We need to categorize vulnerabilities based on their actual business risk. The industry drowns in findings from vulnerability tools. Third-party risk management often leads to wasted efforts. Risk management is about making informed decisions. Organizations with strong governance will find it easier to implement risk quantification. Quantification can be simplified to counting instances. Understanding the actual output of suppliers is crucial for risk management. Learning resources are available for those interested in cyber risk quantification.…
In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively. Takeaways Application security is evolving, requiring a focus on both technology and human factors. Understanding the organization's current state is crucial for building an effective AppSec program. Coverage and efficacy are key metrics for assessing AppSec initiatives. Engaging developers is essential for successful security practices. In larger organizations, security efforts can become check-the-box activities. The lines between cloud security and application security are increasingly blurred. Posture management tools are emerging to address skill gaps in AppSec. An asset-centric approach to security is gaining traction in the industry. New security professionals should prioritize understanding key business use cases. The future of security will require blending traditional practices with new technologies. Sound Bites "Good judgment comes from experience." "You have to have the humility to recognize." Chapters 00:00 Introduction to Application Security and Its Evolution 02:59. Building an Effective AppSec Program 05:51. Understanding Coverage and Efficacy in AppSec 08:58. Engaging Developers in Security Practices 11:52. Navigating Federated Environments in Security 14:55. The Blurred Lines Between Cloud and Application Security 17:46. The Role of Posture Management Tools in AppSec 21:10. The Importance of Asset-Centric Security 23:55. Advice for New Security Professionals 26:45. Final Thoughts and Future Trends in Security…
In this conversation, Robert Wood, CEO of Sidekick Security, interviews Tyler Healy, CISO of DigitalOcean, discussing the evolution of security leadership, the importance of security as an enabler for business growth, and the dynamics of building a security team. They explore the challenges of engaging with customers, fostering internal relationships, and the balance between security and usability. Tyler shares insights on incident management, materiality assessments, and the significance of understanding how a business makes money to effectively align security initiatives with organizational goals. Takeaways Security teams must engage with customers regularly. Understanding business incentives is crucial for security leaders. Security should be seen as an enabler, not a cost center. Building relationships across departments enhances security effectiveness. Product security should empower developers with the right tools. Usability is key to successful security implementations. Incident management processes must include materiality assessments. Availability impacts must be considered in security discussions. Third-party risks need to be managed proactively. Security leaders should balance technical skills with effective communication. Chapters 00:00 Introduction to Security Leadership 06:02 Navigating Security as an Enabler 09:56 Building a Security Team from the Ground Up 15:54 Engaging with Customers and Stakeholders 20:00 Fostering Internal Relationships for Security 24:03 Product Security and Developer Enablement 29:59 Balancing Security and Usability 36:03 Incident Management and Materiality Assessment 42:04 The Role of Availability in Security 48:01 Third-Party Risk Management 53:51 Transforming Security into a Business Enabler…
Summary In this conversation, Robert Wood and Joe Lewis discuss the complexities of leading cybersecurity efforts within a large organization like the CDC. They explore the balance between security and mission enablement, the nuances of risk management, and the importance of compliance. Joe emphasizes the need for humility in leadership, the value of building a strong team, and the significance of understanding organizational dynamics. The discussion also touches on the challenges of innovation in crisis situations, the importance of effective communication, and the need for continuous personal and professional development in the cybersecurity field. Takeaways Humility is essential for effective leadership in cybersecurity. Balancing security with mission enablement is crucial. Understanding risk transfer dynamics is important for CISOs. Compliance should be viewed as a foundation for security, not a hindrance. Using compliance strategically can enhance decision-making processes. Innovation often requires accepting certain risks during crises. Post-crisis assessments are vital for understanding risks taken. The language of risk must be tailored for different audiences. Non-technical skills are critical for success in cybersecurity roles. Intentional organizational design can break down silos and improve collaboration. Sound Bites "I think the one piece of advice I would have given myself is humility." "We are evolving into a managed cybersecurity service provider." "Not everybody should grow up to be a CISO." Chapters 00:00 Introduction to Cybersecurity Leadership 02:36 Balancing Security and Mission Enablement 07:38 Understanding Risk Transfer in Cybersecurity 12:57 Navigating Compliance and Security 16:29 Using Compliance as a Strategic Tool 21:36 Innovation and Risk Management in Crisis 25:59 Post-Crisis Reflection and Risk Assessment 28:29 The Language of Risk in Cybersecurity 34:42 Developing Non-Technical Skills in Cybersecurity 39:43 Intentional Organizational Design 45:14 Managing Change and Reducing Process Waste 51:12 Identifying and Nurturing Future Leaders 56:29 The Importance of Humility in Leadership…
به Player FM خوش آمدید!
Player FM در سراسر وب را برای یافتن پادکست های با کیفیت اسکن می کند تا همین الان لذت ببرید. این بهترین برنامه ی پادکست است که در اندروید، آیفون و وب کار می کند. ثبت نام کنید تا اشتراک های شما در بین دستگاه های مختلف همگام سازی شود.
به بهترین برنامه ی پادکست جهان ملحق شوید تا نمایش های مورد علاقه ی خود را در برنامه های اندروید و iOS آنلاین مدیریت کنید و آفلاین پخش کنید. خیلی راحت و کاملا رایگان!