CISO Stressed

On this episode of CISO STRESSED, Liz Wharton SCYTHE Chief of Staff is joined by special guest Aldan Berrie. Berrie is the Founder and Director of Technology Solutions and an experienced CISO. Wharton and Berrie discuss the need for smaller companies to achieve a secure network on a budget and how to provide them with the best possible protection. Berrie expresses the need for vendors to be objectively evaluated and the disconnect between business leaders and their perception of security.

New CISO Stressed episodes are released every other Tuesday, grab a cup of coffee (or your favorite dessert) and listen in on YouTube, Anchor, or wherever you stream podcasts.  Follow SCYTHE’s CISO Stressed on social media and subscribe to our YouTube channel.  Questions or conversation ideas? Drop us an e-mail at info@scythe.io with “CISO Stressed” in the subject line.   

About Robert: Robert is a 26-year veteran in computer security, known to many in the industry by handle ‘RSnake’. Robert started his career at eBay, where he was responsible for authentication as well as most anti-fraud systems and anti-phishing technologies. His work at eBay was later built into every modern web browser and is now protecting every Internet user as a result. His ha.ckers.org and consultancy, SecTheory, was at one point responsible for a third of all the top-ranked web vulnerabilities. Most recently, Robert's corporate intelligence platform, OutsideIntel, was acquired by Bit Discovery after which he became the CTO. Robert is also a floating CISO for multiple companies and sits on advisory boards of multiple technology and security companies such as Arkose Labs.

On this episode of CISO STRESSED, Elizabeth Wharton is joined by Matthew Dunlop. Matt is an Army Veteran, and VP CISO at Under Armour responsible for global security across all corporate, retail and eCommerce functions, as well as its connected fitness application MapMyFitness. Liz and Matt discuss the challenges facing CISO’s, prioritizing ransomware defense, and how to condition company employees to truly care about security.

On this episode of CISO STRESSED, SCYTHE Chief of Staff Elizabeth Wharton is joined by Ed Rojas, Director of Tactical Edge. Tactical Edge is an organization focused on creating large-scale events within Latin America for Cybersecurity and AI. Tactical Edge has grown from 200 attendees in Colombia, to 2,000 people during 2020 from all over the world. 

Wharton and Rojas discuss the lessons learned from ransomware attacks like the Colonial Pipeline, and the need for large-scale events that promote information sharing and preparedness for future attacks such as these. Rojas shares his network-building experience, the blessing of making friends with some of the best in the industry, and the importance of learning from each other no matter where we are in the world.

On this episode of CISO STRESSED, SCYTHE Chief of Staff Elizabeth Wharton interviews Dr. Pablo Breuer. Breuer is currently a non-resident senior fellow at the Atlantic Council’s GeoTech Center and the CISO of Security BSides Las Vegas. They discuss what to change in a team’s response plan after a ransomware attack, ransomware and malware attacks going undetected for months at a time, and his response to stress and building better plans.

KEY TAKEAWAYS 

• The military is more likely to plan out a few years in advance, and commercial companies normally only plan as far as one fiscal year ahead of time.   There is something to be learned from both the private and the public sector.   
• Get back to basics. Solarwinds could have been prevented from ever reaching a supply chain attack if people didn't’ gloss over the basics: Interns shouldn’t be allowed to do things that are public facing without a mentors supervision  
• Attacks are going to happen: It’s the nature of the beast, and there’s too much incentive.  
• Companies need to evaluate what risk they are currently accepting, if that risk is acceptable, and if not how do they get down to residual risk that is.  
• Depending on who’s map you follow, at the end of 2020 we had between fifteen or twenty times the number of devices on the internet than we had people on the planet.  
• A CISO is essentially a risk advisor, advising company risk. They don’t get to decide what’s acceptable, the company decides what risk is acceptable.

It’s dangerous to go alone! Evolving threat landscapes and shifting resources. CISOs need all the swords and unicorns available and at the ready - leveraging their team, time, and budget to focus on the adventure at hand. CISO Stressed - SCYTHE’s latest release focuses on the quests that CISOs face. Join Liz Wharton (Chief of Staff at SCYTHE) for conversations on what is top of mind with CISOs - what causes stress and what they’re stressing within their organization. New episodes released every other week. Come join and listen in.