You DO Security, You Do Not HAVE Security - Melissa Bischoping - BSW #299

Business Security Weekly (Video)

English - March 28, 2023 16:10 - 29 minutes - 137 MB Video - ★★★★ - 2 ratings
Tech News News Education How To hacking security securitystartup startup startups Homepage Download Apple Podcasts Google Podcasts Overcast Castro Pocket Casts RSS feed

Previous Episode: CISO: Job in Search of a Description, Rise of the BISO, When More is Less - BSW #298

Next Episode: CISO, The Board, and Cybersecurity - Enough Said! - BSW #299

We often see security as a thing that has definitive check boxes, end states and deliverables. Audits "end" and then start again, but if you are looking at security as a noun -- as in, a thing that gets done, you are falling short. Security must be a verb. You DO security, you do not HAVE security. Security weaves through every layer and goes beyond the IT assets or codebase.

This includes:

Guerrilla marketing of gaining end-user buy-in for initiatives Iterative tuning of your data sources Active engagement with real-time feedback from the user base and technical teams

Threat- and risk-informed decisions need to be capable of adapting when things get turned upside down. You need to create a culture and the associated processes to look at security like you do. Security teams and roadmaps are designed to look (often myopically) at specific "deliverables" and not so much at the vital signs of the security ecosystem in any given moment (and what that looks like OVER TIME, not at a moment IN time).

This segment is sponsored by Tanium. Visit https://securityweekly.com/tanium to learn more about them!

Visit https://www.securityweekly.com/bsw for all the latest episodes!

Show Notes: https://securityweekly.com/bsw299