#168 - Cybersecurity First Principles (with Rick Howard)

In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding materiality and integrating the concept of time bound risk assessment to achieve a resilient cybersecurity environment. The episode also delves into the value of Fermi estimates and Bayes algorithm for risk calculation. Amid humor and personal anecdotes, Rick and Mark also reflect on their experiences during 9/11. Rick introduces his book, 'Cybersecurity First Principles', elucidating the rationale behind its conception.

Link to the Cybersecurity First Principles Book: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/B0CBVSX2H2/?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2&linkId=1b3010fb678a109743f1fb564eb6d0fc&camp=1789&creative=9325

Transcripts: https://docs.google.com/document/d/1y8JPSzpmqDMd-1PZ-MWSqOuxgFTDVvre

Chapters

00:00 Introduction
02:00 Guest's Career Journey and Achievements
08:49 Discussion on Cybersecurity First Principles
15:27 Understanding Materiality in Cybersecurity
21:56 The Gap Between Security Teams and Business Leaders
22:21 The Importance of Speaking the Language of Business
23:03 The Art of the Elevator Pitch
24:04 The Impact of Cybersecurity on Business Value
25:10 The Importance of a Clear Cybersecurity Strategy
26:04 The Value of Business Fluency in Cybersecurity
27:44 The Role of Risk Calculation in Cybersecurity
29:41 The Power of Estimation in Risk Management
30:33 The Importance of Understanding Business Imperatives
41:25 The Role of Culture and Risk Appetite in Cybersecurity
45:39 The First Principle of Cybersecurity