ITSPmagazine chats with Demetrios Lazarikos (Laz), InfoSec Strategist and Founder of BlueLava.
Here are a few highlights from our conversation with Laz:
- Laz provides three tips for CISOs as their role changes:
1/ Start learning how to present your information in business terms to your executive leadership team and/or board. Present in terms they will understand.
2/ Share & collaborate with other CISOs because threats are leapfrogging each other.
3/ Attend conferences and read up on different programs & strategies. Stay current with articles and subscriptions. Take a step back and block out time for yourself.
- Be more engaged & build relationships within your company. Partner with legal or the board. Try creating a security committee.
- Organizations need to understand that security education is an investment that is going last a long time.
- As an adjunct professor at Pepperdine University, Laz is coaching and mentoring the next generation of business leaders. He helps them understand IT, security, data analytics and enterprise architecture, not in technical terms but understanding why they should build this as a part of their business or framework.
We all know that security gaps are widening due to technology shifts and advanced threats. Whether you are in finance, energy, tech, or manufacturing, the infosec challenges are much the same.
Chart Industries — a global manufacturer with 5,000 employees and 45 locations — was facing a huge volume of malicious activity every day resulting in excessive break-fix work for their small security team. They had thousands of unmanaged mobile and guest devices connecting to their networks. And neither web proxies nor endpoint security could fully protect them. They needed a new layer of malware and breach protection. But it also had to be a painless deployment and it needed to be a transparent experience for their employees and guests.
Hear directly from Jack Nichelson, Chart’s Director of IT Infrastructure and Security to learn:
-Why they use a layered approach to security and how OpenDNS complements their security stack
-How long it took to deploy OpenDNS Umbrella globally
-How his security analyst, Kevin Merolla, quickly responds to incidents or false positives using OpenDNS Investigate
InfoSec 2016 - What is risk-based security?Read more >
Interview with FortyCloud during InfoSec 2014, the interview talks about the main challenges of IT security in 2014 and where are the best places to start dealing with those challenges.Read more >
E-commerce, partner portals, customer service portals, and other cloud-enabled business services: Websites are the new front door to many businesses, and we expect to gain access whenever we want, from anywhere in the world, and from any device.
But what happens to the business when the website doesn’t perform as expected? And how do you protect your website(s) from nefarious traffic looking to harm your business by bringing it down, scraping content, changing content? Do you know whether your traffic is a human user - or is it a bot? Does the language (or a lack of communication whatsoever) between the business and the IT personnel leave you wondering what the potential issues might be?
During this expert panel discussion, we will explore the business impact of an underperforming or compromised website. You will:
- Learn more about what good website performance look likes
- Gain a deeper understanding of traffic on websites
- Understand how your website's performance affects other departments within the business
- Hear practical recommendations for business leaders on how to protect your website from compromise
Tin Zaw, Director Security Solutions, Verizon Digital Media Services
Laz, InfoSec Strategist and Professor
Edward Roberts, Director of Product Marketing, Distil Networks
Sean Martin, CISSP, Founder and Editor-in-Chief, ITSPmagazine
In Westeros - the land of dark knights, backstabbing royals, and a myriad of other characters - even the youngest ones have to learn basic self-defense to have any hope of surviving the cruel world imagined by A Game of Thrones (GOT) author, George R. R. Martin. And so too, must every CISO and security pro learn the latest information security best practices if they’re to survive today’s Internet threat landscape.
Intrigued? In this fun yet informative webinar, noble Corey Nachreiner, Director of Security Strategy and Research at WatchGuard Technologies, will explore the information security tips you could extract from the morbidly dark, yet inescapably addictive fantasy series. He’ll cover lessons such as:
· Depending on just “The Wall” for defense isn’t wise. The best defense has layers.
· Never ignore the warnings of ravens because they may contain hints of potential security breaches.
· Building a strong castle won’t prevent an attacker from tricking an untrained guard into opening your gates.
Join us. Advance your training and, much like a GOT warrior, learn how you should always stay vigilant.
The Internet of Things (IoT) has us now counting data elements in the trillions. Collecting, storing, and analyzing this data is transforming business intelligence. However, with this new capability, security is also essential. Teradata offers a best-in-class platform for IoT data processing, storage, and analytics. Together with Thales, the solution address the evolving business intelligence needs of enterprises, while protecting data elements and business intelligence. In this webinar, we will examine the key elements necessary to process IoT data, and the security aspects that enterprises need to focus on to safely harness the power of the technology.
• Examine the realities of IoT data processing and analytics
• Describe the architectures needed to support the capability
• Analyze drivers and technique to secure IoT data elements
Physical health comes from both common sense – eat right and exercise – and advanced medicine. Blood pressure, sugar levels, and white cell counts are vital metrics to be monitored and controlled.
What meaningful numbers are available to cyber teams? How can they be used to
understand overall risk posture and prescribe detailed actions to take today?
•Overall health - Which departments need cyber health checks now? Next quarter?
•Regular hygiene - Whose applications are patched quickly? Whose are not?
•Immune systems - How is unusual behavior pertaining to critical assets detected?
•Breakthroughs - Can cyber risk be quantified in financial terms?
For the second year in a row, a comprehensive survey was conducted with the 300,000 members of the LinkedIn Information Security Community on the state of cloud security. This year’s survey results delve into many issues including: Are attitudes towards perceived security risks changing? Are organizations migrating to the cloud at the pace they suspected they would? How are technologies helping or hindering cloud adoption?... and more.
Join Holger Schulze, Founder of the LinkedIn Information Security Community and Ram Krishnan, Chief Product Officer at CloudPassage on this informative web seminar to:
• Learn how your peers’ strategies for securing cloud infrastructure have evolved in the last year
• Gain valuable insights on how your organization compares to others in the industry
• Find out what the top trends and priorities are for cloud security in 2016 and beyond
With the concept of the traditional datacenter boundary blurring across hosting providers, cloud services and other areas of the new enterprise, discovery and protection of critical assets has emerged as a challenge to Infosec professionals in all industries. Join (ISC)2 and McAfee on August 14, 2014 at 1:00PM Eastern as we explore strategies and tactics for gaining the insights and counter-measures you need to ensure your farthest flung assets are meeting your security requirements, no matter where they may be.Read more >
In this episode, I was delighted to be joined by Graham Cluley. Graham Cluley is a security blogger, researcher and public speaker. He has been a well-known figure in the computer security industry since the early 1990s when he wrote the first ever version of Dr Solomon's Anti-Virus Toolkit for Windows.Read more >
The security of Microsoft products has been the target of jokes in IT and infosec for years. While modern Microsoft software has significantly more advanced security properties, how fast are old devices and software going the way of Clippy? Are your Microsoft environments actually safe? What combinations of Microsoft products are IT admins and users really running, and what impact does that have on security?
Join this presentation and learn the risks that Duo Security found by looking at more than one million Microsoft devices deployed in an enterprise environment.