It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three. A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship and vendor models at live events, and more. Links to everything we talked about are available in the show notes. Thanks for listening and welcome to 2024! We have got some exciting changes ahead this year including ways to support the podcast, some b ..read more

It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the software providers to the VAR (resellers) in the middle to the people and techniques used to market and sell the solutions. Some of the key topics of the discussion include: The challenges of security tool consolidation by non-security vendors Security ..read more

It's been a minute, but we are back with another Great Security Debate! Whether it is compliance, trust, questionnaires, we all sell something to someone and security is core to that process. In this episode, the focus is on how security integrates into the core of each of our businesses or organisations. From being part of strategic planning, the reminder that perfect being the enemy of progress, to the power in being a first mover on security and privacy topics: Compliance vs security: Is it pro forma? Do you check the SOC2 (and other) reports you get from your suppliers? You're not a speci ..read more

Welcome to a very special Great Security Debate. If it is spring, it means that the annual Forrester “Top Recommendations For Your Security Program” report has come out, and we get to visit with one of the authors, Jess Burn. But this year, we get an added extra voice in that of Jess’ Forrester colleague Jeff Pollard. Both Jess and Jeff share a ton of insight on topics from that report and a few others (see the links below for blog posts about most of them) In this episode we cover: How (if) CISOs have been able to become “part of the business” and help colleagues understand that in 2023 secu ..read more

This week, Brian, Erik, and Dan look into the security impacts of last week’s Silicon Valley Bank closure, both from a direct security risk, but also what we can learn about risk from the events leading up to the incident that we can apply to our information security responsibilities. Brian kicks it off with a great description of how Silicon Valley Bank got here (based on what we knew on 12 March 2023 - subject to change as more becomes known after). And from that, we go some of the direct and indirect lessons and implications such as: Fraud attempts amongst a bevvy of legitimate bank accou ..read more

The Great Security Debate Book Club is in FULL force this week as we talk about life after you’ve gotten the job in information security and are looking for the growth and promotion that come as you grow your career. Check out the show notes on our website www.greatsecuritydebate.net/48 to get links to all the books, articles, and references we discuss up through the show. A mere appetiser sized sampling of the topics we cover in this hour include: What does it mean to “return to normal” in work in 2023? How do you grow in your role once you are in the Infosec field? The “old-man” persp ..read more

Insurance for information security is changing. Recently some reports came out that there were moves by insurance companies to leave the cybersecurity insurance market - that it was uninsurable. Dan, Brian, and Erik discuss on this week's Great Security Debate: What happens now that cybersecurity insurance is built into contracts and requirements by customers doing business with other companies? Are the carveouts such that it’s easier to just pay and not inform insurance that you want them to pay for the incident? Does having “easy” insurance give too many orgs a pass on having to actual ..read more

Welcome to the year-end 2022 episode of The Great Security Debate. In this hour, Brian, Erik, and Dan cover myriad ways hiring processes are failing job seekers and hiring organisations. It all kicked off with the impersonal nature of automated 1-way video interviews. It quickly jumped into the myriad of other ways we can do better on both sides, including (but not limited to): Do video interviews encourage fraud? Multiple jobs for one person? A fake version of you applying for a job? Why are hiring managers and HR using video interviews? Are there legitimate reasons? Does the lack of ab ..read more

Recorded on Saturday 29 October 2022, at the tailgate before the University of Michigan vs Michigan State University (American) football game, Brian, Erik and Dan chat about the news of the day, with more than a few correlations back to football. And we had a special guest join us, too: Zah Gonzalvo Rodriguez There was an upcoming OpenSSL vulnerability hitting the world this week. How would Software Bill of Materials (SBOM) make the response easier? A reminder of our dependence on the stability and security of some very core tools (like OpenSSL) to run our businesses. Mot to mention the fa ..read more

This week’s debate comes amid a combo platter of increased analytics leading to near-immediate contact when visiting a product’s website, along with more clarity from enforcement bodies about how they will approach their respective privacy legislation. One such fine was the Sephora CCPA matter in which California Attorney General levied a $1.2M fine on the company ([https://oag.ca.gov/news/press-releases/attorney-general-bonta-announces-settlement-sephora-part-ongoing-enforcement]) Listen in to hear Dan, Brian and Erik talk about: Are privacy and shareholder value at odds? How does protectin ..read more