#88 - Tackling 3 Really Hard Problems in Cyber (with Andy Ellis)
CISO Tradecraft® - En podcast af CISO Tradecraft® - Mandage
This episode of CISO Tradecraft, Andy Ellis from Orca Security stops by to talk about three really hard problems that CISOs have struggled with for decades. How do we build a phishing program that works? How do we build a 3rd party risk management program that isn't a paper exercise? How do we actually get good at patch management? Stick around for some great answers such as: Human error is a system in need of redesign How do we put every employee on an island protected from the company? If we stopped doing this practice/process, then how would the world be different? What data/transactions does this third party have access to? What are all of the dangerous things customers can do in their configurations that my organization needs to know about? What if we turned on auto-patching for the desktop? What if we set SLA tripwires to alert senior leaders when their developers are unable to meet patching timelines? References: Vulnerabilities Don't Count Link