#88 - Tackling 3 Really Hard Problems in Cyber (with Andy Ellis) - podcast episode cover

#88 - Tackling 3 Really Hard Problems in Cyber (with Andy Ellis)

CISO Tradecraft®
Jul 25, 202247 minEp. 88
--:--
--:--
Listen in podcast apps:
Apple Podcasts
Spotify
Download
YouTube
Overcast
Pocket Casts
Episodes.fm
Download Metacast podcast app
Listen to this episode in Metacast mobile app
Don't just listen to podcasts. Learn from them with transcripts, summaries, and chapters for every episode. Skim, search, and bookmark insights. Learn more

Episode description

This episode of CISO Tradecraft, Andy Ellis from Orca Security stops by to talk about three really hard problems that CISOs have struggled with for decades. 

  1. How do we build a phishing program that works?
  2. How do we build a 3rd party risk management program that isn't a paper exercise?
  3. How do we actually get good at patch management?

Stick around for some great answers such as:

  • Human error is a system in need of redesign
  • How do we put every employee on an island protected from the company?
  • If we stopped doing this practice/process, then how would the world be different?
  • What data/transactions does this third party have access to?
  • What are all of the dangerous things customers can do in their configurations that my organization needs to know about?
  • What if we turned on auto-patching for the desktop?
  • What if we set SLA tripwires to alert senior leaders when their developers are unable to meet patching timelines?

References:

Vulnerabilities Don't Count Link

For the best experience, listen in Metacast app for iOS or Android