PODCAST

CSO Perspectives

Encore seasons of the popular CyberWire Pro podcast hosted by Chief Analyst, Rick Howard. Join Rick and the Hash Table experts as they discuss the ideas, strategies and technologies that senior cybersecurity executives wrestle with on a daily basis. For the latest seasons ad-free along with essays, transcripts, and bonus content, sign up for CyberWire Pro.

CSO Perspectives

Episodes

You can listen episodes under the area!


This is the eighth and final essay in this series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles.



This is the seventh show in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. First principles Zero trust Intrusion kill chains Resilience DevSecOps Risk assessment We are building a strategy wall, brick by brick, for a cyber security infosec program based on first principles. The foundation of that wall is the ultimate and atomic first principle: Reduce the probability of material impact to my organization due to a cyber event. That’s it. Nothing else matters. This simple statement is the pillar, on which we can build an entire infosec program. This next building block will start the second course of the wall because it directly supports all of the other strategic bricks we have already laid. This brick is called cyber threat intelligence operations.



This is the sixth episode in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.



This is the fifth essay in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners-- be they from the commercial sector, government enterprise, or academic institutions-- using the concept of first principles.



This is the fourth show in a planned series that discusses the development of a general purpose cybersecurity strategy for all network defender practitioners - be they from the commercial sector, government enterprise, or academic institutions - using the concept of first principles. The first show explained what first principles are in general and what the very first principle should be for any infosec program. The second show discussed zero trust. The third show covered intrusion kill chains. This show will cover resilience.



This is part three in a series that Rick Howard, CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why intrusion kill chains are the perfect companion strategy to the passive zero trust strategy he talked about last week. The key takeaway here is that we should be trying to defeat the humans behind the campaigns collectively, not simply the tools they use independently with no context about what they are trying to accomplish.



This is part two in a series that Rick Howard, The CyberWire’s Chief Analyst, is doing about building an infosec program from the ground up using a set of first principles. This episode, he talks about why zero trust is a cornerstone building block to our first principle cybersecurity infosec program. And here is the key takeaway - building it is not as hard to do as you think.



This week's CSO Perspectives is the first in a series of shows about cybersecurity strategy. Rick Howard discusses the concept of first principles as an organizing principle and how the technique can be applied to cybersecurity to build a foundational wall of infosec practices that are so fundamental as to be self-evident; so elementary that no expert in the field can argue against them; so crucial to our understanding that without them, the infrastructure that holds our accepted best practice disintegrates like sand castles against the watery tide.



Rick Howard discusses counterintelligence operations by commercial vendors on the Dark Web and the kinds of intelligence that can be found.



Conveying risk to the company leadership, the metrics collection required to do it, how heat maps are generally bad science, and the requirement for precise modeling of the risk environment.