Why 3rd Party Security Testing is the New Password Rotation


Manage episode 257183298 series 2643387
By Steve Moore. Discovered by Player FM and our community — copyright is owned by the publisher, not Player FM, and audio is streamed directly from their servers. Hit the Subscribe button to track updates in Player FM, or paste the feed URL into other podcast apps.

Identifying Burnout In The Workplace

Burnout is a common occurrence in any industry, but especially among those looking to carve out their place in the industry. No one works well when they aren’t at their best, identifying burnout early on can stop it in its tracks. If you’re noticing someone is acting out of character or being short, they may be experiencing burnout. Another tell can be the hours you’re seeing someone put in, no one should be up at midnight still working.

Advice To A Younger You

Networking can get you to great places, starting early in your career can really put you where you want to be a few years down the road. Don’t be shy, get out there and meet people within the industry. Network both inside and outside of the company you’re a part of.

Transitioning Into Leadership

Not everyone is cutout for management. When taking a leadership role you need to be able to prioritize your team and realize you’re directly responsible for those who work with you. To be a good leader you have to take all the knowledge you’ve learned up to this point and be able to teach it to others in a way that makes sense to each individual. Empathy plays a huge role in leadership, you must be able to put yourself in the position of others and understand their point of view. Being open to feedback and being able to take it with an open mind is essential in leadership; it’s going to come both solicited and non-solicited.

Third Party Risks And Why We Don’t Love It

What is third party risk? It’s when a company brings in another company to handle a certain project or service. Within security this plays a huge risk because you’re essentially giving this other company access or information to the inner workings of your company. From a security standpoint this is a huge risk and variable, so doing thorough and meticulous research into the companies brought is key. This can ruffle some feathers with the third party, but at the end of the day you’re in charge of security so you need to fulfill your duties to the company you’re employed with. The real issue arises when you’ve done the research, and don’t feel that the third party is a good match for the company, yet leadership above you wants to move forward regardless. The CISO is now tasked with trying to figure out how they can make this work with the third party, whether that means changing language within the contract, adjusting the work the third party is doing, or reworking how you present your findings to leadership above you.

Warning Signs Of A Bad Third Party Review

How many exceptions are you making to be able to work with this vendor? Does it seem it like some rules are being bent? Policies and procedures aren’t being followed? These are all huge warning signs. Another warning sign is an across the board process for each new vendor, this isn’t the most effective way to lower risks, and this can lower sales and revenue. Some vendors will be more risky then others, so there should be separate policies for different companies based on their risks.

What Being A New CISO Means To Me

Building relationships while being honest and transparent is key to being a CISO. If we all viewed ourselves as a vendor and service provider we could all get the tasks at hand done. Also be on the lookout for my book being released in summer 2020:

Startup Secure Banking In Cybersecurity, From Founding To Exit


Steve Moore: Linkedin

Chris Castaldo: Linkedin

Exabeam: Website

Dataminr: Website

66 episodes