Vince, tells us what he means by "Offense always wins, defense
We disagree over this snip from his blog post: "To “win” in
cyber security, defense must be right 100% of the time, while
offense only has to be right once. We must wake up to the reality
that defense is an impossible task; no matter what actions we take,
we will lose."
We discuss how we get away from being Eeyore defeatists?
Vince give us security strategies he is advocating knowing that
defense is better equipped, and better funded
We briefly mention high-value assets, and why it's even more
critical today than it has ever been before, and why we still stink
We challenge Vince to give us some tangible steps to managing
risk better, to get away from winning/losing?
We discuss how we compress delivery time lines for security
competencies? (Average time to deliver a technical control is
months, plus budget cycle - maybe years)
We close with lessons learned from your Vince's rich experience
that he'd like to share with the listeners, to change the nature of
the win/lose conversation
Vince Crisler - Vince has done some very
interesting things in his background including former
Communications Officer with the US Air Force, who also worked at
the White House as Presidential Communications Officerm backed
security start-ups, and chairing a Washington DC OSINT group. He's
definitely one of the people you should get to know.
Security. Some assembly required.
Security is HARD, and 'real security' is a compromise between usability and security while knowing you're still accepting risk.
This podcast alternates between interesting interviews and news analysis every other week - tune in, subscribe and join the conversation on REAL security issues relevant to your enterprise.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's SecurityWeek column: http://www.securityweek.com/authors/rafal-los