Vince, tells us what he means by "Offense always wins, defense
We disagree over this snip from his blog post: "To “win” in
cyber security, defense must be right 100% of the time, while
offense only has to be right once. We must wake up to the reality
that defense is an impossible task; no matter what actions we take,
we will lose."
We discuss how we get away from being Eeyore defeatists?
Vince give us security strategies he is advocating knowing that
defense is better equipped, and better funded
We briefly mention high-value assets, and why it's even more
critical today than it has ever been before, and why we still stink
We challenge Vince to give us some tangible steps to managing
risk better, to get away from winning/losing?
We discuss how we compress delivery time lines for security
competencies? (Average time to deliver a technical control is
months, plus budget cycle - maybe years)
We close with lessons learned from your Vince's rich experience
that he'd like to share with the listeners, to change the nature of
the win/lose conversation
Vince Crisler - Vince has done some very
interesting things in his background including former
Communications Officer with the US Air Force, who also worked at
the White House as Presidential Communications Officerm backed
security start-ups, and chairing a Washington DC OSINT group. He's
definitely one of the people you should get to know.
Take a step outside the echo chamber - gain some perspective and context.
Welcome to Cybersecurity: An immature industry where we mandate impossible-to-remember complex passwords that change every 30 days - and call that security. It's an industry where everyone is an expert, but no one's actually solved anything... weird right?
This show is focused on the many aspects of cybersecurity - from professional to leadership, technical to abstract. We look to entertain you while filling your brain with expertise and knowledge from all corners of our industry and beyond. You can expect security experts, policy professionals, and people from outside our own "security bubble" because frankly, our echo chamber needs some perspective.
Join us, subscribe, and share in the conversation.
Follow us on Twitter: @DtSR_Podcast
Check out Rafal's @Medium blog at https://medium.com/@BlogWh1t3Rabbit