Preview Mode Links will not work in preview mode

Jan 19, 2015

In this episode...

  • The blog post that started it all - http://blog.norsecorp.com/2014/11/10/the-new-reality-in-security-offense-always-wins-and-defense-always-loses/
  • Vince, tells us what he means by "Offense always wins, defense always loses"
  • We disagree over this snip from his blog post: "To “win” in cyber security, defense must be right 100% of the time, while offense only has to be right once. We must wake up to the reality that defense is an impossible task; no matter what actions we take, we will lose."
  • We discuss how we get away from being Eeyore defeatists?
  • Vince give us security strategies he is advocating knowing that defense is better equipped, and better funded
  • We briefly mention high-value assets, and why it's even more critical today than it has ever been before, and why we still stink at it
  • We challenge Vince to give us some tangible steps to managing risk better, to get away from winning/losing?
  • We discuss how we compress delivery time lines for security competencies? (Average time to deliver a technical control is months, plus budget cycle - maybe years)
  • We close with lessons learned from your Vince's rich experience that he'd like to share with the listeners, to change the nature of the win/lose conversation

Guest

  • Vince Crisler - Vince has done some very interesting things in his background including former Communications Officer with the US Air Force, who also worked at the White House as Presidential Communications Officerm backed security start-ups, and chairing a Washington DC OSINT group. He's definitely one of the people you should get to know.