To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Content provided by Galah Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Galah Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Secured by Galah Cyber « »
ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson

1:04:51
 
Play
Playing
Share
 

MP3Episode home
Manage episode 373122151 series 3463790
Content provided by Galah Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Galah Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In the latest episode of Secured, Cole Cornford chats with Iain Dickson, Full Spectrum Cyber Practice Lead at Leidos Australia, a technology company working across defence, aviation and national security. Iain is also the co-founder of ComfyCon, an online cyber security conference which was started in response to the many event cancellations caused by the 2020 covid lockdowns.

Iain chats with Cole Cornford about taking a risk-based vs a compliance based-approach to cybersecurity, why punishing a company for their security breaches can sometimes be a bad idea in the long run, the importance of communication skills, and plenty more.

Secured by Galah Cyber website

Timestamps

4:30 - Iain: my entire career is finding issues in things.

7:15 - Are security professionals naturally risk averse?

8:00 - Compliance vs risk approach to cybersecurity.

9:00 - Cole: I try to understand the business before talking security.

9:15 - Iain: discussing optus breach & risk vs compliance.

11:00 - Should we persecute companies for having security incidents?

11:15 - The tenant of “zero trust.”

12:00 - Cole: as soon as you start being punitive, no one will want to work with you.

16:15 - Cole: a business is there to achieve an outcome.

16:50 - Cole: a lot of security challenges are user experience challenges.

18:15 - Cole: passwords solved the wrong problem (spicy take).

20:00 - Iain’s spicy takes.

21:40 - Companies claiming to help people meet “essential 8 compliance.”

25:35 - Essential 8 note very relevant to appsec.

28:35 - Iain’s background.

30:00 - Iain: I have a rule with vendors I work with: no selling.

31:30 - Cole: no Australian likes to be sold to.

33:30 - Cybersecurity in the OT space.

36:00 - Challenges in OT that don’t exist in other sectors.

38:45 - Difference when working on tangible vs non tangible software/hardware.

40:15 - Difference between software engineers & developers.

41:15 - Software as a profession hasn't existed very long.

44:50 - Iain’s advice.

49:30 - Cole: too much focus on technical skills.

50:20 - Iain: sometimes, leaders choose to accept risk.

51:15 - … and if you can’t accept that, you’re going to burn out.

53:00 - You can’t live without risk.

54:15 - Founding of Comfycon.

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy
  continue reading

32 episodes

Artwork

ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson

Secured by Galah Cyber

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 373122151 series 3463790
Content provided by Galah Cyber. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by Galah Cyber or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

In the latest episode of Secured, Cole Cornford chats with Iain Dickson, Full Spectrum Cyber Practice Lead at Leidos Australia, a technology company working across defence, aviation and national security. Iain is also the co-founder of ComfyCon, an online cyber security conference which was started in response to the many event cancellations caused by the 2020 covid lockdowns.

Iain chats with Cole Cornford about taking a risk-based vs a compliance based-approach to cybersecurity, why punishing a company for their security breaches can sometimes be a bad idea in the long run, the importance of communication skills, and plenty more.

Secured by Galah Cyber website

Timestamps

4:30 - Iain: my entire career is finding issues in things.

7:15 - Are security professionals naturally risk averse?

8:00 - Compliance vs risk approach to cybersecurity.

9:00 - Cole: I try to understand the business before talking security.

9:15 - Iain: discussing optus breach & risk vs compliance.

11:00 - Should we persecute companies for having security incidents?

11:15 - The tenant of “zero trust.”

12:00 - Cole: as soon as you start being punitive, no one will want to work with you.

16:15 - Cole: a business is there to achieve an outcome.

16:50 - Cole: a lot of security challenges are user experience challenges.

18:15 - Cole: passwords solved the wrong problem (spicy take).

20:00 - Iain’s spicy takes.

21:40 - Companies claiming to help people meet “essential 8 compliance.”

25:35 - Essential 8 note very relevant to appsec.

28:35 - Iain’s background.

30:00 - Iain: I have a rule with vendors I work with: no selling.

31:30 - Cole: no Australian likes to be sold to.

33:30 - Cybersecurity in the OT space.

36:00 - Challenges in OT that don’t exist in other sectors.

38:45 - Difference when working on tangible vs non tangible software/hardware.

40:15 - Difference between software engineers & developers.

41:15 - Software as a profession hasn't existed very long.

44:50 - Iain’s advice.

49:30 - Cole: too much focus on technical skills.

50:20 - Iain: sometimes, leaders choose to accept risk.

51:15 - … and if you can’t accept that, you’re going to burn out.

53:00 - You can’t live without risk.

54:15 - Founding of Comfycon.

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Chartable - https://chartable.com/privacy
  continue reading

32 episodes

All episodes

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox