In this episode of The Great Security Debate, Dan, Brian and Erik invent (and copyright) the idea of a Fantasy Hacker League then dig into more serious discussions on deception technology, asset discovery challenges, and resource management. The conversation also delves into the impact of budget constraints on security projects, the mental toll on …

Welcome to the Great Security Debate! In this episode, experts take on a multifaceted discussion about the intricacies of technology and cybersecurity. The debate navigates through the recent incident involving CrowdStrike and Microsoft, dissecting the layers of technology, processes, and the roles of different entities in maintaining security. Emp…

This episode of 'The Great Security Debate' delves into the complexities surrounding cyber insurance, discussing its impact on minimising business risks and ensuring compliance. Erik, Brian, and Dan talk about how connected systems and automation increase risks and integrates AI reliance concerns. Insurance policies, force majeure, and government r…

In this episode of the Great Security Debate, Brian, Erik, and Dan dive into the latest trends in ransomware including an uptick in attacks against the hypervisor. Speaking of VMWare, we also "discuss" the way that Broadcom has handled the VMWare acquisition and why it both make sense (to them) and doesn't (to many customers). The debate also heads…

Sorry about the audio on this one. We have got the tech back on track for the next episode. I promise! Join the Great Security Debate as Brian, Erik, and Dan delve into 'pig slaughtering,' a scam involving rapport building to swindle victims out of money. The discussion explores the intersections of security awareness, blockchain technology, and th…

Join Dan, Brian, and Erik in the latest episode of The Great Security Debate as they explore the impact and implications of the movie 'Leave the World Behind.' Delving into cyber security, societal impacts of technology, and philosophical elements, this discussion touches upon vulnerability management, risk management, and the effect of constant co…

It's an "all rounder" episode of The Great Security Debate. Brian watched a movie, Erik watched an advertisement, and Dan was overtly cynical. Just another day in the podcast booth for these three. A variety pack of topics ranging from recent security attacks, to AI in technology, to automotive manufacturing (go figure), to privacy, to sponsorship …

It's not easy to sell things. It's even harder to sell to security practitioners and leaders. The Great Security Debate this week covers some angles in security tools (and selling those tools to security teams) that have taken their toll on the trust that needs to exist between those who buy and those who make the products that we use. From the sof…

This week we are debating modern AI systems, especially the commercial ones on just about everyone's lips when talking about CVs, high school term papers, and interview answers. Large Language Models (LLMs), of which ChatGPT and Bard are two examples, are growing in prominence, but will they disrupt the technology world, or are they nothing more th…

It's been a minute, but we are back with another Great Security Debate! Whether it is compliance, trust, questionnaires, we all sell something to someone and security is core to that process. In this episode, the focus is on how security integrates into the core of each of our businesses or organisations. From being part of strategic planning, the …

Welcome to a very special Great Security Debate. If it is spring, it means that the annual Forrester “Top Recommendations For Your Security Program” report has come out, and we get to visit with one of the authors, Jess Burn. But this year, we get an added extra voice in that of Jess’ Forrester colleague Jeff Pollard. Both Jess and Jeff share a ton…

This week, Brian, Erik, and Dan look into the security impacts of last week’s Silicon Valley Bank closure, both from a direct security risk, but also what we can learn about risk from the events leading up to the incident that we can apply to our information security responsibilities. Brian kicks it off with a great description of how Silicon Valle…

The Great Security Debate Book Club is in FULL force this week as we talk about life after you’ve gotten the job in information security and are looking for the growth and promotion that come as you grow your career. Check out the show notes on our website www.greatsecuritydebate.net/48 to get links to all the books, articles, and references we dis…

Insurance for information security is changing. Recently some reports came out that there were moves by insurance companies to leave the cybersecurity insurance market - that it was uninsurable. Dan, Brian, and Erik discuss on this week's Great Security Debate: What happens now that cybersecurity insurance is built into contracts and requirements b…

Welcome to the year-end 2022 episode of The Great Security Debate. In this hour, Brian, Erik, and Dan cover myriad ways hiring processes are failing job seekers and hiring organisations. It all kicked off with the impersonal nature of automated 1-way video interviews. It quickly jumped into the myriad of other ways we can do better on both sides, i…

Recorded on Saturday 29 October 2022, at the tailgate before the University of Michigan vs Michigan State University (American) football game, Brian, Erik and Dan chat about the news of the day, with more than a few correlations back to football. And we had a special guest join us, too: Zah Gonzalvo Rodriguez There was an upcoming OpenSSL vulnerabi…

This week’s debate comes amid a combo platter of increased analytics leading to near-immediate contact when visiting a product’s website, along with more clarity from enforcement bodies about how they will approach their respective privacy legislation. One such fine was the Sephora CCPA matter in which California Attorney General levied a $1.2M fin…

We've all seen it (or been it): a new boss arrives at the company and quickly thereafter a bunch of their old colleagues get hired. It feels like they are getting the band back together at the new place. What does that say to the organisation about that leader? What does doing the opposite (pausing, growing from within) say differently? Brian, Dan …

Are we getting subscription overload? The move to more and more subscriptions is good for those selling, but are they good for those buying, too? Do subscriptions offset by other non-cash costs (e.g. data collection, advertising) reduce subscription fatigue? How does that fit into the security product world? What are the risks of making security te…

It's the dog days of summer here in the northern hemisphere, and we have some episodes to make the hot, muggy days go by faster (or the drive up to the cabin in the woods to escape it all). This week Dan, Brian and Erik talk about what it takes to be a Virtual or Fractional CISO. Does someone that calls themselves one need to have had in-house CISO…

Dan, Brian and Erik look at how the past informs our security future, and how things we have done in the past may not get us where we need to be in the future. Join us for a live podcast recording with live audience Q&A, direct from the MCWT Executive Connection Summit. In the live recording we covered a flurry of topics focused on changing ourselv…

This week on The Great Security Debate we have arrived at one of our favourite episodes of the year (and what is and will be an annual thing!) when Forrester Senior Analyst, Jess Burn, returns to the show to share this years recommendations for security programs. An overarching theme of the report is to use the captital that the CISO has acquired o…

The Great Security Debate rolls on, this week looking at how governments, regulations and business values are and will shape the security posture of enterprises. Is attribution worth pursuing to the end? How can state and federal law enforcement help figure out who and what happened after an incident? Fast (agile) vs good (quality) vs cheap (cost) …

Recently, Brian, Dan and Erik had the great fortune to do a live version of the podcast at the monthly meeting of the SIM Detroit Chapter (https://chapter.simnet.org/detroit/home). At the close of that discussion, the comment was raised as to whether or not security should be used as a competitive advantage by businesses. The topic seemed perfect f…

Current global events have led to increased focus on technology security. In this week's episode we debate to what extent this does or will confirm the rise of the information security roles within organisations. Our thoughts and good wishes go out to the people of Ukraine. Do current events confirm that the rise of the CISO organisation was warran…

This week’s episode was sparked by a recent TechCrunch article https://techcrunch.com/2022/02/01/free-agent-series-a/ asking whether tech workers should have agents to negotiate their salaries. We took up the debate on this and a few adjacent topics including: The Great Resignation’s impact on working habits Should security practitioners and leader…

We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in. And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the pr…

Some say that Log4J is the gift that keeps on giving, much like the Jelly of the Month Club. After the initial surge of discussion a couple weeks ago there were mitigations, a vaccine and multiple iterations of official patches to keep the issue at bay and the new ones that cropped up afterwards. Brian, Dan and Erik discuss the log4j vulnerability …

It's a sports analogy-filled episode of The Great Security Debate, but don't let that scare you away. This week, we cover a whole host of topics, primarily focused on the ideas of simple vs. complex and best-of-breed vs. tightly integrated when dealing with technology, change, process or securing your environment. Pace of change in security is ridi…

In security (and elsewhere) the long game is often overlooked in lieu of short-term advances and accomplishments. From building security into the culture of an organisation to setting goals and objectives for leaders and staff, being strategic in your security approach is critical. In this episode we cover: How to balance an organisation's drive to…

Security has truly gone mainstream. From late night television jokes to state governors not knowing how technology works, as a profession and a vocation, we have arrived. Jimmy Fallon has jokes about security on his show What are the implications of out of date security laws that define what it is to “hack” systems? Keep in mind that some were writ…

In the adage "people, process, technology" the technology comes last in the list for a reason as it is only as good as the people and processes that surround and support it. In this week's Great Security Debate we cover a range of topics all focused on the importance (and impacts) of the people and the process as key to the success of security tech…

Over the past 18 months, the way we work has changed including within the security field. On this episode of The Great Security Debate, Dan, Brian and Erik dig into some of the long-term implications of working today and beyond. From remote work to in-person or hybrid : what works best? Does security have a talent shortage, and how is it exacerbate…

A recent visit by US companies to the White House sparked a debate between Dan, Brian and Erik about how to improve security. Was the result useful to the cause, or useful to the marketing goals of the attendees? The risks are high, but are the responses going to move the needle? We discuss on this week's Great Security Debate. Leave some feedback,…

If you want to check out the new video edition of the podcast, please go to: https://youtu.be/FBBmA9YDNfQ where you can subscribe, give thumbs up and ring bells like YouTubers have been asking you to do for years. You know the drill. Also, our apologies for the hum in the audio throughout the entire episode. The problem has been identified and the …

Get notified in an email every time a new episode of The Great Security Debate drops, or when we announce in-person episode recordings (coming soon)! Sign up for our newsletter: https://newsletter.greatsecuritydebate.net Dan, Brian, and Erik find themselves debating whether or not the new up-to-$10M reward for information regarding ransomware and o…

Recently a lot of newsworthy security incidents have taken place. A common thread through many is not that they were sophisticated or required lots of time to plan and execute, or even that the victim had not invested in a lot of whizbang security technology which led to them not noticing the attack. The common thread much more simple: that fundame…

A wide range of cause and effect discussion in this week's episode. What happens when a cellphone gets compromised for one purpose and has unrelated, follow-on consequences? Will there be material impact from the recent decrees, executive orders and vocal support by President Biden that additional focus is required on information security, ransomwa…

The news of the week includes discussion about some changes to Amazon's home devices including Echo and Ring with the activation of their Sidewalk Network on all those devices by default and the potential for both ubiquitous connectivity for IoT devices, and the possibiity of abuse of the data that is seen . Brian, Erik and Dan also talk about the …

We got asked by a listener to help answer the question, "Why Does My CISO Hate Me?" While we may not be privy to the exact situation in play there, we are pretty sure that no one's CISO truly hates them (but they may not be fond of all the things that everyone does all the time). In the debate today, we talk about some of the things that challenge …

We open season 2 with a new format: guests! Our first guest, Jessica Burn, has been working closely with CISOs and the security industry at Forrester where she is a Senior Analyst covering the role of the CISO, Incident Response, Zero Trust Strategy and Continuous Controls Monitoring. Dan, Erik, Brian and Jess use a new Forrester report about recom…

Exactly one year ago, most of the population of the US was given the word to begin to work from home. Security and technology teams were large parts of the preparation for this change, and were also largely able to move their operations to a home office for the duration of the last twelve months. The last year has been one of constant "on", whether…

This week we look at the security organisation through the looking glass. From within the org, the leaders and the partners and product/service providers we work with, we dig into some of the ways that security works with the rest of the business and customers, and how the needs of each org changes over time and necessitates the need for different …

It's Valentine's Day and you get presents. Dan, Brian and Erik discuss the books, people and tools that they each love and changed their lives. None are specifically security-related, so see what's been impactful on each of them in this episode. The links are an especially big part of the episode, so take a look in your podcast app or on the site (…

The time for job change happens and there are a lot of things go along with it including. We cover a ton of them in this week's episode: The reasons to make a career change Deciding the time is right to make a change (and how do you know) Taking our own advice when it comes to our own career change The importance of support of family to make more d…

We are 9 months into a period in which many workers, including technology and security professionals, are still doing their jobs remotely. Some have moved away from their primary homes, often without letting their company know that this has happened. As business processes catch up with this change in approach, some companies are taking steps to a) …

A few weeks ago, a company called SolarWinds was discovered to have had some bad actors in placing things in their technology (code) for a while. How did it happen? What does it mean to others? We don't know all the answers yet but we do know that it means we will have to make some changes to things like those universally hated security questionnai…

One of the ways that companies have tried to improve education and awareness about the risks of phishing is the use of phishing tests to see if colleagues click on the link or open the suspect attachment in an unsuspecting yet controled environment. If they do, some instant education comes their way. There are those that think that this approach ke…

A regular complaint by those who consume and use technology is that security adds friction to their process, which often means they get frustrated at the control put in their path, curse technology in general, or abandon the activity altogether. In today's episode, Dan, Erik and Brian explore the balance necessary to understand when certain control…

When bad things happen to the computers in your organisation, who is the first person you call? IT, the FBI, your general counsel, the insurance company? Today, Erik, Dan and Brian cover attacks, response and middle people negotiating with the attackers on your behalf. Other topics discussed include: The risk of cheap IoT devices and long term supp…