To give you the best possible experience, this site uses cookies. Review our Privacy Policy and Terms of Service to learn more. Got it!
Artwork

Security Software Development Tech News Cybersecurity Informationsecurity David Spark Tech News InfoSec CISO CISOSeries
Content provided by David Spark. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by David Spark or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

Similar to Defense in Depth

Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Defense in Depth « »
User-Centric Security

28:54
 
Play
Playing
Share
 

MP3Episode home
Manage episode 244153321 series 2478315
Content provided by David Spark. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by David Spark or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-user-centric-security/)

How can software and our security programs better be architected to get users involved?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Adrian Ludwig, CISO, Atlassian, a customer of our sponsor, Castle.

Thanks to this week’s podcast sponsor, Castle.

Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows. Learn more at www.castle.io

On this episode of Defense in Depth, you'll learn:

  • It's impossible to create a security system that removes the user from the equation. They are integral and they have to be part of your security program.
  • Security is defined by the individual.
  • The minimum expectation you can have of your users is that they'll operate in good faith.
  • Avoid complexity because as soon as it's introduced it drives problems everywhere.
  • Instead, keep asking yourself, how can I make security more usable?
  • Individuals are suffering from alert fatigue. If you're going to send an alert to a user, make it relevant and actionable. And always be aware that your security alerts are not the only alert the user is seeing and deciding or not deciding to take action on.
  • Think about all the alerts you completely ignore, like the confidentiality warning in a corporate email.
  • One of the main problems with security is the party who suffers is not the one who has to act.
  • The user often does not have any stake in the goods he/she is protecting.

  continue reading

259 episodes

#Security #Software Development #Tech News #Cybersecurity #Informationsecurity #David Spark #Tech #News #InfoSec #CISO #CISOSeries
Artwork

User-Centric Security

Defense in Depth

203 subscribers

published

Play Playing
iconShare
 
MP3Episode home
Manage episode 244153321 series 2478315
Content provided by David Spark. All podcast content including episodes, graphics, and podcast descriptions are uploaded and provided directly by David Spark or their podcast platform partner. If you believe someone is using your copyrighted work without your permission, you can follow the process outlined here https://player.fm/legal.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-user-centric-security/)

How can software and our security programs better be architected to get users involved?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Adrian Ludwig, CISO, Atlassian, a customer of our sponsor, Castle.

Thanks to this week’s podcast sponsor, Castle.

Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows. Learn more at www.castle.io

On this episode of Defense in Depth, you'll learn:

  • It's impossible to create a security system that removes the user from the equation. They are integral and they have to be part of your security program.
  • Security is defined by the individual.
  • The minimum expectation you can have of your users is that they'll operate in good faith.
  • Avoid complexity because as soon as it's introduced it drives problems everywhere.
  • Instead, keep asking yourself, how can I make security more usable?
  • Individuals are suffering from alert fatigue. If you're going to send an alert to a user, make it relevant and actionable. And always be aware that your security alerts are not the only alert the user is seeing and deciding or not deciding to take action on.
  • Think about all the alerts you completely ignore, like the confidentiality warning in a corporate email.
  • One of the main problems with security is the party who suffers is not the one who has to act.
  • The user often does not have any stake in the goods he/she is protecting.

  continue reading

259 episodes

#Security #Software Development #Tech News #Cybersecurity #Informationsecurity #David Spark #Tech #News #InfoSec #CISO #CISOSeries

Tüm bölümler

×
 
Loading …

Welcome to Player FM!

Player FM is scanning the web for high-quality podcasts for you to enjoy right now. It's the best podcast app and works on Android, iPhone, and the web. Signup to sync subscriptions across devices.

 

Similar to Defense in Depth

Listen to 500+ topics
Player FM - Podcast App
Go offline with the Player FM app!
Get it on App Store Get it on Google Play

Quick Reference Guide

Top Podcasts
The Bill Simmons Podcast
PTI
First Take
Marketplace
Comedy of the Week
The Bugle
How Did This Get Made?
Doug Loves Movies
Planet Money
TED Talks Daily
NBC Nightly News with Lester Holt
The World This Hour
Daily Boost Motivation and Coaching
Radiolab
Science Friday
This American Life
Criminal
Sword and Scale
In The Dark
Player FM logo
Help/FAQ | Upgrade | Advertise
Arts|Business|Comedy|Economics|Entertainment|News|Politics|Religion
Science|Soccer|Sports|Storytelling|Technology|True Crime
Copyright 2024 | Sitemap | Privacy Policy | Terms of Service | | Copyright
Episode being played series thumbnail
icon icon
Speed
Series settings
1x
1x
Volume
100%
icon
icon icon
/

View Player FM in...
Player FM
Browser
Chrome
Safari
Firefox