Security is suffering from a serious Rodney Dangerfield “I get no respect” problem. What has often been seen as the department of “no” is struggling under that brand image. That’s probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it’ll be their responsibility to dig themselves out.
Here’s what you’ll hear on the latest episode of the CISO/Security Vendor Relationship Podcast:
- Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers instead of problem creators.
- Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer’s time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft.
- We play “What’s Worse?!” In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications.
- Uggh, WAFs are NOT magical boxes: In a round of “Please, Enough. No, More.” we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks.
- How can you be a great customer? We turn the tables from “Ask a CISO” to “Ask a Vendor” and ask what it takes to be a great customer. Vendors would like you to stop kicking the tires and talk about solving real problems.
- Plus a 10-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling.
As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Zane Lackey (@zanelackey), co-founder and CSO for Signal Sciences and author of the new book from O’Reilly, “Building a Modern Security Program.”
Listen and Subscribe to the CISO/Security Vendor Relationship Podcast
So many ways to connect and listen to the podcast.