Security Made the Mess. They Should Clean It Up – CISO/Security Vendor Relationship Podcast

by David Spark on August 28, 2018

Security is suffering from a serious Rodney Dangerfield “I get no respect” problem. What has often been seen as the department of “no” is struggling under that brand image. That’s probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it’ll be their responsibility to dig themselves out.

Here’s what you’ll hear on the latest episode of the CISO/Security Vendor Relationship Podcast:

Nobody thinks security is their friend: How can security rid itself of this highly negative branding? Be problem solvers instead of problem creators.
Techniques to integrate AppSec into the DevOps process: It comes down to measurement, respecting an engineer’s time, and learning from the success of one process and putting it into another. Read more great insight by Chris Steipp of Lyft.
We play “What’s Worse?!” In this episode of the game we question the worst scenario of an encrypted or unencrypted laptop, but with qualifications.
Uggh, WAFs are NOT magical boxes: In a round of “Please, Enough. No, More.” we challenge the way web application firewalls (WAFs) are being sold. WAFs need to be more friendly and flexible. No one believes you if you sell them as magical boxes that stop all attacks.
How can you be a great customer? We turn the tables from “Ask a CISO” to “Ask a Vendor” and ask what it takes to be a great customer. Vendors would like you to stop kicking the tires and talk about solving real problems.
Plus a 10-second security tip: It may be cliche, but if security departments want to be more effective, they should be moving away from blocking to enabling.

Special thanks to Signal Sciences for sponsoring this episode. If you’re using WAFs, make sure you read “Three Ways Legacy WAFs Fail,” by their head of research, James Wickett.