Post ATsO80y67VEbcvzLMm by StephenC@aus.social
(DIR) More posts by StephenC@aus.social
(DIR) Post #ATrdUUivTXcoR86qFU by jamiesaker@infosec.exchange
2023-03-22T04:36:28Z
0 likes, 0 repeats
Hey Cyber colleagues... What's the #1 thing you'd want IT leaders to know about cyber threat monitoring and proactive defense?I've joined Wisconsin-Madison's Graduate School of Banking as its Cyber instructor and would love to hear your thoughts on how we can help shape and inform IT professionals into a stronger alignment with the cyber threat landscape.
(DIR) Post #ATrdUVBzjSsRtHi3Ye by hacks4pancakes@infosec.exchange
2023-03-22T04:48:25Z
0 likes, 0 repeats
@jamiesaker it all comes down to trained and capable humans with proper tools. No magic black box will solve it, no matter the pitch and buzzwords.
(DIR) Post #ATrdUVeM21YvJEyhlI by BabblingGeek@infosec.exchange
2023-03-22T05:16:43Z
0 likes, 0 repeats
@hacks4pancakes @jamiesaker and you need to actually hire people to do it, not just add it as another job role to security.
(DIR) Post #ATrdUWLFSXsDSH2xcW by jamiesaker@infosec.exchange
2023-03-22T05:21:21Z
0 likes, 0 repeats
@BabblingGeek That's actually going to be an interesting part of the discussion. There's interesting analysis that confirms cyber governance and administration can't be detached - outsourced, distanced, disregarded - that we'll be working through.
(DIR) Post #ATrdUWwTE9eDJiSgdc by BabblingGeek@infosec.exchange
2023-03-22T05:26:18Z
0 likes, 0 repeats
@jamiesaker my followup thought being: how are they protected. There is a parallel to audit that cyber governance also needs a level of shielding from retaliation. One of my greatest regrets is putting my job safety over doing the right thing because I was not safe from retaliation in a previous role.
(DIR) Post #ATrdUXQFRRT0o4OT3I by jamiesaker@infosec.exchange
2023-03-22T05:33:06Z
1 likes, 1 repeats
@BabblingGeek "Those who expose material risks work to protect the institution but often do so at their own peril."Successful cyber programs reward, protect and cherish those who alert us to existential risks. I was nearly fired by a Fortune 250 CIO on a conference call for reporting an uncovered existential risk that the CIO had covered up until a company attorney pointed out he and many others not only faced personal liability, but my team was helping protect them by exposing and eradicating it. Yet five years later, one of his cronies slipped my name onto a RIF (reduction in force) list along with my peers who were great at exposing systemic risk, and gutted us. Great for my career and compensation; bad for the company.Today, that company still suffers numerous low-complexity exploits and hacks. It's CEO is baffled by the reality that it can't secure much of its landscape. It all comes down to listening to the front-line employees who know what the reality is, and protecting them.
(DIR) Post #ATsO80y67VEbcvzLMm by StephenC@aus.social
2023-03-22T05:37:36Z
0 likes, 0 repeats
@jamiesaker stop calling apps #AI when they are #notAI
(DIR) Post #ATsO81RANQUF55aYfw by jamiesaker@infosec.exchange
2023-03-22T05:41:57Z
1 likes, 0 repeats
@StephenC Killer perspective. #AI has become the "Scary Other" in cyber. If we don't understand it, it's #AI and designated to scare the f* out of us. It's even becoming an excuse: "We could have tried to defend against this attack but OMG the #AI was there!"Last year I became a solid member of #DEFCON's AI Village, both recognizing the tech's promise and the deceptive hype. If you were standing in front of the 300+ folks in the village, how would you expand upon this declaration to make folks seriously reconsider their classifications?