#88 - Tackling 3 Really Hard Problems in Cyber (with Andy Ellis)

This episode of CISO Tradecraft, Andy Ellis from Orca Security stops by to talk about three really hard problems that CISOs have struggled with for decades.  How do we build a phishing program that works? How do we build a 3rd party risk management program that isn't a paper exercise? How do we actually get good at patch management? Stick around for some great answers such as: Human error is a system in need of redesign How do we put every employee on an island protected from the company? If we stopped doing this practice/process, then how would the world be different? What data/transactions does this third party have access to? What are all of the dangerous things customers can do in their configurations that my organization needs to know about? What if we turned on auto-patching for the desktop? What if we set SLA tripwires to alert senior leaders when their developers are unable to meet patching timelines? References: Vulnerabilities Don't Count Link

Om Podcasten

Welcome to CISO Tradecraft®. A podcast designed to take you through the adventure of becoming a CISO. This podcast was started because G Mark Hardy and Ross Young felt impressed to help others take their Information Security Skills to an executive level. We are thrilled to be your guides to lead you through the various domains of becoming a competent and effective CISO.