The Role of the CISO with Daniel Conroy, Synchrony Financial

As the news of breaches across multiple sectors continues the role of the Chief Information Security Officers has never been more important.

The CISO is not only responsible for protecting the organization they are tasked with enabling the business. And with the CISO speaking in both business and technical languages, they are quickly gaining visibility with the Board of Directors that needs to understand, and to provide resources for, enterprise security.

In this podcast, Daniel Conroy, the CISO of Synchrony Financial, a leading financial institution, speaks with Security Current’s Vic Wheatman about the role, the definition of security intelligence and what keeps him up at night.



Breach Detection and Compensating Controls

It isn’t a matter of if your organization will be infected with malware but rather a matter of when. Based on that premise, Seculert designed a cloud service to quickly and automatically identify the machines connected to bad actors on the Internet. By knowing which equipment if compromised, desktop support staff can quickly replace or wipe the offending machine.

In this sponsored podcast, Security Current’s Vic Wheatman speaks with Richard Greene, Seculert’s President of Field Operations about the compensating controls the company provides, and why unsubscribing from spam may not be such a good idea.



A CISO Talks Security in Healthcare

Healthcare providers have some of the most complicated environments with a multitude of systems, users and regulatory mandates. And often, according Barnabas Health CISO Hussein Syed, this leads to one of the biggest challenges, which is a misunderstood environment.

There are concerns over Personally Identifiable Information (PII), as well as maintaining compliance with Payment Card Industry (PCI) mandates as healthcare providers generally take credit cards.

Further, because of the growing Internet of Medical Things with various equipment now networked, data leakage becomes a greater concern. And compounding this is are third party providers, from doctors to billing companies, working with healthcare providers, making security even more difficult.

As you’ll hear from Hussein Syed during this conversation with Security Current’s Vic Wheatman while at RSA it is a balancing act to provide access while ensuring security. They speak about these and other issues.



A CISO Reviews RSA 2015: Patricia Titus

RSA Conference 2015 was bigger than ever with hundreds of startups promoting their wares. One segment that caught the attention of CISOs was what is being dubbed as next generation endpoint security.

As you’ll hear, new approaches to endpoint security may allow enterprises to turn off legacy anti-virus, anti-worm and other traditional protections. And what does security intelligence means to a CISO?

Security Current’s Vic Wheatman speaks with Patricia Titus about these and other issues including the toughest part of being a CISO.



The State of Cyber Security: Implications for 2015

A surprising number of organizations are expecting a cyber attack. Despite this it is getting harder to fill cyber security jobs.

ISACA, an independent, nonprofit global association that develops and promotes the adoption of globally accepted practices for information security, in collaboration with the RSA Conference published a survey titled: The State of Cyber Security: Implications for 2015.

The survey found that while boards of directors are now including cyber security on their agendas security still isn’t where it should be. The survey also revealed that despite organization’s anticipating attacks there is a lack of sufficiently trained talent available to fill security positions.

According to Eddie Schwartz, who chairs ISACA’s Cyber Security Task Force, only about 25 percent of applicants had the requisite skills to fill open security positions. Schwartz told Security Current’s Vic Wheatman about the survey, and security certifications ISACA is rolling out to meet the growing need for skilled cyber security professionals.

The free study is available here



Next Generation Endpoint Protection

Is there room for yet another endpoint protection product in a market crowded with alternatives?

SentinelOne says there is and that they are reinventing endpoint protection with an aim to replace antivirus within the enterprise. In this sponsored podcast SentinelOne explains its approach to protecting against advanced persistent threats (APTs) and zero-day attacks while also providing forensics.

Tomer Weingarten, co-founder and CEO of SentinelOne, explains to Security Current’s Vic Wheatman just how the startup combines behavior detection with cloud intelligence and whitelisting to block, detect and predict attacks.



Gartner Analyst on the Bus – Security Budgets Up as Staffing Down

The percentage of the IT budget allocated to security is increasing. In fact, it is growing at a faster rate than the overall IT budget.

But what about staffing? Security departments have too many consoles to manage, and have too many false positives to consider. I

n this podcast recorded on one of the shuttle buses at RSA, Security Current’s Vic Wheatman speaks with Greg Young, Vice President and Research Director for Gartner, who offers specific advice for both CISOs and the vendors who sell to them, about these trends.More than 90 percent of enterprise security problems are reportedly caused by malicious email.



The New Perimeter is Around the Cloud: CYREN Annual Report Details Latest Threats

Some 2.5 billion emails containing malware were sent in 2014. Malware URLs are on the rise. Phishing URLs are on the rise. And according to CYREN’s 2015 Cyber Threats Yearbook it doesn’t appear that attackers will be letting up any time soon.

The CYREN report, which analyzed 5 trillion Internet transactions, found that while high-profile breaches like Home Depot and Sony made headlines, attackers have set their sights on enterprises of all sizes and notoriety. No organization is immune. It also found that BYOD, consumer grade products, are creating new vulnerabilities in the enterprise.

Knowing the threat sources and how armies of botnet machines are being spawned to spread malware is key to building effective defensive strategies.

In this sponsored podcast, Security Current’s Vic Wheatman speaks with Lior Kohavi, CYREN’s Chief Technology Officer. They discuss the reports findings and how cloud-based security solutions are being use to predict and subsequently mitigate against attacks.

Read the complimentary CYREN Cyber Threat Yearbook


Protecting Against Email Attacks

More than 90 percent of enterprise security problems are reportedly caused by malicious email.

The number of corporate phishing attacks is growing. It isn’t a matter of if an employee will click on that malicious email or voicemail but just a matter of when.

Blocking, detecting and responding to phishing, spear phishing and other email-based attacks is now a fundamental enterprise security requirement.

And looming large on the horizon are attacks launched via social media. In fact, according to security vendor Proofpoint 1 out of every 5 large enterprise brands on Twitter last year did not actually belong to the brand.

In this sponsored podcast Security Current’s Vic Wheatman speaks Kevin Epstein, Vice President of Advanced Security and Governance with Proofpoint about combatting today’s advanced targeted attacks.



Tempered Networks: Addressing TCP/IP Vulnerabilities

2015 has been dubbed the year of the security start-up and competition has never been greater. How do CISOs who are responsible for the security of their enterprises identify cutting edge technologies?  And how do the start-ups rise above the tide?

Security Current launched its inaugural High Stakes competition during the 2015 RSA Conference. The invitation-only High Stakes offered CISOs the opportunity to hear from today’s cutting edge security start-ups.

One sponsor of the event waas Tempered Networks. Led by Jeff Hussey, Tempered Networks co-founder and CEO, the Seattle-based company aims to address a fundamental security vulnerability in TCP/IP to ensure secure connectivity for business critical information and infrastructure. A serial entrepreneur with a focus on security, Hussey previously founded F5.

In this sponsored podcast with Security Current’s Vic Wheatman, Hussey discusses how his company’s approach differs from other solutions, such as firewalls and encrypted links, and why the CISOs should select Tempered Networks to secure their environments.