Security Program Transformation Podcast cover art

Security Program Transformation Podcast

Security Program Transformation Podcast

By: Sidekick Security
Listen for free

About this listen

 Building a cybersecurity program is complicated. Building one that is equipped to truly enable the organization it serves is another thing altogether. Robert Wood from Sidekick Security interviews security leaders from a diverse set of organizations to talk about program transformations. From team design, technology, compliance versus security, and strategic leadership, learn about how to lead a program transformation of your own from people who have gone through it before.© 2024 Economics Management Management & Leadership Political Science Politics & Government
Episodes
  • Drowning in Data, Starving for Insight: Cyber Risk Quantification in Action

    Drowning in Data, Starving for Insight: Cyber Risk Quantification in Action
    Feb 19 2025
    In this conversation, Robert Wood and Mads Bundgaard Nielsen delve into the complexities of cyber risk quantification, exploring Mads' journey into this niche field, the importance of a business-first approach to risk management, and the distinctions between compliance and effective risk management. They discuss foundational steps for initiating risk quantification, the significance of stakeholder engagement, and the challenges of measuring non-financial impacts. The conversation also touches on the limitations of existing risk assessment tools and scoring systems, emphasizing the need for a more nuanced understanding of risk in cybersecurity. In this conversation, Robert Wood and Mads Bundgaard Nielsen delve into the complexities of vulnerability management and risk quantification in cybersecurity. They discuss the challenges organizations face in prioritizing vulnerabilities, the inefficiencies in third-party risk management, and the future of cyber risk quantification. Mads emphasizes the importance of understanding organizational attributes for effective risk management and shares valuable resources for those looking to enhance their knowledge in this field. Takeaways
    • Cyber risk quantification is often misunderstood and challenging to implement.
    • A business-first approach is crucial for effective risk management.
    • Compliance and risk management serve different purposes and should not be conflated.
    • Defining clear outcomes is essential before starting any quantification project.
    • Simplifying measurement processes can lead to better insights.
    • Stakeholder engagement is vital for successful risk decision-making.
    • Non-financial impacts can be just as important as financial metrics.
    • Quantification should not be an all-consuming task; focus on key scenarios.
    • Understanding the problem space is more important than technical expertise in quantification.
    • Existing risk tools often provide inadequate assessments, necessitating a more tailored approach. It's not true risk quantification, but some level of more specific measurement to vulnerabilities.
    • Our ambition of mitigating vulnerabilities is much larger than our capacity.
    • We need to categorize vulnerabilities based on their actual business risk.
    • The industry drowns in findings from vulnerability tools.
    • Third...
    Show More Show Less
    1 hr and 21 mins
  • From DMZs to DevSecOps: Building Modern AppSec Programs with Gunnar Peterson

    From DMZs to DevSecOps: Building Modern AppSec Programs with Gunnar Peterson
    Jan 15 2025
    In this conversation, Robert Wood and Gunnar Peterson delve into the complexities of application security (AppSec), discussing its evolution, the importance of building effective AppSec programs, and the need for engaging developers in security practices. They explore the blurred lines between cloud security and application security, the role of posture management tools, and the significance of an asset-centric approach to security. Gunnar emphasizes the importance of understanding key use cases and platforms within an organization, as well as the need for security professionals to broaden their skill sets to navigate the changing landscape of cybersecurity effectively. Takeaways
    • Application security is evolving, requiring a focus on both technology and human factors.
    • Understanding the organization's current state is crucial for building an effective AppSec program.
    • Coverage and efficacy are key metrics for assessing AppSec initiatives.
    • Engaging developers is essential for successful security practices.
    • In larger organizations, security efforts can become check-the-box activities.
    • The lines between cloud security and application security are increasingly blurred.
    • Posture management tools are emerging to address skill gaps in AppSec.
    • An asset-centric approach to security is gaining traction in the industry.
    • New security professionals should prioritize understanding key business use cases.
    • The future of security will require blending traditional practices with new technologies.
    Sound Bites
    • "Good judgment comes from experience."
    • "You have to have the humility to recognize."
    Chapters 00:00 Introduction to Application Security and Its Evolution 02:59. Building an Effect...
    Show More Show Less
    1 hr and 15 mins
  • From Cost Center to Business Driver: Making Security a Strategic Asset

    From Cost Center to Business Driver: Making Security a Strategic Asset
    Oct 30 2024
    In this conversation, Robert Wood, CEO of Sidekick Security, interviews Tyler Healy, CISO of DigitalOcean, discussing the evolution of security leadership, the importance of security as an enabler for business growth, and the dynamics of building a security team. They explore the challenges of engaging with customers, fostering internal relationships, and the balance between security and usability. Tyler shares insights on incident management, materiality assessments, and the significance of understanding how a business makes money to effectively align security initiatives with organizational goals. Takeaways
    • Security teams must engage with customers regularly.
    • Understanding business incentives is crucial for security leaders.
    • Security should be seen as an enabler, not a cost center.
    • Building relationships across departments enhances security effectiveness.
    • Product security should empower developers with the right tools.
    • Usability is key to successful security implementations.
    • Incident management processes must include materiality assessments.
    • Availability impacts must be considered in security discussions.
    • Third-party risks need to be managed proactively.
    • Security leaders should balance technical skills with effective communication.
    Chapters 00:00 Introduction to Security Leadership 06:02 Navigating Security as an Enabler 09:56 Building a Security Team from the Ground Up 15:54 Engaging with Customers and Stakeholders 20:00 Fostering Internal Relationships for Security
    Show More Show Less
    1 hr and 16 mins
No reviews yet
In the spirit of reconciliation, Audible acknowledges the Traditional Custodians of country throughout Australia and their connections to land, sea and community. We pay our respect to their elders past and present and extend that respect to all Aboriginal and Torres Strait Islander peoples today.