From the Inside Out

Great Security Debate

Jan 20 2022 • 1 hr 5 mins

We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in.

And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the process we also covered:


  • Data Loss Prevention - Is it possible to improve this without the painful data classification, startup work or culture change?


  • When doing data analysis for attacks (or fraud) you have to account for the fraud already baked in the normal you know today


  • We can’t meaningfully count on IP address for geography…thanks to security asking for more use of VPNs


  • The pros and cons and risks to ponder when securing data in on premise vs. cloud/SaaS arrangements


  • When is the right time to establish a security team in a growing company? And how bad will the data sprawl be when they arrive?


  • Will the CTO/CIO and the CISO merge into a single role? Will the CIO report to the CISO eventually? It depends, of course, on the people and the organisation


  • Controls today may not be the controls we need for tomorrow


  • We try to secure things, but there’s also important value in good use of data to improve a business


  • Sunk cost fallacy and Security: when to burn it all down and start over


  • Audit is the best friend of the CISO: a new set of eyes and accountability partner makes all the difference


Dan also goes on a small tirade over the way security professionals use the term “the business” as something distinct from the security team that is absolutely part of the business itself. Enjoy that soapbox moment.


We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.


Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.


Thanks for listening!

Support The Great Security Debate

Links:

You Might Like

TED Radio Hour
TED Radio Hour
NPR
Darknet Diaries
Darknet Diaries
Jack Rhysider
Marketplace Tech
Marketplace Tech
Marketplace
Kim Komando Today
Kim Komando Today
Kim Komando
Hard Fork
Hard Fork
The New York Times
All-In with Chamath, Jason, Sacks & Friedberg
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
This Week in Tech (Audio)
This Week in Tech (Audio)
TWiT
WSJ’s The Future of Everything
WSJ’s The Future of Everything
The Wall Street Journal
Daily Tech News Show
Daily Tech News Show
Tom Merritt
Security Now (Audio)
Security Now (Audio)
TWiT
Elon Musk Podcast
Elon Musk Podcast
Stage Zero
TechStuff
TechStuff
iHeartPodcasts
Ask The Tech Guys (Audio)
Ask The Tech Guys (Audio)
TWiT
Acquired
Acquired
Ben Gilbert and David Rosenthal
Rich On Tech
Rich On Tech
Rich DeMuro
Fortnite Emotes
Fortnite Emotes
Lawrence Hopkinson
The Vergecast
The Vergecast
The Verge
Waveform: The MKBHD Podcast
Waveform: The MKBHD Podcast
Vox Media Podcast Network
Lofi ~ Sleep/Chill
Lofi ~ Sleep/Chill
Lofi King
The Artificial Intelligence Podcast
The Artificial Intelligence Podcast
Dr. Tony Hoang