Reviews
User Scrore
Rate This
Descriptions:
Hosts:
Kim Crawley, https://www.linkedin.com/in/kimcrawley/
Craig Ellrod, https://www.linkedin.com/in/craigellrod/
Our illustrious Guest today:
Carlota Sage
https://www.linkedin.com/in/carlotasage/
#JEEPneys
#DARKweb
#DEEPweb
#HACKERculture
#HACKERverse
#INFOsec
#CYBERsecurity
#CMMC
#SECURITYmaturity
#SECURITYhealth
#vCISO
#communityCISO
=====
What is Security Maturity and what is wrong with Security Maturity?
-CMMC is NIST
-CMMC doesn’t map to non government organizations
What is the Security Health Model?
Driving Factors:
-Grassroots or Ad Hoc
-Team or Compliance Driven
-Risk-Informed or Risk-Based?
What is a Security Health Checkup?
-What do you measure?
-How do you measure?
Who is doing security?
-Single person or Team – without leadership buy-in
-Part of your culture – leadership is bought in and helping drive
–Need a Security Leader that informs the Leadership
It’s more about People, Process and Technology
Your security budget needs to grow with Inflation and with your Revenue!
If you do hire a vCISO, ask them, if they are getting a kickback from the Managed Security Provider (MSP?)
Don’t work with that vCISO.
Work with a vCISO that will ask the MSP to give you a discount instead.
Expel is her preferred MSP vendor.
She has worked with them when she was at FireEye.
===== Links:
https://dodcio.defense.gov/CMMC/about/
https://github.com/carlota/showmethemoney
https://www.pocket-ciso.com/
