LIVE Topic: Your Community CISO w/Carlota Sage – from inside the HACKERverse

Turn Off Light
Auto Next
More
Watch Later
Report

Report


Reviews

85 %

User Scrore

2 ratings
Rate This

Descriptions:

Hosts:
Kim Crawley, https://www.linkedin.com/in/kimcrawley/
Craig Ellrod, https://www.linkedin.com/in/craigellrod/

Our illustrious Guest today:
Carlota Sage
https://www.linkedin.com/in/carlotasage/

#DARKweb
#DEEPweb
#HACKERculture
#HACKERverse
#INFOsec
#CYBERsecurity
#CMMC
#SECURITYmaturity
#SECURITYhealth
#vCISO

=====

What is Security Maturity and what is wrong with Security Maturity?
-CMMC is NIST
-CMMC doesn’t map to non government organizations

What is the Security Health Model?

Drivng Factors:
-Grassroots or Ad Hoc
-Team or Compliance Driven
-Risk-Informed or Risk-Based?

What is a Security Health Checkup?

-What do you measure?
-How do you measure?

Who is doing security?
-Single person or Team – without leadership buy-in
-Part of your culture – leadership is bought in and helping drive
–Need a Security Leader that informs the Leadership

It’s more about People, Process and Technology

Your security budget needs to grow with Inflation and with your Revenue!

If you do hire a vCISO, ask them, if they are getting a kickback from the Managed Security Provider (MSP?)
Don’t work with that vCISO.
Work with a vCISO that will ask the MSP to give you a discount instead.

Expel is her preferred MSP vendor.
She has worked with them when she was at FireEye.

===== Links:
https://dodcio.defense.gov/CMMC/about/

https://github.com/carlota/showmethemoney

https://www.pocket-ciso.com/

Leave your comment

Your email address will not be published. Required fields are marked *