Artwork

Innhold levert av Day One. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Day One eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.
Player FM - Podcast-app
Gå frakoblet med Player FM -appen!

ComfyCon, Risk-Based Cybersecurity, and Reconsidering Breach Penalties with Iain Dickson

1:04:51
 
Del
 

Manage episode 373122151 series 3463790
Innhold levert av Day One. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Day One eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

In the latest episode of Secured, Cole Cornford chats with Iain Dickson, Full Spectrum Cyber Practice Lead at Leidos Australia, a technology company working across defence, aviation and national security. Iain is also the co-founder of ComfyCon, an online cyber security conference which was started in response to the many event cancellations caused by the 2020 covid lockdowns.

Iain chats with Cole Cornford about taking a risk-based vs a compliance based-approach to cybersecurity, why punishing a company for their security breaches can sometimes be a bad idea in the long run, the importance of communication skills, and plenty more.

Secured by Galah Cyber website

Timestamps

4:30 - Iain: my entire career is finding issues in things.

7:15 - Are security professionals naturally risk averse?

8:00 - Compliance vs risk approach to cybersecurity.

9:00 - Cole: I try to understand the business before talking security.

9:15 - Iain: discussing optus breach & risk vs compliance.

11:00 - Should we persecute companies for having security incidents?

11:15 - The tenant of “zero trust.”

12:00 - Cole: as soon as you start being punitive, no one will want to work with you.

16:15 - Cole: a business is there to achieve an outcome.

16:50 - Cole: a lot of security challenges are user experience challenges.

18:15 - Cole: passwords solved the wrong problem (spicy take).

20:00 - Iain’s spicy takes.

21:40 - Companies claiming to help people meet “essential 8 compliance.”

25:35 - Essential 8 note very relevant to appsec.

28:35 - Iain’s background.

30:00 - Iain: I have a rule with vendors I work with: no selling.

31:30 - Cole: no Australian likes to be sold to.

33:30 - Cybersecurity in the OT space.

36:00 - Challenges in OT that don’t exist in other sectors.

38:45 - Difference when working on tangible vs non tangible software/hardware.

40:15 - Difference between software engineers & developers.

41:15 - Software as a profession hasn't existed very long.

44:50 - Iain’s advice.

49:30 - Cole: too much focus on technical skills.

50:20 - Iain: sometimes, leaders choose to accept risk.

51:15 - … and if you can’t accept that, you’re going to burn out.

53:00 - You can’t live without risk.

54:15 - Founding of Comfycon.

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
  continue reading

38 episoder

Artwork
iconDel
 
Manage episode 373122151 series 3463790
Innhold levert av Day One. Alt podcastinnhold, inkludert episoder, grafikk og podcastbeskrivelser, lastes opp og leveres direkte av Day One eller deres podcastplattformpartner. Hvis du tror at noen bruker det opphavsrettsbeskyttede verket ditt uten din tillatelse, kan du følge prosessen skissert her https://no.player.fm/legal.

In the latest episode of Secured, Cole Cornford chats with Iain Dickson, Full Spectrum Cyber Practice Lead at Leidos Australia, a technology company working across defence, aviation and national security. Iain is also the co-founder of ComfyCon, an online cyber security conference which was started in response to the many event cancellations caused by the 2020 covid lockdowns.

Iain chats with Cole Cornford about taking a risk-based vs a compliance based-approach to cybersecurity, why punishing a company for their security breaches can sometimes be a bad idea in the long run, the importance of communication skills, and plenty more.

Secured by Galah Cyber website

Timestamps

4:30 - Iain: my entire career is finding issues in things.

7:15 - Are security professionals naturally risk averse?

8:00 - Compliance vs risk approach to cybersecurity.

9:00 - Cole: I try to understand the business before talking security.

9:15 - Iain: discussing optus breach & risk vs compliance.

11:00 - Should we persecute companies for having security incidents?

11:15 - The tenant of “zero trust.”

12:00 - Cole: as soon as you start being punitive, no one will want to work with you.

16:15 - Cole: a business is there to achieve an outcome.

16:50 - Cole: a lot of security challenges are user experience challenges.

18:15 - Cole: passwords solved the wrong problem (spicy take).

20:00 - Iain’s spicy takes.

21:40 - Companies claiming to help people meet “essential 8 compliance.”

25:35 - Essential 8 note very relevant to appsec.

28:35 - Iain’s background.

30:00 - Iain: I have a rule with vendors I work with: no selling.

31:30 - Cole: no Australian likes to be sold to.

33:30 - Cybersecurity in the OT space.

36:00 - Challenges in OT that don’t exist in other sectors.

38:45 - Difference when working on tangible vs non tangible software/hardware.

40:15 - Difference between software engineers & developers.

41:15 - Software as a profession hasn't existed very long.

44:50 - Iain’s advice.

49:30 - Cole: too much focus on technical skills.

50:20 - Iain: sometimes, leaders choose to accept risk.

51:15 - … and if you can’t accept that, you’re going to burn out.

53:00 - You can’t live without risk.

54:15 - Founding of Comfycon.

Mentioned in this episode:

Call for Feedback


This podcast uses the following third-party services for analysis:
Spotify Ad Analytics - https://www.spotify.com/us/legal/ad-analytics-privacy-policy/
  continue reading

38 episoder

Semua episode

×
 
Loading …

Velkommen til Player FM!

Player FM scanner netter for høykvalitets podcaster som du kan nyte nå. Det er den beste podcastappen og fungerer på Android, iPhone og internett. Registrer deg for å synkronisere abonnement på flere enheter.

 

Hurtigreferanseguide

Copyright 2024 | Sitemap | Personvern | Vilkår for bruk | | opphavsrett