Episode 34

From the Inside Out

00:00:00
/
01:05:00

20 January 2022

1 hr 5 mins

Season 3

Your Hosts

About this Episode

We got a message from a listener asking for some discussion about putting the data first and securing it with that mind - the inside out, rather than looking at the perimeter and infrastructure and working back toward the data - outside in.

And since we love our listeners and your feedback, we took the chance to cover this topic in depth. In the process we also covered:

  • Data Loss Prevention - Is it possible to improve this without the painful data classification, startup work or culture change?
  • When doing data analysis for attacks (or fraud) you have to account for the fraud already baked in the normal you know today
  • We can’t meaningfully count on IP address for geography…thanks to security asking for more use of VPNs
  • The pros and cons and risks to ponder when securing data in on premise vs. cloud/SaaS arrangements
  • When is the right time to establish a security team in a growing company? And how bad will the data sprawl be when they arrive?
  • Will the CTO/CIO and the CISO merge into a single role? Will the CIO report to the CISO eventually? It depends, of course, on the people and the organisation
  • Controls today may not be the controls we need for tomorrow
  • We try to secure things, but there’s also important value in good use of data to improve a business
  • Sunk cost fallacy and Security: when to burn it all down and start over
  • Audit is the best friend of the CISO: a new set of eyes and accountability partner makes all the difference

Dan also goes on a small tirade over the way security professionals use the term “the business” as something distinct from the security team that is absolutely part of the business itself. Enjoy that soapbox moment.

We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head over to https://bit.ly/gsdyoutube and watch, subscribe and "like" the episodes.

Some of the links in the show notes contain affiliate links that may earn a commission should you chose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you do use them. We do not make our recommendations based on the availabliity or benefits from these affiliate links.

Thanks for listening!

Support The Great Security Debate

Episode Links

Great Newsletters Need No Debate

Subscribe below and we’ll notify you whenever a new episode of The Great Security Debate is released.

    We respect your privacy. Unsubscribe at any time.