Welcome to Episode 06 of "Secrets of AppSec Champions," titled "Working With Your CISO," featuring host Chris Lindsey and guest Yaron Levi, the Chief Information Security Officer (CISO) at Dolby Labs.
In this episode, Yaron Levi, with over 15 years of experience in various security functions, provides insights into the multifaceted role of a CISO. He discusses the relatively young profession, highlighting its diverse structures and responsibilities which include enabling businesses while managing risk and regulatory compliance.
The conversation delves into foundational aspects of security programs, such as governance, risk, compliance, and the importance of maintaining a robust defense posture. Yaron underscores the necessity for continuous learning and collaboration within the security field and emphasizes that the CISO's role is more about enabling safe business operations rather than strictly enforcing rules.
One of the key discussions revolves around the commonality of security threats, the significance of basic security measures, and how a substantial number of breaches stem from simple vulnerabilities like exposed credentials and misconfigurations. Yaron also emphasizes the importance of integrating security education for software developers and engaging software architects in mentoring roles.
The episode sheds light on the productive nature of bug bounty programs and responsible disclosure platforms for vulnerability testing. Yaron advocates for encouraging young individuals to engage in ethical hacking through structured channels.
The episode also touches on AI's impact on software development and security, reiterating a balanced approach to leveraging new technologies safely. The importance of simulations and tabletop exercises to prepare for security incidents is discussed, with example scenarios like ransomware attacks being used to test and improve response times.
Finally, Yaron stresses the importance of communication, especially in remote environments, urging employees to over-communicate any security concerns. He shares his experience of starting his role during the pandemic and highlights the significance of building trust remotely.
Chris Lindsey wraps up the episode by thanking Yaron Levi for his valuable insights and encourages listeners to subscribe, rate, and review the podcast to stay updated on future episodes.
00:00 Striving for 'Good Enough' in Business
06:01 Intentional Outreach and Security Measures: A Reminder
07:49 The Crucial Role of CISO in Cybersecurity and Software Development
12:49 Security: When, Not If
14:08 Prioritizing Cybersecurity Fundamentals: Key Threats Remain
19:50 The Minecraft Generation: Using Energy for Pen Testing
21:52 Building Bug Bounty Environment and Tabletop Exercises
25:36 Learning from a Ransomware Event Mishap
27:38 Challenges to Standardizing the CISO Role
33:15 Reframing the Role of Security: Protection Over Punishment
Additional information:
This episode has been provided by Mend.io
Chris Lindsey's LinkedIn account: https://www.linkedin.com/in/chris-lindsey-39b3915/
AppSecHive Public Community: https://www.linkedin.com/company/appsec-hive