Category Archives: Blog

Google Cloud Security: End-to-End Trust and Transparency in Your Stack – with David Cross

This episode is sponsored by the CIO Innovation Insider Offense and Defense Community.

My guest this week is David Cross and it is my second discussion with him. I loved talking to David when he was on the Microsoft side of the fence. Two years later, he is on the Google side of the fence as a Cloud Security Engineering Director, and I decided to bring him back on for another fun conversation.
We discuss Google’s on-premises Solutions, Data Custodian Model (SAP), the story behind BeyondCorp, Google’s beta product, called Identity-Aware Proxy and much more. Our conversation is a deep dive into IT Security and highly technical… Regardless of your title within IT Security realm, you will benefit from this conversation. Continue reading

Envision a World Without Wildlife Poaching … Uber Disrupts Transportation| Airbnb Disrupts Hotels| Amazon Disrupts Food | Pembient Disrupts Wildlife Poaching! – with Matthew Markus

This episode is sponsored by the CIO Innovation Insider Offense and Defense Community.

My guest this week is Matthew Markus, co-founder and CEO of Pembient.

We discuss digital biology, cellular agriculture, 3D printing, security of species, big visions, entrepreneurship and envisioning a world without wildlife poaching and the destruction of species.

What does it take to disrupt the illegal trade of animals and envision a world that has an increasing population of rhinos? Continue reading

A Thesis for Handling Defensive Security

Read Full Transcript

Ok, this is one thing that is near and dear to me that we built up. It’s a thesis on how I believe defense should be handled.

When you are moving at speed, and you have questions, for example I had questions within my company about how data loss prevention was being handled. In DLP different tools can be used to look for communication. For example, I received a communication from a bank, and I was talking with this bank officer about a variety of subjects and I replied to him. In that reply the bank officer had in the bottom heading of his email, way at the bottom under all of the legal language, which said “do not forward”. It was a “do not forward” rule. Well, when I replied to him that “do not forward” rule triggered our filter, but then that went and got distributed to people that would actually take care of that within our organization. We have a “do not forward rule” for a reason.
However, that potentially, could have been a problem because it was a reply to a bank officer. What if that communication to the bank officer is because we were in a financial crisis, and all of a sudden that got forwarded to people in my organization, that then saw we were in a financial crisis? We’re not at all, this was just planning items with a bank person, but pay attention to that.

Ask your team for what all of the DLP rules are, and ask for a screen shot of them. Don’t just ask for what they are, ask for a screenshot, proof, so you can review them, and look at them, and say ‘hah, this is interesting; this is an unintended consequence of something good’. I want to know that if a customer is sending a Visio diagram to my team, I don’t want that forwarded, and that’s why we have it there. We actually put “do not forward it” in this, and it won’t go anywhere.

Just look for the unintended consequences of these advanced security systems, so you can know how your systems are actually set up. OpenDNS helps with mobile devices, we want to know where people are going. If you want to see how those rules are set up, just ask. Ask your team to send you the screenshots, and to explain the different rules. It’s a 15 minute conversation but it helps you understand how your systems are set up.

That’s my tip for today.

 

In this CIO Innovation Insider, I wanted to share with you what I believe is an important step to take in managing your business’ advanced security systems. Ask your team about your DLP rules, and ask them for proof – don’t just take their word for it. It is important to understand these rules so that you can protect yourself from any unintended consequences.

Major Take-Aways from This CIO Innovation Insider:

Continue reading

Looking at Security From an Offense-Defense Point of View

Read Full Transcript

One of the things that came up out of my meetings yesterday, an in particular with a gentleman I’ve known for 20 years, is this concept of, especially in small and medium businesses, and I’m qualifying those between a hundred and a thousand employees, is a lot of times the CIO and the CISO go to bed with this nagging, this nervousness, because they don’t quite have everything taken care of on defense and they know it. It could be on the governance/compliance side, the audit side, or it could be on the actual real security management, which is the execution of the day to day reality that maps to the governance plan, and this is the challenge.
What I shared with a CIO last night that I’ve known for years is that his natural gut instinct is to play offense because he knows that’s where he adds tons of value to the company. Nobody’s coming to him saying ‘tell me about your defensive strategy and how it’s helping the company’. Unless you’re a bank, and they’re not a bank, but they do have security concerns, and his value is offense and happens to be world class at project management. Not just project management, they’re doing more with agile – he knows about more with agile methodology for project management then most of you ever know about. I’m actually going to have him on the podcast to talk about that because he’s just world class at it. That’s where his value is, but he can’t ignore defense, he knows it. I’m coming up with plans to help him with that, be much organic to the company.
I want to encourage all of you to start to look at security from an offense/defense point of view. If you could have your defense taken care of. If you could plug into a platform or a methodology that allows you execute at real-time on the real security management that’s needed, but then also be able to do the governance piece as well, really look at that as a vision for your security so that you can free up for offense. That’s super interesting for me, and I think it’s resonating with a lot of you that I’m talking to.
One of the pieces about this is I break it – offense and defense – into two categories. Message me about when we do the offense sessions. We have an offense session coming up next month, we have them very repeatedly, and it’s really geared to how you optimize as a digital transformation leader – offense, revenue generation, supporting revenue generation, within the company, and also you going out and potentially, pending the size and maturity of your company, going out and actually using some of the innovation design thinking principles to test the market so that you’re building products, whether you’re at that point or you’re just supporting the underlying infrastructure, both are equally valuable, you need to keep doing that for sure, for sure.
However, we want to keep taking care of the defense because that is super important that we can move fast with innovation and be able to build speed. However we also need to have an infrastructure defense capability that moves at pace and moves at a cadence as well where it doesn’t limit you.
That’s my message for today. Have a good day everybody.

In this CIO Innovation Insider, I wanted to share something that came out of a recent CIO meeting that I had. I want to encourage all of you to start looking at security from an offense-defense point of view. Imagine if you could plug into a platform or a methodology that allows you execute at real-time on the real security management that’s needed, but then also be able to do the governance piece as well, really look at that as a vision for your security so that you can free up resources for offensive security strategies.

Continue reading

CIO Innovation Insider Event Recap – October 2017

The October Innovation Insider lunch event was an incredible success, with 30 CIOs in attendance at the National Automobile Dealers Association (NADA) out in Tysons, VA. RedZone Technologies President & CEO Bill Murphy opened up the event with a keynote presentation on Exponential Technologies, Offensive and Defensive Innovation, and marketplace disruption.

Continue reading