SecurityTechTalk

A bad program is one that doesn't happen....#CyberSecurity @alcgroup

the most effective Security programmes are usually those which have full top down enterprise wide endorsement rather than be silo'ed per department / business unit @ATTCyber #RSAC #SecurityTechTalk #ATTInfluencer

Yes Dez....you need support of your leadership ...

@MusicComposer1 - yes indeed.. what examples have you seen that work best in today's challenging fast paced world?

A1 good programs remember that humans are often the weakest link; a simple human error can result in an astronomical problem! #attinfluencer

A good Cybersecurity program includes the right personnel, processes and technology. A bad one is missing one or more of these :)

A good #cybersecurity program prevents, detects and responds to #Cyber threats giving you the peace of mind so you can focus on the rest of your business! A bad one is one without a set plan. @ATTBusiness @ATTCyber #RSAC #SecurityTechTalk #ATTemployee

It's best to focus your efforts and start with the most common types of risks....data breach is No.1 @alcgroup #CyberSecurity

I see how this works now.... I think a good security program is one that learns over time (ala #machinelearning) regarding the threats.

One that aligns to the actual business objectives and goals. There are many good ways to run a cybersecurity program, but not all of them will be right for your org, your threat model, and your assets. #SecurityTechTalk

And phising is a huge attack vector...so carry out regular simulations....once a month...#CyberSecurity @alcgroup

@sstoesser Yes Sarah...you need a plan.

Another important aspect of security is being ready to respond to incidents. You're going to have a data breach so make sure you practice your response...#CyberSecurity @alcgroup

@bobehayes Definitely agree #AI is the future of #cybersecurity @ATTBusiness @ATTCyber #RSAC #SecurityTechTalk #ATTemployee

@evankirstel They are Evan...so training your people and reenforcing the learning is key #CyberSecurity @alcgroup

@bobehayes Don't forget #DeepLearning....he always gets missed out....#CyberSecurity @alcgroup

.@bobehayes, I understand that #ArtificialIntelligence is top of mind, but how does #MachineLearning play into that? #ATTInfluencer #ATTCyber #RSAC

@MusicComposer1 Definitely agree with this. Many boards are getting wise to the fact that a breach may happen, most don't like surprises, or not having a response plan.

@bobehayes Yes...attackers are using AI, so we must use the AI techniques in software to detect attacks. Static firewalls are less effective...we need AI threat management...as in @Office365...#CyberSecurity @alcgroup

@J4vv4D You have to accept that you're going to have a data breach....so just like an emergency response first responder...learn your #CyberSecurity first aid.....@alcgroup

@Kevin_Jackson Machine Learning is just another practice subset of AI focused mathematical algorithms...Deep Learning is another practice where we mimic how the brain works with neural networks...both are key to #CyberSecurity protections...@alcgroup

@Kevin_Jackson - #MachineLearning is a subset of AI... look at the security problems (in the form of data - the criteria) to identify the causes of those problems (the predictors). If you know what predicts security problems, you're better able to manage them.

@bobehayes, thanks.

@bobehayes - such a great point, how should we start this conversation - board room level or team / group level? @ATTCyber #RSAC #SecurityTechTalk #ATTInfluencer

@bobehayes Great point. Do you think many companies have the relevant data in a ML-friendly form? I guess I'm wondering if many are ready especially when so much is run on spreadsheets and held together by bubblegum. #securitytechtalk @Attcyber #RSAC

@J4vv4D Good question. I doubt their data are ML ready... but deep insights take time and energy. This is a good reason why management/executives need to budget for security.

I think this is an area where metrics are tricky. Simply giving metrics on particular attacks detected is not the best

A3 starting with the right key performance indicators (KPIs) and key risk indicators (KRIs)! #ATTInfluencer #ATTCyber #RSAC

Step 1. Ditch vanity metrics to measure. Counting something like number of blocked spam is like saying how many raindrops your umbrella kept off you. Focus on outcomes and measure towards those goals. #SecurityTechTalk

Many ways....but most importantly...baseline before and after your security program...phising is a great example...run a simulation..baseline results...train users...then run a simulation again and see the improvements...#CyberSecurity @alcgroup

You can't manage what you can't measure....I think that's from Peter Drucker....#CyberSecurity @alcgroup

An idea is to make a checklist of security controls and count, for each control, if you can articulate its value. In the @ATTBusiness #Cybersecurity report you can see more! https://www.business.att.com/learn/cybersecurity-r...
@ATTCyber #RSAC #SecurityTechTalk #ATTEmployee

There are some great tools...to help you determine what you should measure...and you may not get the measures right first time...so don't be afraid to pivot...if it's not working....#CyberSecurity @alcgroup

Try prototyping some measures to see if they work...and then expand from there....#Agile #CyberSecurity @alcgroup

First, identify what your security problems are and get measures that track each type of problem. One measure is never enough.

@securitybrew I think that measuring the severity and type of attack is important...but as you say...certainly not the end. Detecting that you have been breached is problematic...the av company takes ~180 days to detect a breach...#CyberSecurity @alcgroup

Right on Paul!!

I think it depends on the situation. In many situations #MSSP is the most effective way for organizations to handle business risks. Requires evaluation?

Will play an important role in helping organizations cope with hiring challenges and meet regulatory/ compliance requirements #rsac #attinfluencer #attcyber

It's important to understand that not all MSSP's are created equal. Important to evaluate capabilities. But the right one can nicely become an extension to the security department, allowing the team to free up time and resources to focus on strategic objectives.

From our latest @ATTCyber report... the right MSSP can enable 3 critical capabilities. #cybersecurity
@ATTBusiness #RSAC #SecurityTechTalk #ATTEmployee https://www.crowdchat.net/s/85smn

Hiring good Cybersecurity folks can be like looking for unicorns - tricky! So MSSP can make a lot of sense.

#MSSP steps in to help the company to... deal with data breaches, skills shortages and resource limitations. Think of them as a part of your data science team that ensures data are secure/safe.

@sstoesser Awesome list, Sarah.

Partnering is critical in every area of the IT department....extending this to security makes perfect sense....partners can leverage their intellectual property and people....so you can focus on your business...#CyberSecurity @alcgroup

@bobehayes Spot on Bob...it's your #DataCyberScience team.....#CyberSecurity @alcgroup

I think introducing MSSP as a way to help, not a challenge to their skills and expertise is a huge help.No-body likes a taddle tail!

Ensure the internal IT team gets other biz stakeholders involved (execs, #datascience team members, data users) to get a comprehensive picture of how data are used and why.

Even when things are up and running, continue to fine-tune and upgrade the systems together. MSSPs help #cybersecurity teams stay confident!!
@ATTBusiness @ATTCyber #RSAC #SecurityTechTalk #ATTEmployee https://www.crowdchat.net/s/75sn5

Collaborately....treat them like they work for your company....like an employee....embed them in your agile release trains...you know your CI/CD pipeline...#DevOps #CyberSecurity @alcgroup

@bobehayes Yes! It's all about collaboration between teams.