View
378
Download
0
Embed Size (px)
Citation preview
@NTXISSA#NTXISSACSC4
Disclaimer
Thispresentationisanexcerptfrommyprofessionallifeasasecurityleaderoverthelast15+years.Itisnot arepresentationof
whatIdotodaybutrathera“sample”ofhowIwork.”
NTXISSACyberSecurityConference– October7-8,2016 2
@NTXISSA#NTXISSACSC4
Warning!!!
Someofwhatyouwillseedoesnot represent“normal”humanbehavior!
…howevermanyofyourwillfindthebehaviorquitefamiliar…
someofyouwillnotgetanyofthisatall…IworryaboutthatgroupJ
NTXISSACyberSecurityConference– October7-8,2016 3
@NTXISSA#NTXISSACSC4
Thingsaredifferenttoday!
- Wewanteda“seatatthetable”andnowwehaveit.- Someofuscanleveragethisscenario.- Someofusdon’tknowwhattodo.
- Boardmembersarestartingto“getit.”- Securityasameanstoprotecttheshareholder.- Securityasameanstoprotectbusinessprocesses.- NowBoardmemberswant“real”proofbasedonspecificmetrics.
- Businessengagementincyber/info/securityisresultinginhigherlevelsofperformanceexpectations(riskvs.cost),regulatorycomplianceandduediligence.
- Cybersecurity/InformationSecurityisabusinesstopic.It’snotabout“security.”it’sabout“risk.”
NTXISSACyberSecurityConference– October7-8,2016 4
@NTXISSA#NTXISSACSC4
Timetowakeup!
NTXISSACyberSecurityConference– October7-8,2016 5
4:30am
6
McKinney,TX
12:30pm 11:30pm12:30pm 5:30am
@NTXISSA#NTXISSACSC4
WhatamIthinkingat4:30am?
NTXISSACyberSecurityConference– October7-8,2016 6
PLAUnit61398
The US State Department and the Federal Bureau of Investigation announced Tuesday a $3 Million reward for the information leading to the direct arrest or conviction of Evgeniy Mikhailovich Bogachev, one of the most wanted hacking suspects accused of stealing hundreds of millions of dollars with his malware.
@NTXISSA#NTXISSACSC4
Actually,at4:30amIamthinkingthis…
Ifsomeonereallywantstokillyou…youwilldie!
NTXISSACyberSecurityConference– October7-8,2016 7
@NTXISSA#NTXISSACSC4
5:00am- QuickReviewofSecurityNews
NTXISSACyberSecurityConference– October7-8,2016 8
@NTXISSA#NTXISSACSC4
Onthewaytotheoffice…
NTXISSACyberSecurityConference– October7-8,2016 10
Yum,Yum!!Keepingtheteamhappy…
@NTXISSA#NTXISSACSC4
Andthedayattheofficebegins…
• Reviewdashboards• Reviewthreatintelligencedata• Discussapplicationcontrolrequirementswithprojectmanager• Discussapplicationsecuritytestingwithanotherprojectmanager• Attendhuddlewith“peer”executives• Attendhuddlewithothertechnologyteamleads• Reviewslidesforsteeringcommitteemeeting• Reviewslidesfortechnologyoperationsmeeting• MeetwithCEO• MeetwithCIOregarding“customerexperience.”
NTXISSACyberSecurityConference– October7-8,2016 11
@NTXISSA#NTXISSACSC4
Andthedaycontinues…• Reviewvulnerabilityremediationmetrics• Conductvendorduediligenceinquiry• Attendfirewallrulereviewmeeting• Meetwithvendor#1whoisactuallysolvingsomeofmyproblems• Meetwithvendor#2whoisonlyinterestedinmy$$$• Meetwithvendor#3regardingonemorethingIdidnotknowIneeded!• AttendSOXcontrolframeworkmeeting• ProcessrequestfromLegaldepartment• Discuss“zero-hour”malwarevariant• Discussupgradeofsecurityinfrastructurecomponents• ConductGartnercallregardingoptiontoreplace“endoflife”product• Discusscontentforsecurityawarenessposters• Discusssecurityawarenesstrainingclasscontent• Finalizecontentforsecurecodingclasses• Meetwith“beancounter”regardingbudget• Conductstaffmeeting• Conduct1:1meetingswithdirectreports• ReviewnewFFIECregulation• ReviewnewNYstatecybersecurityregulations
NTXISSACyberSecurityConference– October7-8,2016 12
@NTXISSA#NTXISSACSC4
Andthedaywindsdown…• Attendoff-sitestrategyteammeeting• Answerquestionsregardingrelocationofteamtoadifferentlocationinbuilding• ManageFFIECexamination• ManageSOXaudit• Managerpentestingengagement• Discuss“nextgen”endpointintegration• TakeacallfromuserthatdoesnotlikeanyformofMDM• Discussendpointperformanceenhancementstrategy• Discusspatching• Gooveremployeesurveyresults• Visitwithalldepartmentheadstodiscussneeds/wants• Workonnextyearsbudget• Gothroughalle-mailmessages• Workonsecuritystrategyandarchitecturechanges• Workonsecurityinfrastructure• Workonpolicy,standardsandprocedures• Discusstrainingneedsforteam• MeetwithHRregarding“newhires”• MeetwithIAMteamregardingprocessautomation• Meetwithcomplianceleadership• Meetwithfieldregionalleadership• Answerquestionsregardingspeakingengagement• AnswerquestionsforInternalAudit• MeetwithInternalAuditregardingauditplanfornextyear• Talkwithinternsregardinginfosec• Gogetcoffeebecauselunchneverhappenedtoday• Contemplatehowit’sactuallypossibletohave15meetingsinoneday…
NTXISSACyberSecurityConference– October7-8,2016 13
@NTXISSA#NTXISSACSC4
LifeasaCISOtoday=240%
NTXISSACyberSecurityConference– October7-8,2016 14
Governance Policy Strategy Architecture
People BusinessEnablement Compliance HelpingOthers
30%
30%
30%30%
30%
30%
30%
30%
@NTXISSA#NTXISSACSC4
AverageDaySummary…
NTXISSACyberSecurityConference– October7-8,2016 15
6:30amReviewscheduleande-mailduty7:00amReviewthreatintelligencedatadashboards8:00amOn-linemetingwithvendorfromNewYork8:45amAttendexecutiveupdatemeeting9:00amAttendTechnologyupdatemeeting10:00amMeetwithSOCcomplianceteam11:00amMeetregarding2017budgetplanning11:30amConduct1:1meetingwithkeystaff12:00pmE-maildutyandcatchuponmywork1:00pmConductSecurityOperationsmeeting2:00pmMeetwithInternalAuditregardingauditin-progresswork3:00pmAttendchangemanagementmeeting4:00pmConductsecuritystaffmeeting5:00pmAttendmeetingwithCIO5:30pmMeetwithLegalteamregardingrequestsin-progress6:00pmAttendapplicationsecuritymeeting6:30pmCallitaday…
@NTXISSA#NTXISSACSC4
W.I.N(What’sImportantNow!)
NTXISSACyberSecurityConference– October7-8,2016 16
Keyquestionsdrivingmydailyfocus:- Domyseniorexecutiveshavecomfortwiththedefined“riskappetite?”- AmIawareofandamIcommunicatingcriticalchangestothethreatlandscape?- AmIbalancingriskandcostatacceptablelevels?- Ismyteameffective?- CanIdetectandrespondtoanincidentinanefficientmanner?- AmIabletodemonstratethattheattacksurfaceisshrinking?- AmIleveragingalltheresourcesinthemostefficientmanner?- AmIprioritizingbasedonrisk?- AmIabletotranslatedata…intoinformation…intointelligence?- AmIagood“servantleader?”- AmIfocusedondoingbettertodayvs.yesterday?
@NTXISSA#NTXISSACSC4
HeadingHome!
NTXISSACyberSecurityConference– October7-8,2016 17
6:25pmHeadinghomeafter12hours
7:00pmDinnerwithfamily
7:30pmWalkwiththedogandfamily
8:00pmTelevision/iPad
8:30pmTalktoCIOregardingproductionissues
9:30pmLookate-mailonelasttime
10:00pm…
2:50amAlertcallfromtheSOC!
@NTXISSA#NTXISSACSC4
WhatamIthinkingwhenIgotosleep?
Ifsomeonereallywantstokillyou…youwilldie!
NTXISSACyberSecurityConference– October7-8,2016 18