re:invent security

In this episode of Reinvent Security, we dive deep into the world of vulnerability management with Dr. Nikki Robinson, a distinguished cybersecurity expert, author, and educator. With years of experience in IT operations and cybersecurity, Dr. Robinson brings a unique perspective to managing vulnerabilities in today’s ever-evolving threat landscape. During the episode, Dr. Robinson shares her journey from IT operations to earning a doctorate in cybersecurity, highlighting the pivotal moments that shaped her approach to vulnerability management. She emphasizes the importance of looking beyond patching to address the broader aspects of risk reduction, including human factors, automation, and AI. Whether you are a seasoned cybersecurity professional or someone looking to strengthen your organization’s approach to vulnerabilities, this episode is packed with actionable insights and strategies. As a bonus, Dr. Robinson shares her thoughts on the differences between vulnerability management practices in the U.S. and Europe, and how global frameworks like NIST are fostering consistency across borders. Chapters: 0:00 Introduction 4:31 Nikki’s Journey in Cybersecurity 7:57 Defining Vulnerability Management 10:35 Key takeaways from her book on Effective Vulnerability Management 22:00 First Steps to Mature Vulnerability Management 29:10 Prioritizing Vulnerabilities Beyond CVSS Scores 32:30 Automation in Vulnerability Management 39:15 Governance and Vulnerability Management 44:20 Key Takeaways Resources: Dr. Nikki Robinson’s books: Effective Vulnerability Management and Mind the Tech Gap Security Fatigue: https://www.researchgate.net/publication/361595380_Stress_Burnout_and_Security_Fatigue_in_Cybersecurity_A_Human_Factors_Problem Human Factors Security Engineering: https://www.tandfonline.com/doi/full/10.1080/07366981.2023.2211429 Human Factors in Cybersecurity: https://dl.acm.org/doi/abs/10.1145/3537674.3555782 Vulnerability Chaining Blog parts 1 and 2: https://blog.stackaware.com/p/vulnerability-chaining-part-1-a-logical Connect with Nikki: https://www.linkedin.com/in/dr-nikki-robinson/ Subscribe to this channel to find all new episodes: https://youtube.com/@reinventsecurity?feature=shared Listen on: Spotify: https://ap.lc/SzTrY Apple Podcasts: https://ap.lc/HmXhf FOLLOW ► Jeroen Prinse LinkedIn: https://www.linkedin.com/in/jprinse/ Irfaan Santoe: LinkedIn: https://www.linkedin.com/in/irfaansantoe/ ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they sit down with Prof. Dr. Bibi van den Berg, a renowned expert in cybersecurity governance. Bibi shares her unique perspective on the limitations of traditional risk management approaches in the rapidly evolving cyber landscape. She introduces the concept of value-driven decision-making, emphasizing the need to align security practices with organizational values, not just numbers. Discover how human behavior, technology, and regulations intertwine in cybersecurity, why data limitations pose significant challenges, and how organizations can rethink their approach to managing cyber risk. Whether you’re a seasoned security professional or new to the field, this episode offers fresh insights and practical advice to help you navigate the complexities of today’s cybersecurity challenges. Chapters: 00:00 - 03:04 Introduction of the episode and Prof.dr. Bibi van den Berg 03:44 - 06:03 How is Bibi contributing to reinventing security? 06:04 - 08:05 Safety Science vs. Cyber Risk Management 08:06 - 09:47 What inspired Bib to focus on Value Driven Decision Making? 09:48 - 21:19 What would be the main limitations of traditional risk management? 21:20 - 25:47 How does value driven decision making for risk differ? 25:48 - 28:52 Asset prioritization and value driven decision making 28:53 - 32:42 The challenge with board and the need to quantify 32:43 - 43:32 How can organizations define their core values? 43:33 - 48:49 Common challenges for organizations in transition to a more value based decision making approach 48:50 - 55:04 Key takeaways Jeroen & Irfaan Connect with Bibi: https://www.linkedin.com/in/bibivandenberg/ Subscribe to this channel to find all new episodes: https://youtube.com/@reinventsecurity?feature=shared Listen on: Spotify: https://ap.lc/SzTrY Apple Podcasts: https://ap.lc/HmXhf FOLLOW ► Jeroen Prinse LinkedIn: https://www.linkedin.com/in/jprinse/ Irfaan Santoe: LinkedIn: https://www.linkedin.com/in/irfaansantoe/ ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

Join hosts Jeroen Prinse and Irfaan Santoe as they dive in the world of DORA, together with Sander Zwiebel (NN). During this episode we discuss what DORA is, why it came to existence, the scope of DORA and challenges and solutions directions for getting DORA implemented. It is the FINAL COUNT DOWN because organizations in scope for DORA have to comply by January 2025. Chapters: 0:00 Introduction to DORA 01:02 Introduction of the episode and Sander Zwiebel 09:01 Introduction of DORA 13:06 DORA's Impact on Security 17:39 DORA's Impact on Financial Industry and Third-Party Management 28:59 Implementation Challenges Ahead 35:55 Tips for Successful DORA Implementation 40:55 Future of Regulatory Landscape 45:47 Closing Thoughts on Compliance and Security 52:50 Conclusion and Next Steps Resources: DORA formal law Digital Operational Resilience Act: https://eur-lex.europa.eu/legal-content/EN/TXT/?uri=CELEX%3A32022R2554&qid=1727030708806 DORA regulatory technical standards or RTS: https://www.eiopa.europa.eu/publications/second-batch-policy-products-under-dora_en DORA Questions and answers, joinedly done by the ESA’s (Eiopa, EBA, ESMA): https://www.eiopa.europa.eu/about/governance-structure/joint-committee/joint-qas_en ESA link to a dry run exercise on the information register, in order to learn as supervisor and supervisee how the information register is going to work on both sides: https://www.eiopa.europa.eu/esas-publish-templates-and-tools-voluntary-dry-run-exercise-support-dora-implementation-2024-05-30_en Dutch National Bank (DNB) link to DORA: https://www.google.com/url?q=https://www.dnb.nl/en/sector-information/open-book-supervision/laws-and-eu-regulations/dora/&source=gmail&ust=1727370130061000&usg=AOvVaw3GieR7OhPwfIElBvDRye_m Connect with Sander: linkedin.com/in/sander-zwiebel-241a16 [https://www.linkedin.com/in/sander-zwiebel-241a16] Subscribe to this channel to find all new episodes: https://youtube.com/@reinventsecurity?feature=shared Listen on: Spotify: https://ap.lc/SzTrY Apple Podcasts: https://ap.lc/HmXhf FOLLOW ► Jeroen Prinse LinkedIn: https://www.linkedin.com/in/jprinse/ Irfaan Santoe: LinkedIn: https://www.linkedin.com/in/irfaansantoe/ ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

Join hosts Jeroen Prinse and Irfaan Santoe in this thought-provoking episode of Reinvent Security as they welcome quantum computing and security expert Steve Hollands, Chair of the Board at Blackhills Quantum Computing. Steve dives deep into the fascinating and complex world of quantum computing, discussing its far-reaching implications for the future of cybersecurity. From the looming threat of quantum computers breaking traditional encryption to the opportunities quantum key distribution offers, this episode covers the cutting-edge advancements that could revolutionize security as we know it. Discover how AI and quantum computing could drastically shorten the timeline for encryption vulnerabilities, why businesses need to start preparing today, and the importance of crypto agility in a post-quantum world. Whether you're an IT professional, a cybersecurity enthusiast, or just curious about the future of technology, this episode delivers expert insights and actionable advice to help you stay ahead of the curve in the quantum era. Chapters: 00:00 Welcome to the podcast 00:35 Introduction of the episode and Steve Hollands 02:53 How is Steve contributing to Quantum proof security? 04:49 How does quantum computing differ from traditional silicon based computing? 08:53 How does quantum computing impact the field of information security? 12:16 What is the timeframe of quantum computing threats and opportunities? 15:26 What is quantum safe cryptography and what are researchers doing? 16:37 Crypto agility is a key security principle in any security strategy 18:27 Are actors using quantum capabilities everybody's problem? 20:54 How a Quantum Readiness Framework can help organizations towards a post quantum security strategy? 24:06 What steps should organizations be taking now to prepare for the future impact of quantum computing on their security infrastructure? 29:46 How to create a Quantum Secure Defense in Depth Strategy? 34:57 What other steps should organizations take to prepare for the future impact of quantum computing on their security infrastructure? 36:24 What are the regulatory and ethical considerations that come with the rise of quantum computing in information security? 37:09 Resources for your journey into quantum and security 38:26 Which board member is driving the change towards a post quantum organization? 41:38 Can we make quantum secure cryptography a service for the organization? 44:03 Wrap Up Resources: Forbes: https://www.forbes.com/sites/adrianbridgwater/2018/01/03/neuromorphic-computing-will-build-human-like-machine-brains/ Nature: https://www.nature.com/articles/s41928-021-00646-1 McKinsey, timeline for Q-Day: https://www.linkedin.com/posts/activity-7229084010952478720-9nku Blackhills new website: https://www.blackhillsquantum.com ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.

Join hosts Jeroen Prinse and Irfaan Santoe in this enlightening episode of Reinvent Security as they sit down with cloud security expert Ashish Rajan, founder of Kaizenteq and host of the Cloud Security Podcast. With 250+ cloud security podcasts to his name Ashish shares invaluable insights into the evolving landscape of cloud security, discussing key challenges, best practices, and future trends. Discover the importance of identity and access management, strategies to prevent misconfigurations, and how to balance data sovereignty with cloud service capabilities. Learn why incident response in the cloud needs more focus and how to strategically select the right tools for your cloud security needs. Whether you're a seasoned professional or new to cloud security, this episode offers actionable advice and deep expertise to help you navigate the complexities of securing your cloud environments. Chapters: 0:35 introduction 4:11 How is Ashish contributing to Cloud Security and AI? 08:30 Primary Cloud Security Challenge 13:22 Cloud Security Best Practices 23:10 The latest exciting trends in Cloud Security 29:18 How is data sovereignty impacting Cloud Security strategies? 34:30 Emerging threats and opportunities 37:20 Top 3 things to focus on starting tomorrow 40:11 Resources for your Cloud Security journey 44:05 Wrap up Resources: - Cloud Security Podcast - www.cloudsecuritypodcast.tv - Cloud Security Bootcamp - www.cloudsecuritybootcamp.com - Cloud Security Newsletter - www.cloudsecuritynewsletter.com ---------------------------------------- Hosted on Acast. See acast.com/privacy [https://acast.com/privacy] for more information.