Say Easy, Do Hard, Minimum Viable Security - Part 1 - Jon Fredrickson - BSW Vault

Dec 23, 2024

CISOs face tough choices with flat budgets affecting security programs. The debate on minimum viable security strategies highlights key areas like identity management. Challenges of applying best practices in legacy environments are discussed. Patch and asset management are underscored as essential for vulnerable security postures. The conversation also emphasizes integrating risk management into business culture, promoting stakeholder engagement and transparency while tackling evolving cyber threats.

Ask episode

AI Snips

Chapters

Transcript

Episode notes

INSIGHT

Asset Management is Foundational

Asset management is foundational, encompassing hardware, software, people, and vendors.
It enables protection by providing visibility into what needs securing.

INSIGHT

Inferring Vulnerabilities

Inferring vulnerability data from the NVD is possible with a good asset inventory.
This eliminates the need for vulnerability scanning in certain cases.

ADVICE

Identity Management ROI

Prioritize identity management due to its noticeable business ROI.
Effective identity management streamlines access and improves efficiency, unlike firewalls.

Get the Snipd Podcast app to discover more snips from this episode

Get the app