Empathy, kindness, and behavior economics on We Hack Purple Podcast

Archive for February, 2023

Empathy, kindness, and behavior economics on We Hack Purple Podcast

Posted by

Tanya Janca invited me onto her We Hack Purple Podcast to discuss vulnerabilities beyond code. Along the way, we cover behavior economics and the importance of empathy in cybersecurity design. “Kindness is the original security principle” makes an appearance, as we talk about how all this and more applies to building better products.

Our conversation was sponsored by the Diana Initiative, a conference committed to helping all those underrepresented in Information Security.

 


To see listen to other podcast interviews, click to view the Podcasts page or the Podcasts category.

Cybersecurity Maturity Model Certification (CMMC): considerations for self-attesting

Posted by

Suppliers who need to achieve Level 1, the most basic certification, may forgo seeking outside help and perform initial and annual assessments themselves.

Excerpt from: Navigating Cybersecurity Maturity Model Certification (CMMC) 2.0

“Suppliers with strong confidence in their audit and compliance teams, and suppliers with sufficient staffing, are ideally positioned should they decide to achieve Level 1 without external support,” added Wolfgang Goerlich, advisory chief information security officer, Cisco Secure, the portfolio of security products offered by San Francisco-based Cisco. “Such internal compliance initiatives can move quicker than bringing in a third-party when the people on the team have the relationships and understanding of how the practices are performed.”

The approach Goerlich describes may save money, but it won’t provide external validation and new perspectives.

“Achieving Level 1 with an internal project team answers the question, ‘What are we doing?’ but cannot answer the questions, ‘What are others doing, and what should we be doing?’” Goerlich said.

Read the full article: https://www.sme.org/technologies/articles/2023/february/navigating-cybersecurity-maturity-model-certification-cmmc-2.0/


This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

IT security then and now, on IT and the D podcast

Posted by

Ten years ago, I was the first guest on IT in the D podcast. (I won’t go back and listen. It’s like looking at photos of yourself in high school.) I was there to promote the BSides Detroit conference. Now that I’m doing another conference this year, they invited me back to talk about what’s changed in ten years. Take a listen.

IT Security Then and Now, Securing Relationships with Wolfgang Goerlich, Cybersecurity Strategist. This week we met with Wolfgang Goerlich. Not only is he a well respected CISO, he was our guest on Episode 1 (and episode 112). We had fun catching up, talking about security then vs. now, changes in philosophy, and mocked marketing jargon for commonly used tech. We ended by talking about Securing Sexuality, his conference and podcast, prompted by his wife, who is a relationship and sexuality therapist.


To see listen to other podcast interviews, click to view the Podcasts page or the Podcasts category.