Blog - Page 2 of 115 - J Wolfgang Goerlich

Investments in cybersecurity initiatives, Spiceworks

August 26, 2023

“Good security first delivers a business outcome and then, and only then, as a result, increases security,” noted J. Wolfgang Goerlich, advisory CISO at Cisco Secure.

Excerpt from In the Line of Fire: Understanding and Conquering Cybersecurity Risks

The benefits of adopting zero trust go beyond its drivers. Through zero trust, organizations not only avoid risk (and thus unnecessary costs) but also save capital through operational efficiencies and enable business.

Since implementing zero trust takes two or more years, Goerlich pointed out that organizations may not necessarily have 100% zero trust. “Today, the strongest predictor of whether or not organizations feel that they are achieving zero trust is whether or not they have automation, orchestration in place,” he said.

Aberdeen found that endpoint detection and response (EDR) and extended detection and response (XDR) are becoming mainstream as a result of zero trust thinking.

Goerlich reiterated this and added that organizations increasingly pair extended detection and response (XDR) with zero trust. “If you have a zero trust project in progress, you are 40% more likely to say, ‘I have an XDR/EDR project,’” Goerlich said. “ Because as we harden that layer, criminals are going to move. If you have end-to-end protection, where do they go? They go to the edge.”

Read the full article: https://www.spiceworks.com/it-security/cyber-risk-management/articles/cybersecurity-risk-management-zero-trust/

This post is an excerpt from a press article. To see other media mentions and press coverage, click to view the Media page or the News category. Do you want to interview Wolf for a similar article? Contact Wolf through his media request form.

Joining the Coffee Table talks with Rachel Arnold

August 1, 2023

On a webinar with my wife, the lovely Stefani Goerlich, discussing our weekly Securing Sexuality podcast and our upcoming Securing Sexuality Conference. That’s happening this October in Detroit, Michigan. Get your tickets!

Joining Midori on the Consent Dojo

July 12, 2023

We “Value” Your Privacy: Digital Consent with J Wolfgang Goerlich + Midori

How has consent been co-opted with things like end user agreements and cookies, and what can we do about it?
What can we consent to when it comes to digital toys and tech, including sex toys and sex tech?
What are consent technologies, and are there new developments, innovative technologies, or new approaches?
How are people advocating for themselves, individually or collectively, to take back control over our tech?

A pre-mortem on Zero Trust

May 1, 2023

Zero trust offers organizations an approach that can help to significantly improve security posture and help to minimize risk. But what would happen if, let’s say, an organization had fully implemented zero trust and yet at some point several years into the future had a breach? What would be the likely reasons?

Excerpt from: How a pre-mortem can tell you what’s wrong with Zero Trust

“Our out of scope is in scope for adversaries,” Goerlich said.

“Whenever a control reaches critical mass, the control will be bypassed,” he said. “Another way of saying that is all a better mousetrap does is breed better mice.”

He suggests that organizations deploying zero trust today, look at their roadmaps and make sure they have plans to sustain support, interest and engagement for years to come. Goerlich also recommends that zero trust implementers shore up out-of-scope areas to help reduce the attack surface.

Read the full article: https://www.sdxcentral.com/articles/analysis/how-a-pre-mortem-can-tell-you-whats-wrong-with-zero-trust/2023/04/

Empathy, kindness, and behavior economics on We Hack Purple Podcast

February 21, 2023

Tanya Janca invited me onto her We Hack Purple Podcast to discuss vulnerabilities beyond code. Along the way, we cover behavior economics and the importance of empathy in cybersecurity design. “Kindness is the original security principle” makes an appearance, as we talk about how all this and more applies to building better products.

Our conversation was sponsored by the Diana Initiative, a conference committed to helping all those underrepresented in Information Security.

To see listen to other podcast interviews, click to view the Podcasts page or the Podcasts category.

Cybersecurity Maturity Model Certification (CMMC): considerations for self-attesting

February 13, 2023

Suppliers who need to achieve Level 1, the most basic certification, may forgo seeking outside help and perform initial and annual assessments themselves.

Excerpt from: Navigating Cybersecurity Maturity Model Certification (CMMC) 2.0

“Suppliers with strong confidence in their audit and compliance teams, and suppliers with sufficient staffing, are ideally positioned should they decide to achieve Level 1 without external support,” added Wolfgang Goerlich, advisory chief information security officer, Cisco Secure, the portfolio of security products offered by San Francisco-based Cisco. “Such internal compliance initiatives can move quicker than bringing in a third-party when the people on the team have the relationships and understanding of how the practices are performed.”

The approach Goerlich describes may save money, but it won’t provide external validation and new perspectives.

“Achieving Level 1 with an internal project team answers the question, ‘What are we doing?’ but cannot answer the questions, ‘What are others doing, and what should we be doing?’” Goerlich said.

Read the full article: https://www.sme.org/technologies/articles/2023/february/navigating-cybersecurity-maturity-model-certification-cmmc-2.0/

IT security then and now, on IT and the D podcast

February 9, 2023

Ten years ago, I was the first guest on IT in the D podcast. (I won’t go back and listen. It’s like looking at photos of yourself in high school.) I was there to promote the BSides Detroit conference. Now that I’m doing another conference this year, they invited me back to talk about what’s changed in ten years. Take a listen.

IT Security Then and Now, Securing Relationships with Wolfgang Goerlich, Cybersecurity Strategist. This week we met with Wolfgang Goerlich. Not only is he a well respected CISO, he was our guest on Episode 1 (and episode 112). We had fun catching up, talking about security then vs. now, changes in philosophy, and mocked marketing jargon for commonly used tech. We ended by talking about Securing Sexuality, his conference and podcast, prompted by his wife, who is a relationship and sexuality therapist.

To see listen to other podcast interviews, click to view the Podcasts page or the Podcasts category.

Cybersecurity resolutions for consumers

January 17, 2023

I participated in a Satellite Media Tour to share cybersecurity resolutions for consumers to keep in mind heading into 2023. Resolve to secure your accounts, resolve to protect your toys and tech, and resolve to protect your privacy. These interviews saw more than 300+ airings, including Washington, D.C.’s WJLA, Jackson, Tennessee’s WBBJ-TV, Tampa Bay, Florida’s WFTS, Jacksonville, Florida’s WTLV-TV, Austin, Texas’ KEYE. Here’s the one from South Florida’s WSFL-TV, to give a flavor of the conversation.

Tech trends for 2023

December 21, 2022

Identity and access management solutions continue a hot streak for their capacity to improve operations.

Excerpt from: Tech Trends: Governments Express High Interest in IAM

At the Virginia Department of Transportation, a ransomware hack targeting the state’s traffic management system made it clear that it was time to beef up VPN security. For the state of Illinois, the issue was siloed technology operations within agencies that made it difficult for employees and residents to access tools and services.

The challenge for the city and county of Denver was what the government’s chief data officer described as multifactor authentication “sprawl.”

While each organization had to deal with its own problems, their IT teams all came to the same conclusion: They had to do better with identity and access management.

“I’ve never seen so much interest in this topic,” says Wolfgang Goerlich, Cisco’s advisory CISO for Duo, an identity and access management platform that both Denver and VDOT now rely on for protection from cyberthreats. “The big picture is that zero trust has become a mandate at multiple levels, and agencies are turning to identity and access management as one of the quickest paths to success.”

Read the full article: https://statetechmagazine.com/article/2022/12/tech-trends-governments-express-high-interest-iam

The Application Security Podcast — Security beyond vulnerabilities

December 1, 2022

“Wolf joins us to talk about some security things that will stretch your mind, like security beyond vulnerabilities, how apps intended functionality can be misused, data privacy, and nudges and behavior science. Wolf challenged my thinking in this episode and pointed out a new area of threat modeling I had never considered. We hope you enjoy this conversation with… J. Wolfgang Goerlich.”

Have a listen here: https://www.youtube.com/watch?v=oZe0Sp9JU3s

To see listen to other podcast interviews, click to view the Podcasts page or the Podcasts category.