In this special edition of The Holtz Story, we’re joined by MJ Shoer SVP, Executive Director, CompTIA ISAO, and Brett Scott Director Security Training and Enablement at Tech Data to discuss the Biden Administration’s Cybersecurity Executive Order. This episode covers a lot of ground, from the evolution of the Defense in Depth (DiD) mindset to zero-trust, threat and intelligence sharing, data and metrics, ratings, and more.
Listen in as Tracy, MJ, and Brett discuss how the executive order spells out zero-trust, how it calls for an evolution of the DiD mindset. MJ points out that it is impossible to set up a perimeter bad actors can’t penetrate, so embracing zero-trust makes sense.
The conversation then shifts to how the government often has early insight into potential threats, and they need to share this information sooner and more effectively. Brett adds that the bad guys share information quite effectively, precisely what the government needs to do.
Brett shifts the conversation again to data and metrics and how they should lead your cybersecurity strategy. You need to know what’s going on – so you know what to do about it. MJ believes automation holds promise but isn’t the sole cure. MJ also adds cybersecurity is a team sport, and the good guys should work together. There’s an industry opportunity to do this right now without regulation.
Tracy introduces the topic of ratings for security frameworks. MJ shares that he believes there need to be some standards developed on what represents an adequate security framework. What’s the minimum? What’s advanced? Brett points to CISA, the Cybersecurity & Infrastructure Security Agency, and how they are leveraging various frameworks that can be used as benchmarks.
We end with a discussion of cyber insurance and how it could push the adoption of basic security frameworks. Organizations like CompTIA and distributors like Tech Data are working together to document what CISOs should be asking and creating education programs to help.
We hope you enjoy the show. If you do, please share it with colleagues and remember to subscribe using your favorite podcast platform (I.e., iTunes, Stitcher, Spotify, Google Play, etc.).
In this special edition of The Holtz Story, we’re joined by MJ Shoer SVP, Executive Director, CompTIA ISAO, and Brett Scott Director Security Training and Enablement at Tech Data to discuss the Biden Administration’s Cybersecurity Executive Order. This episode covers a lot of ground, from the evolution of the Defense in Depth (DiD) mindset to zero-trust, threat and intelligence sharing, data and metrics, ratings, and more.
Listen in as Tracy, MJ, and Brett discuss how the executive order spells out zero-trust, how it calls for an evolution of the DiD mindset. MJ points out that it is impossible to set up a perimeter bad actors can’t penetrate, so embracing zero-trust makes sense.
The conversation then shifts to how the government often has early insight into potential threats, and they need to share this information sooner and more effectively. Brett adds that the bad guys share information quite effectively, precisely what the government needs to do.
Brett shifts the conversation again to data and metrics and how they should lead your cybersecurity strategy. You need to know what’s going on – so you know what to do about it. MJ believes automation holds promise but isn’t the sole cure. MJ also adds cybersecurity is a team sport, and the good guys should work together. There’s an industry opportunity to do this right now without regulation.
Tracy introduces the topic of ratings for security frameworks. MJ shares that he believes there need to be some standards developed on what represents an adequate security framework. What’s the minimum? What’s advanced? Brett points to CISA, the Cybersecurity & Infrastructure Security Agency, and how they are leveraging various frameworks that can be used as benchmarks.
We end with a discussion of cyber insurance and how it could push the adoption of basic security frameworks. Organizations like CompTIA and distributors like Tech Data are working together to document what CISOs should be asking and creating education programs to help.
We hope you enjoy the show. If you do, please share it with colleagues and remember to subscribe using your favorite podcast platform (I.e., iTunes, Stitcher, Spotify, Google Play, etc.).