Few disciplines change as quickly and continually as cybersecurity. For many CISOs, the pace of change and learning opportunities are what drew them to security in the first place. But it’s also hard to keep up with.
That’s why we teamed up with Troy Hunt, web security consultant and creator of Have I Been Pwned, on a YouTube series called Hello CISO. In each episode, Hunt breaks down some of today’s biggest security challenges, and the approach you should take to combat them as a modern CISO.
“The responsibilities of the modern CISO are expanding as digital infrastructure grows more complex. It’s no longer feasible to protect against every single threat, so you have to think more strategically. We need to work smarter, not harder – and that’s what I want to explore in this series." – Troy Hunt, web security consultant and creator of Have I Been Pwned
The last episode in the series was recently published on YouTube, so what better time to sit down and binge watch them all? You can browse individual episodes below, or check out the full playlist over on our YouTube channel.
Episode 1 (parts 1 & 2): The downfall of on-premise security
In the premier episode of Hello CISO, Troy goes back to the roots of modern IT: the on-prem model. In this two-part episode, he covers the rise and fall of on-prem, the paradigm shift that followed, and what IT leaders can expect moving forward.
Episode 2: Phishing advancements powered by AI
Phishing isn’t the same beast it was 20 years ago. Thanks to advancements in artificial intelligence, phishing attacks are more advanced than ever — and IT leaders are struggling to keep up. In this episode of Hello CISO, Troy touches on the current state of AI in phishing, where it’s headed, and what you can do to prepare.
Episode 3 (parts 1 & 2): Shadow IT is here to stay
The work from home trend exposed a growing security threat that’s been on IT’s radar for years: shadow IT. With more people using apps and services outside the purview of IT, a new way of thinking has emerged to confront the new reality. In this episode, Troy explains why shadow IT is here to stay, and why the associated loss of control isn’t the end of the world.
Episode 4: Enterprise data collection and workers’ right to privacy
How do you balance data collection at work with workers’ inalienable right to privacy? It’s a fine line to walk, but if you always err on the side of employee privacy, it’s hard to go wrong. In this episode, Troy breaks down how to systematize that balance – and how to uncover the hidden costs of data collection.
Episode 5: MFA in the enterprise
Is multi-factor authentication (MFA) always a good idea? What type of threat does it protect against? Can IT leverage MFA to tighten security without negatively affecting productivity? In this episode, Troy explores MFA in the enterprise: what it is, and perhaps more importantly, what it isn’t.
Episode 6: How to secure your network when your workforce is remote
IT isn’t only about – or even primarily about – technology itself. IT is about people. Nowhere is that more apparent than in our homes, where many of us were forced when the COVID-19 pandemic pushed us out of the office. In this episode, Troy talks about the two most important aspects of securing a work from home environment.
Episode 7: Secrets management and infrastructure
Secrets management isn’t just about usernames and passwords anymore, so how do you protect an infrastructure comprised of physical machines, virtual machines, and people all constantly exchanging secrets? In this episode, Troy talks secrets: how to protect them, and why the old way of thinking won’t cut it anymore.
Episode 8: Common sense security policies and the bullshit ones
The best policies for security aren’t always the policies that end up in the company security manual. Why? In this episode, Troy explores the difference between good security policies and cover your ass (CYA) security policies… and how to close the gap between the two.
Episode 9: Practicing good breach response
What makes a company successful at breach response? In a word, preparation. In this episode, Troy breaks down an historically bad example of breach response, and how to avoid a similar fate.
Episode 10: The CISO regulation minefield
You can’t undertake every compliance initiative under the sun, so how do you prioritize? Talk to the right people, understand the ripple effects of each initiative, and know which will harm and which will strengthen security. Learn more in this episode of Hello CISO.
Episode 11 (parts 1 and 2): Hiring top-tier security professionals
Hiring can be more art than science. What should you look for when hiring security professionals? How important are degrees and certifications, really? In this episode, Troy breaks down how to spot the brightest talent.
Episode 12: Security training that’s actually useful
In this final episode of Hello CISO, Troy’s talking training: how to generate enthusiasm for training initiatives, why that’s so critical for success, and some practical tips to tailor your training to your learners and maximize retention.