Podcasts News Easy Prey The Importance of Testing Your Cybersecurity Response with Steve Orrin

The Importance of Testing Your Cybersecurity Response with Steve Orrin

Published: April 5, 2023, 11 a.m.

b'

Cyberattacks can happen to an individual computer or an entire network. It\\u2019s vital to have well-tested plans in place before ransomware rears its ugly head. Today\\u2019s guest is Steve Orrin. Steve is Intel\\u2019s Federal CTO and Senior Principal Engineer. He leads public sector solutions architecture, strategy, and engagement and has held technology leadership positions at Intel. Steve was previously CTO, CSO, and co-founder of several successful security startups and is a recognized expert and frequent lecturer on enterprise security.

Show Notes:

  • [1:01] - Steve shares what his current role is at Intel Corporation and how he became drawn to the field.

  • [2:52] - There are risks everywhere. Where do we start when it comes to cybersecurity for a business?

  • [3:54] - Steve describes risk profiles and what you need to understand what you\\u2019re trying to protect.

  • [5:21] - Once you know your environment and risk profile, it\\u2019s time to look at the key things above security \\u201chygiene\\u201d and the processes to raise the bar.

  • [7:48] - There are benefits to microsegmentation, including smaller network enclaves.

  • [9:44] - Steve makes a suggestion for network segmentation when it comes to state of the art equipment.

  • [12:07] - Ideally, you want sensors in every network enclave but that isn\\u2019t always realistic.

  • [13:57] - Having network segmentation will also give you the information needed to find which part of your business receives an attack.

  • [15:39] - How do we protect data in the cloud?

  • [17:04] - It all goes back to understanding the data you need to protect.

  • [21:01] - Just like in your business, you need to know how your IT resources are being used and which ones are not right.

  • [23:20] - These building blocks help you see how you are utilizing security and it needs to be built in from the beginning.

  • [24:55] - Changing approaches in large organizations can seem challenging, but Steve says they are constantly modernizing and it\\u2019s all about perception.

  • [26:24] - Literally any type of company can be attacked because of every industry\\u2019s reliance on digital tools and infrastructure.

  • [28:16] - There are different types of attackers - those who target someone specific, those who are opportunistic, and those who are purely automated.

  • [29:44] - Everyone is a potential target even if you aren\\u2019t being targeted.

  • [31:33] - Planning will also help answer the question of how to continue running the business while ransomware is active.

  • [33:21] - Companies need to adopt a gamified system to train everyone in the organization on how to respond to an attack.

  • [35:13] - Supply chain issues exist in cybersecurity, but it\\u2019s not the same as other industries. They are problems that they are actively searching for a solution for.

  • [38:26] - When it becomes a requirement and in a contract, it will be adhered to.\\xa0

  • [40:26] - There are a lot of programs out there looking for the anomaly, but Steve says we aren\\u2019t looking in the right place.

  • [42:33] - Take all reports of suspicious activity seriously.

Thanks for joining us on Easy Prey. Be sure to subscribe to our podcast on iTunes and leave a nice review.\\xa0

Links and Resources:

\\xa0

'