May 5, 2021

Breach & Attack Simulation w/ Marlys Rodgers

by Cyber Ranch

Listen Now

test
00:00:00

Show Notes

Today we talk with Marlys Rodgers, who has been in cyber for over 20 years. She currently is CISO for CSAA Insurance Group and is running security for the company as well as running governance risk and compliance for technology. She shares that it feels like she is constantly balancing assessing with preventing. Allan brings up breach and attack simulation (BAS), and when it is most appropriate to implement in the context of the maturity of a security program. Marlys feels BAS is most effective when some, or most, of the intended controls are in place so you can focus on areas you need to strengthen. For her company, she was glad they did it earlier rather than later. They had a pretty good lead time to get systems to integrate. The way you use BAS, especially along with threat intelligence, is really important. If you don’t have a purple team, or a red and blue team how does one start or how do you reorganize? Hear how Marlys did just that. Tag-teaming works best! How has BAS helped in conversations with the audit team as well as the GRC team? More data gets shared with Audit and they become strong allies. Everyone is happy when fed real-world, real-time information. BAS is truly changing mindsets, and will ultimately alter prioritization and enhancing and inter-team communications as well. To wrap up the show, Marlys shares what about her job keeps her getting up in the morning and what she is looking forward to in cyber. Key Takeaways 0:21 Welcome Marlys 1:13 Short comical discussion on how one should pronounce BAS 1:29 Marlys shares her background and day job 3:35 When BAS comes into the picture 5:00 The trick 6:05 Allan asks Marlys how she stays up with it 8:52 Marlys explains why more time should be spent on extending capabilities 9:38 Suggestions are shared to roll out BAS 12:21 Importance of human elements 13:45 If you don’t have teams, what happens? 16:18 How BAS affects conversations with teams 20:00 Importance of transparency 21:27 Changing people, process and technology with BAS 25:00 Marlys shares the reason she is motivated to stay in cyber 26:01 Marlys shares when she is looking forward to in cyber Links: Learn more about Marlys on LinkedIn Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at AttackIQ
Read more

Recent Episodes

May 24, 2023
by Cyber Ranch

This episode is a bit scary.  Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side. Pre...

May 22, 2023
by Cyber Ranch

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include: Chris Kennedy, CISO @ Citadel Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group Reet  Kaur, CISO @ Portland C...

May 17, 2023
by Cyber Ranch

Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis. Dazz has completed a Series A investment round.  Semperis a S...

May 10, 2023
by Cyber Ranch

What is security chaos engineering?  You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity.  Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sust...

May 3, 2023
by Cyber Ranch

Bryan Liebert is one smart cookie.  Who bakes cybersecurity cakes.  But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity.  His specialty is creating simple to digest (we could not help it, sorr...

April 26, 2023
by Cyber Ranch

Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong: Cybersecurity viewed as a necessary evil, related to The Twilight Zone Ownership, Authority, Accountability: Invent...

April 24, 2023
by Cyber Ranch

Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas! The topic is data security: its challenges and how to overcome them. Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moo...

April 19, 2023
by Cyber Ranch

We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise.  We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys. ...

April 12, 2023
by Cyber Ranch

Emily Heath is a well-known and well-respected figure in cybersecurity.  She has been a CISO three times in a variety of industries, including software and a major airline.  She has been in law enforcement, is a partner at a VC firm, and serves on bo...

April 5, 2023
by Cyber Ranch

This week Allan is joined by Karla Reffold, COO at Orpheus Cyber.  Yes, that makes her a vendor, but, yes, she follow's the show's rules:  She is a friend, not a sponsor; she is not all vendory; and most importantly she is a subject matter expert on ...