Today we talk with Marlys Rodgers, who has been in cyber for over 20 years. She currently is CISO for CSAA Insurance Group and is running security for the company as well as running governance risk and compliance for technology. She shares that it feels like she is constantly balancing assessing with preventing.
Allan brings up breach and attack simulation (BAS), and when it is most appropriate to implement in the context of the maturity of a security program. Marlys feels BAS is most effective when some, or most, of the intended controls are in place so you can focus on areas you need to strengthen. For her company, she was glad they did it earlier rather than later. They had a pretty good lead time to get systems to integrate.
The way you use BAS, especially along with threat intelligence, is really important. If you don’t have a purple team, or a red and blue team how does one start or how do you reorganize? Hear how Marlys did just that. Tag-teaming works best!
How has BAS helped in conversations with the audit team as well as the GRC team? More data gets shared with Audit and they become strong allies. Everyone is happy when fed real-world, real-time information.
BAS is truly changing mindsets, and will ultimately alter prioritization and enhancing and inter-team communications as well.
To wrap up the show, Marlys shares what about her job keeps her getting up in the morning and what she is looking forward to in cyber.
0:21 Welcome Marlys
1:13 Short comical discussion on how one should pronounce BAS
1:29 Marlys shares her background and day job
3:35 When BAS comes into the picture
5:00 The trick
6:05 Allan asks Marlys how she stays up with it
8:52 Marlys explains why more time should be spent on extending capabilities
9:38 Suggestions are shared to roll out BAS
12:21 Importance of human elements
13:45 If you don’t have teams, what happens?
16:18 How BAS affects conversations with teams
20:00 Importance of transparency
21:27 Changing people, process and technology with BAS
25:00 Marlys shares the reason she is motivated to stay in cyber
26:01 Marlys shares when she is looking forward to in cyber
Learn more about Marlys on LinkedIn
Follow Allan Alford on LinkedIn and Twitter
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Sponsored by our good friends at AttackIQ