Breach & Attack Simulation w/ Marlys Rodgers

Today we talk with Marlys Rodgers, who has been in cyber for over 20 years. She currently is CISO for CSAA Insurance Group and is running security for the company as well as running governance risk and compliance for technology. She shares that it feels like she is constantly balancing assessing with preventing.

Allan brings up breach and attack simulation (BAS), and when it is most appropriate to implement in the context of the maturity of a security program. Marlys feels BAS is most effective when some, or most, of the intended controls are in place so you can focus on areas you need to strengthen. For her company, she was glad they did it earlier rather than later. They had a pretty good lead time to get systems to integrate.

The way you use BAS, especially along with threat intelligence, is really important. If you don’t have a purple team, or a red and blue team how does one start or how do you reorganize? Hear how Marlys did just that. Tag-teaming works best!

How has BAS helped in conversations with the audit team as well as the GRC team? More data gets shared with Audit and they become strong allies. Everyone is happy when fed real-world, real-time information.

BAS is truly changing mindsets, and will ultimately alter prioritization and enhancing and inter-team communications as well.

To wrap up the show, Marlys shares what about her job keeps her getting up in the morning and what she is looking forward to in cyber.

Key Takeaways

0:21 Welcome Marlys
1:13 Short comical discussion on how one should pronounce BAS
1:29 Marlys shares her background and day job
3:35 When BAS comes into the picture
5:00 The trick
6:05 Allan asks Marlys how she stays up with it
8:52 Marlys explains why more time should be spent on extending capabilities
9:38 Suggestions are shared to roll out BAS
12:21 Importance of human elements
13:45 If you don’t have teams, what happens?
16:18 How BAS affects conversations with teams
20:00 Importance of transparency
21:27 Changing people, process and technology with BAS
25:00 Marlys shares the reason she is motivated to stay in cyber
26:01 Marlys shares when she is looking forward to in cyber

Links:

Learn more about Marlys on LinkedIn
Follow Allan Alford on LinkedIn and Twitter
Learn more about Hacker Valley Studio and The Cyber Ranch Podcast
Sponsored by our good friends at AttackIQ

Episodes

Cover for null

The Journey to Passwordless Authentication w/ Derly Gutierrez

With us today is Derly Gutierrez, Head of Security at 1010 Data, and veteran. Derly ...

Details

Cover for null

Application Security w/ Taylor Lehmann

With us today is Taylor Lehmann, former ciso several times over in the healthcare sec...

Details

Cover for null

Solving The Global Cyber Problem w/ Ian Thorton-Trump

With us today is Ian Thornton-Trump, Chief Information Security Officer at Cyjax and ...

Details

Cover for null

FAIR from the Trenches w/ Drew Brown

With us today is Drew Brown, IT Security Manager at the Commonwealth of Pennsylvania....

Details

Cover for null

Clever Hiring Practices w/ Andy Ellis

With us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and ...

Details

Cover for null

Measuring Risk w/ Richard Seiersen

Today we talk with Richard Seiersen, co-author of “How to Measure Anything in Cyberse...

Details

Cover for null

Becoming a CISO w/ Accidental CISO

With us today, is a very special guest, Accidental CISO, of Twitter fame. His anonym...

Details

Cover for null

Breach & Attack Simulation w/ Marlys Rodgers

Today we talk with Marlys Rodgers, who has been in cyber for over 20 years. She curr...

Details

Cover for null

Enterprise Security Architecture: A $110b Case Study w/ John Petrie

With us today is John Petrie, Counselor to the NTT Global CISO. He is ...

Details

Cover for null

Programs for Women & Veterans in Cyber w/ WiCyS - SPECIAL EDITION

With us today are Lynn Dohm, Executive Director of Women in Cybersecurt...

Details

Cover for null

Data Risk Governance w/ Patrick Benoit

Howdy, y’all, and welcome to The Cyber Ranch Podcast! With us today is...

Details

Cover for null

Vishing, Smishing and STIR/SHAKEN w/ Mike Manrod

Welcome to The Cyber Ranch Podcast, recorded under the big blue skies o...

Details


Philosophies

Chris Cochran

Chris Cochran

Cybersecurity is not technology centric, in my opinion. It is human centric. I am driven by my duty to not only protect people, but enlist and inspire the next generation of cybersecurity professionals.

Ronald Eddings

Ronald Eddings

The pursuit of knowledge always leads to something, so be open to whatever that is. It could be becoming the best, but it’s going to lead something and it’s most likely going to be a positive impact on your life.

Allan Alford

Allan Alford

It's not enough to be knowledgeable and skilled. Without passion you might as well be doing something else. Surround yourself with people who are passionate about what they do and the rest will come together.

CJ Howard

CJ Howard

Learning and listening allows you to access new perspectives and frames of mind. I believe that information is meant to be shared generously, but understanding without compassion is like a map without a legend.

The Journey to Passwordless Authentication w/ Derly Gutierrez

00:00:00
00:00:00