At the BlackHat Europe conference in London, I gave a keynote speech aimed at the general security practitioner and discussed recent developments across various regions of the world that have increased expectations for our profession and explored ways we need to evolve as an industry to meet those demands.
Originally published in CSO Online on Nov 21, 2023, by Joe Sullivan and Atul Tulshiibagwale
Application providers charge fees to implement single sign-on but don’t deliver a full SSO experience. Threat actors are taking advantage of the situation.
We hate asking an organization we are helping secure to pay the single sign-on (SSO) tax. For those not familiar with the phrase, it refers to the license upgrade fee that many cloud software applications charge for unlocking the functionality needed to integrate with an SSO provider.
In Silicon Valley startup culture, “cookie licking” is a derogatory phrase. A cookie licker stakes a claim to a project in a way that prevents anyone else from having it, despite not having the ability to immediately execute on the project. The licker wants to save the delicious opportunity despite being too full to eat it immediately.
At the Hellman & Friedman 2023 CISO & CEO Summit, I spoke to a room full of security executives and their most important executive sponsors (CEOs, CFOs, etc.) about the need for CISOs to not view security as their exclusive problem and how we need to involve the entire executive team in figuring out the right way and amount to invest in security. Only when the entire executive leadership team understands the challenges at a deeper level will we achieve the right level of investment.
Security Innovation Network Event, NYC I gave a talk to a group of security executives from both the private and public sectors about the need for us to develop better mechanisms for collaboration between these sectors, even in the face of ongoing enforcement actions brought by the SEC and other government agencies.
CSO50 Conference + Awards In this keynote, I was interviewed by the longtime publisher of CSO magazine about trends in security, and I shared my perspectives on the risks and opportunities we will see in the security profession in the near future.
Cloud Security Alliance SECtemper Conference, Seattle In this keynote talk, I covered trends in cloud security and lessons learned from my career, focusing on what teams and leaders can do now to enhance their efforts and outcomes.
DEF CON – A Different Uber Post Mortem In this speech available on YouTube now, I walked through the Uber case from the perspective of a security researcher rather than that of a company insider.
BlackHat CISO Summit USA 2023 At the BlackHat CISO Summit, I spoke to an audience of security executives about the lessons learned from examining the Uber case. I shared strategies leaders can use to prepare their company, their team, and themselves for any crisis, ensuring it can be weathered effectively. Additionally, I challenged the security executives in the audience to find their voice and speak up about what they need to succeed.
