This illuminating discussion explores the shift in perspective from security to business safety within the realm of cybersecurity, emphasizing the importance of understanding and addressing the specific needs of a company's revenue, customers, brand, and finances. Additionally, the conversation shares an inspiring anecdote of a security operations manager's unexpected career transformation after being challenged by a mentor to pursue the CEO role. These intertwined narratives underscore the dynamic nature of cybersecurity leadership and the significance of adopting a holistic approach to safeguarding organizational assets.

Here is the verbatim discussion:

The speakers express appreciation for the enriching dialogue and highlight the value of sharing strategies and stories within the cybersecurity community. Matt's approach to understanding different industries by immersing himself in complex topics and encouraging firsthand experience resonates as a key takeaway for listeners. The conversation also touches on the importance of research and connections in navigating career opportunities within the cybersecurity industry.

Here is the verbatim discussion:

In the complex world of cybersecurity, bridging the gap between technical experts and business stakeholders is paramount for effective communication and collaboration. However, business leaders often find themselves lost in a sea of acronyms and technical jargon, making it challenging to grasp the importance of cybersecurity initiatives. This discussion explores strategies for aligning cybersecurity language with business priorities, emphasizing the need for relationship-building and insightful questioning to uncover valuable insights.

Here is the verbatim discusssion:

Embark on a journey of strategic planning and preparedness as we explore the nuances of conducting tabletop exercises effectively. Our narrative unfolds with a discussion on the optimal approach to conducting these exercises, whether as a single comprehensive session or broken down into two parts. The decision to break it into two steps serves as a prelude to a deeper exploration, allowing for a more thorough examination of responses and templates. Join us as we delve into the strategies for maximizing the effectiveness of tabletop exercises, ensuring that real insights and readiness emerge from these sessions beyond mere preparedness.

Here is the verbatim discussion:

Embark on a journey of insight and innovation as we explore the dynamics of feedback-driven improvement and the importance of creating engaging environments for tabletop exercises. Our narrative begins with an examination of the 'hot wash' process, a vital component of post-exercise feedback where participants reflect on their experiences and offer insights for improvement. Whether conducted through surveys or interactive discussions, the hot wash fosters critical thinking and encourages executives to explore innovative solutions beyond their usual confines. Furthermore, we delve into the significance of removing distractions and fostering focused engagement during tabletop exercises, akin to the immersive experience of having a meaningful conversation over dinner with friends or loved ones. Join us as we navigate the intersection of feedback-driven improvement and immersive environments, empowering organizations to optimize the effectiveness of tabletop exercises in bolstering cybersecurity resilience.

Here is the verbatim discussion:

 I talked about the hot wash in my example a little bit a few minutes ago whether you call it a hot wash whether you call it feedback um you know maybe you do it in a in a survey you know we do this with customer service all the time and other types of things like that is you know what did you think was reasonable what could we have done better next time um what um you know and you get some some pretty sophisticated answers from some executives um you know around you know it gets them thinking it gets them thinking outside the box it changes things up from their normal environment um I've even seen people say and this is another little side tip don't do don't do you know go to um you know go to an offsite go somewhere else.But you know getting people out of their normal environment so they're not like going back and checking their email all the time or you know we had people who disrupted they would pop in and pop out pop in pop out and they were not really engaged they weren't like freed up you know some people would say you know turn your cell phone off um and and and you say when in a real emergency wouldn't we be texting each other whatever but you know if it's a tabletop exercise May the the discussion the comments are very important and you want people to be focused just like if you go to someone a friend or or spouse for dinner you don't want them on the phone the whole time while you're having dinner with them.

Embark on a captivating journey through the complexities of cybersecurity and human behavior, where anecdotes of missed context, unexpected encounters, and security dilemmas converge to unveil invaluable insights. Our narrative begins with a recounting of a cybersecurity exercise, where the consequences of missing crucial context lead to unexpected challenges during a recovery attempt from an encrypted backup. Amidst the discourse, Bikash Barai, co-founder of FireCompass and CISO Platform, initiates a conversation with a quick introduction, setting the stage for a rich exchange of experiences and perspectives. Meanwhile, a humorous encounter unfolds as a man attempts to sell an iPhone and camera for a bargain price, only to reveal a bag of potatoes upon inspection. The narrative crescendos with a high-stakes security dilemma, as a CISO faces the ultimatum of implementing WiFi in government buildings or facing termination, prompting a nuanced exploration of principle and pragmatism. Join us as we navigate the intersections of cybersecurity challenges, human behavior, and ethical dilemmas, illuminating the complexities of decision-making in an ever-evolving digital landscape.

Here is the verbatim discussion:

Embark on a riveting journey through the dynamic realms of emergency response, cybersecurity innovation, and strategic planning, guided by the insightful reflections of Dan Lurman, former Chief Security Officer for the state of Michigan. Our narrative begins amidst the chaos of a historic blackout in Michigan, where Dan and his team grappled with the aftermath for days, illustrating the resilience and adaptability required in crisis situations. However, Dan's journey is not confined to emergency response centers but extends to the realm of entertainment and entrepreneurship, where he honed his skills as a magician and ventured into the world of cybersecurity startups. As the founder of a pioneering startup focused on automated penetration testing, Dan brings a unique perspective shaped by diverse experiences and expertise. Join us as we delve into his practical tips for enhancing tabletop exercises, from preparing participants to throwing unexpected curveballs, and the imperative of collaboration among cross-functional experts in crisis planning. Through Dan's anecdotes and insights, we navigate the intricate intersections of experience, innovation, and collaboration, empowering organizations to confront the challenges of cybersecurity and crisis management with confidence and resilience.

Here is the verbatim discussion:

Embark on a riveting journey through the highs and lows of cybersecurity preparedness, guided by insightful anecdotes and real-life experiences. Our narrative begins with a nod to the iconic film "Live Free or Die Hard," drawing parallels to the intense scenarios encountered during cybersecurity exercises. Witness the harrowing tale of a simulated cyber catastrophe, where bombs exploded, data centers were destroyed, and critical services faltered. Amidst the chaos, resilience emerged as teams rallied to procure a replacement mainframe, epitomizing the relentless pursuit of continuity in the face of adversity.

Here is the verbatim discussion:

But there's a lot of really good lessons we learned from that um watch the movie Die Hard four Die Hard four with Bruce Willis um it's called live free and die hard where all the power goes out and bombs are going off and it's scary stuff um so we had a situation where um we you know the first day of this exercise you know was probably over the top and most cyber exercises today wouldn't start this way but they had bombs going off kind of like 911 again they blew up our data center they blew up um big parts of government um they hacked other parts of government and all of our services were down for two days and it was very very intense and we were like getting beat up we were like humbled our team was just like we were like done I mean we were really kind of overwhelmed by Thursday afternoon though this is what I want to tell you about by Thursday afternoon we were told there's one more thing you have to do in this exercise to train your team and we said okay what is that they said we have to get our bull Mainframe bull b l l bull Mainframe which was you know that I don't know if they were even bus business anymore but back then they were a big Mainframe shop um we need to get it back online so that we can pay the employees because all of our services are down and we need to get a bll Mainframe but our two bull main frames our main Mainframe and our backup had been were gone one was blown up the other one was hacked and unusable so we had to get a new one so they said to usum we need you to contact bull headquarters in Paris in France and andget a bull Mainframe as soon as possible any thoughts on how to make it very effective so that some real stuff come out of it so our goal had been not just to kind of be mentally prepared but also to create those responses and to create those templates so that out of that exercise we have some real Readiness apart from the kind of preparedness from the kind of thinking perspective Etc but get all these things written down so what's your thought on that in terms of doing it uh as a single exercise or breaking it down yeah most of the times I've seen it done um again most of my I I I have been a part of couple in the private sector I've been part of more in government and Statewide like you know what if we had a health emergency you know we actually quite frankly did a bunch of exercises around pandemic prior to covid you know and being prepared and obviously there's all kinds of people that need to be involved in that even now there's scenario based things about what's going to happen with vaccines and all kinds of things related that aren't specifically cyber related  you know so one of the things that I've seen I just want to mention a real life story that's like with ransomware they kind of put some some meat to this we had a uh I'm not going to name the name of the company we had a an organization here not a government it was a nonprofit in Michigan that had was faced with ransomware attack and it was um likeabout a let's just say I'm not going to give you too many details but the story makes sense as I go through this like was about a $5 million request they had they had they had encrypted all their data they had no access to anything their backups were were were encrypted they they had not done a good job of separating their backups and and they and they hadn't done a good job but a lot of people have backups but they have they don't test the backups and so the Bad actors get in and they actually encrypted the backups as well so they were kind of you know up a creek um they didn't want to pet um um they didn't want to pay they had cyber insurance and the and in the US the Cyber insurance company said look they came in they were this it's your decision it's always the company's decision but we know these people and we're gonna negotiate it down to 1.2 million we know we can get these guys down from five to 1.2 so they already like the Cyber insurance company had had the Playbook right so we're going to negotiate this down to 1.2 million and oh by the way if you don't do that um we're only going to give you even though the Cyber insurance policy was actually for five million we're only going to give you 1.2 million and we think it's going to cost you like eight like and again I'm not saying this is always true with cyber insurance they almost felt like they had to pay they had to go with what the Cyber insurance company wanted to do to get their data back so sure enough you know. 

Highlights:

Lessons from Intense Cybersecurity Exercises: Our discussion unveils the invaluable lessons gleaned from immersive cybersecurity exercises, where simulated crises push teams to their limits. Through a vivid recounting of scenarios reminiscent of Hollywood thrillers, we explore the transformative power of adversity in honing preparedness and resilience.

Emergency Preparedness and Response: Delve into the critical imperative of emergency preparedness, as organizations grapple with the daunting task of navigating cyber threats in real-time. From securing replacement infrastructure to ensuring the continuity of essential services, proactive planning and swift response are paramount in mitigating the impact of cyber incidents.

Navigating Ransomware Realities: Transitioning to the sobering realities of ransomware attacks, we confront the stark challenges faced by organizations in the wake of malicious cyber intrusions. Through a poignant real-life example, we delve into the complexities of ransom negotiations and the pivotal role of cyber insurance in facilitating recovery efforts. Witness the delicate balance between risk mitigation, financial considerations, and the imperative of data restoration in the aftermath of cyber extortion.

As our exploration draws to a close, we are reminded of the multifaceted nature of cybersecurity preparedness, encompassing both strategic foresight and tactical response. From the adrenaline-fueled scenarios of cybersecurity exercises to the sobering realities of ransomware negotiations, our journey underscores the importance of proactive planning, collaboration, and resilience in confronting evolving cyber threats. Through continuous learning, adaptation, and vigilance, organizations can navigate the complex cyber landscape with confidence, fortified by the lessons learned from both simulated crises and real-world challenges. Join us in embracing the spirit of preparedness and resilience as we navigate the dynamic terrain of cybersecurity in an era defined by digital innovation and uncertainty.

Speakers:

https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

Embark on a fascinating journey with an individual whose diverse background encompasses a rich tapestry of faith, intellectual curiosity, and a deep-rooted passion for cybersecurity. Raised in a household where the echoes of Lutheran and Presbyterian teachings resonated, their journey has been marked by an insatiable thirst for knowledge, spanning topics ranging from history and faith to the intricacies of cybersecurity. Through avid reading, blogging, podcasting, and active engagement on social media platforms, they not only enrich their own understanding but also foster meaningful conversations within their community. Join us as we delve into their insightful reflections and experiences, navigating the intersection of faith, intellectual exploration, and the evolving landscape of cybersecurity

.

Here is the verbatim discussion:

In the ever-evolving landscape of business and technology, the prospect of industry consolidation looms large, driven by predictions and market trends. As organizations navigate these uncertainties, comprehensive scenario planning emerges as a vital tool for ensuring readiness and resilience. In this discussion, we delve into the significance of scenario planning in preparing for potential challenges, alongside the transformative shift towards industry consolidation in cloud computing. Through insightful reflections and practical considerations, we explore the intersection of strategic foresight and technological evolution, aiming to equip businesses with the foresight needed to thrive in an era of change.

Here is the verbatim discussion:

so it just keeps growing and and I I think there's been predictions that you know there's going to be a big industry consolidation coming and as long as the stock Market keeps going up and as long as new companies keep getting bought and and and you know if if if we have a obviously a big stock market correction that may that could flush out a lot of things and cause that consolidation but um I'm not sure 2021 is going to be the year we're going to see a industry consolidation it's not going to happenin 2021 but I guess that we are kind of gradually moving towards that so s was a movement towards consolidation re we prepared for this are we prepared for that so really thinking through what would you do business-wise given this scenario so um you know ask asking questions around um you know what would the technology people be doing what would the lawyers be doing what would the legal team be doing what would the CFO be doing and so you want to make sure that your scenarios really include all of those key roles and and make them as realistic as possible so obviously you're not going to necessarily be exactly like what's your you know competitors went through recently if they had a ransomware attack or maybe what another company did but you know you can get some very realistic scenarios to say this happened.

In the ever-evolving landscape of cybersecurity, seasoned professionals offer invaluable insights into emerging trends, challenges, and strategies. In this blog post, we engage in a conversation with Dan, an experienced security expert, as he shares his perspectives on key topics such as zero trust, cloud consolidation, response and recovery, and the intersection of cybersecurity and ethics. From discussing industry dynamics to sharing recommendations on must-read books, Dan's expertise sheds light on navigating the complexities of cybersecurity in the digital age.

Here is the verbatim discussion:

o zero trust I believe has got a very interesting future uh I'm I'm very curious to see how things span out um Cloud definitely is another because that's going to help in consolidation as an industry that consolidation Drive can happen in many ways but there are these couple of very powerful kind  Dynamics which are planning out right now and and last but not the least I would definitely love to highlight the topic which is response and Recovery in other words right um it's not just about trying to protect but it's also about having the right kind of response and recovery program in place which can be done through many different approaches which could be having the right kind of backups having these crisis drills and having the right kind of processes in place having bcpd etc etc many of these may not be very costly you don't need to go and buy that Appliance and shiny new device Etc these are more basic stuff but that basic stuff is becoming very very important uh so to conclude Dan um anything you want to add before we kind of wrap it up with the last question I your points are well well taken and I think the complexity it's it's funny I I I agree that you know so many organizations um don't have they don't even use the tools they have first of all and they're always you know always being asked to add more or you know you're missing this you're missing that um it's a huge challenge it's a huge challenge so simplifying you know the architecture I agree with you on zero trust um it's a challenge because I also think play Devil's Advocate the other thing they've been talking about industry consolidation for years and years and years and yet we see more and more startups all the time so it just keeps growing and and I I think there's been predictions that you know there's going to be a big industry consolidation coming and as long as the stock Market keeps going up and as long as new companies keep getting bought and and and you know if if if we have a obviously a big stock market correction that may that could flush out a lot of things and cause that consolidation but um I'm not sure 2021 is going to be the year we're going to see a industry consolidation it's not going to happen in 2021 but I guess that we are kind of gradually moving towards that so s was a movement towards consolidation age zero trust is a movement toward consolidation Cloud as a general play is a movement through consolidation because that kind of gives you this real estate to do the consolidation earlier it was very hard whereas Cloud kind of uniform creates an uniform playing Ground right so what what I mean to say is that the drivers are gradually kind of falling in place and which is going to win in the long run time will sa but the good thing is that I'm kind of seeing some of those drivers gradually falling into is and and you're absolutely right it's probably we are a decade away or five years away sometimes things can happen faster or slower but definitely I believe five to 10 years y i I agree with that so Dan the last question um what are some of I I can see a lot of books behind you so let me ask you what what which are some of your favorite books and favorite podcast sure so start off I just want to mention I I we talked about this earlier I brought my book virtual Integrity you can all look at this this is actually um there's actually believe it or not an Indian version that came out so it was uh uh this this version here which actually brings together um we talked about it earlier because um uh brings together kind of my faith and online life you know so you know the importance of of uh of protecting yourself in cyers space um brings in cyber security and everything but also brings in ethics and the importance of cyber ethics brings in kind of puts it to light you know real real meat on the bones around that so I I've been those are um some books I've read um I've been a part of a couple books CIO leadership um for state and local governments emerging Trends and best practices another book I did a a chapter in I've done chapters in about five or six books C leadership for cities and counties merging Trends and best practices again all these are available at Amazon you asked me about other books that I've read I like you this was by Bruce schneer secret and lies um he's got a number of great books topics you know we're uh my wife and I both grew up as um children of pastors.

The intersection of cybersecurity and ethics is a topic of increasing relevance in today's digital landscape. In this blog post, we delve into a conversation with a seasoned professional who shares insights from his extensive experience and explores the importance of cyber ethics. From reading influential books to contributing to publications on CIO leadership and emerging trends, his journey offers valuable perspectives on navigating the complexities of cybersecurity and ethical considerations.

Here is the verbatim discussion:

Handling crises, whether natural calamities or cyber emergencies, requires preparedness, agility, and resilience. In this blog post, we delve into real-life experiences shared by Dan, a seasoned security professional, highlighting pivotal moments and lessons learned from crisis management.

In the fast-evolving landscape of cybersecurity, the demands and expectations from technology leaders continue to grow. A vivid illustration of this dynamic is the intense conversation between Dan, a Chief Information Security Officer (CISO) in Michigan, and Terry, his superior. This dialogue not only highlights the challenges faced by CISOs but also the pressures to conform to industry standards even when security risks are evident.

Here is the verbatim discussion:
Terry just looked at me with this stunned look, and she asked everyone to leave the conference room but me. So it was just me and Terry looking at each other, and I've never seen a government agency meeting end so quickly in my life, because this was an hour long meeting. It was 15 minutes in, and she just ended it. And she looked me in the eye and she said, dan, if that's your answer, you cannot be the CISO in the state of Michigan. Basically, I was worried I was you cannot be the CISO in the state of Michigan. Basically, I was worried. I was going to get fired. And I said, well, wait a minute, Terry, you don't understand. Let me explain. I had all these white papers and all this. I was going to show her all my background materials about articles and books about why this was a bad idea. And she says, no, stop. I read all those articles. I know what you're going to say. I know what you're thinking. But she said, I've been to Dow, Ford, Chrysler and General Motors. They all have Wi Fi in their conference rooms. What do  idea. And she says, no, stop. I read all those articles. I know what you're going to say. I know what you're thinking. But she said, I've been to Dow, Ford, Chrysler and General Motors. They all have Wi Fi in their conference rooms. What do they know that you don't know? And so they're like, talent. So I'm like, Who, She says, I'm giving you one week to figure this out and come backand give us a plan. Not to deliver it, but to give us the plan to do it securely, or you're fired.


Highlights:

Abrupt Meeting Conclusion:The discussion began in a routine government agency meeting which was abruptly ended by Terry only 15 minutes in, demonstrating the seriousness of the issue at hand.

Direct Confrontation: Terry confronted Dan directly about his stance against implementing Wi-Fi in conference rooms, questioning his suitability for the role of CISO if he maintained his position.

Resistance to Change: Dan was initially resistant, prepared with white papers and research to support his concerns about the security implications of introducing Wi-Fi.

Informed Challenge: Terry countered Dan’s arguments by noting that major corporations like Dow, Ford, Chrysler, and General Motors had already implemented such technology, pushing Dan to reconsider his stance in light of industry practices.

Ultimatum for Innovation: Terry tasked Dan with devising a secure plan to implement Wi-Fi within a week, pushing him to innovate under the threat of losing his job.

This scenario underscores the tension between maintaining rigorous cybersecurity measures and adapting to technological advancements that industry peers have adopted. The key takeaway is the essential role of flexibility and innovation in the field of information security. CISOs are often required to balance security with functionality, ensuring that their organizations both protect sensitive information and remain technologically competitive. The discussion between Terry and Dan serves as a poignant reminder of the challenges that lie in persuading diverse stakeholders of the necessity for secure yet progressive technology solutions.

Speakers:

https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

In a thought-provoking conversation, Daniel discusses the ever-evolving landscape of cybersecurity, emphasizing the need for continuous improvement in combating cyber threats. As 2021 unfolds, he shares insights into emerging technologies and trends that cybersecurity professionals should be vigilant about.

.

Here is the verbatim discussion:

And so you want to constantly improve in your approach to dealing with cyber threats? That's a very important thing that you mentioned. It's not a destination, it's a journey. So, Daniel, in 2021, what are some of the things which you think, as cybersecurity professionals, we should look out for, which could be some interesting technologies. which could be some interesting trends?  Anything that the cybersecurity professionals should look out for in 2021? Yeah, thanks for asking. Every year I do a top 21 or top whatever the number is, this is 2021. So 21. Last year it was 20 for 20 for 2020. I do the top predictions from all the security vendors in the industry.

Highlights:

Continuous Improvement: Daniel underscores the notion that cybersecurity is an ongoing journey rather than a fixed destination, highlighting the importance of constantly refining approaches to address evolving threats.

Top Predictions for 2021: Daniel annually compiles a list of top predictions from various security vendors in the industry. This year, he presents the top 21 trends and technologies that cybersecurity professionals should monitor closely.

Emerging Technologies: Daniel discusses intriguing technologies that are expected to shape the cybersecurity landscape in 2021, offering insights into potential advancements in threat detection, prevention, and mitigation.

Trend Analysis: By collating predictions from diverse security vendors, Daniel provides a comprehensive overview of anticipated trends, enabling professionals to stay ahead of emerging threats and challenges.

As cybersecurity professionals embark on the journey of securing digital environments in 2021, Daniel's insights serve as a valuable guide. By remaining vigilant and adaptive to emerging technologies and trends, professionals can effectively navigate the evolving cybersecurity landscape and safeguard against emerging threats. Daniel's annual compilation of top predictions offers a roadmap for professionals to anticipate and address cybersecurity challenges proactively, ensuring robust defense strategies in an ever-changing digital world.

Speakers:

https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

In a comprehensive discussion, the importance of diverse expertise and scenario-based planning in cybersecurity tabletop exercises is highlighted. Emphasizing the significance of involving key leadership roles from various sectors, the conversation underscores the need for tailored scenarios and recommends resources like NIST for structuring tabletop drills.

Here is the verbatim discussion:

So CIO's chief information officers also, you know, different, different types of experts in business areas. So whatever, you know, who knows which area might be hit? Last year the biggest area in the US was hospitals. So if this was a hospital tabletop, you know, the scenarios for doctors might be slightly different than it might be for a government, or if it's for a bank, it could be different. You know, what are the different functions? Maybe it hits one part of the bank and maybe not another part of the bank. So you want, you know, you want to make sure those leadership roles from all across the enterprise are there at the table. And that's really important, you know, getting them involved. The other thing is you want to make sure that as you're putting together your scenarios, and I would just recommend go to in the USA, I don't know other parts of the world as well. I know the UK and USA very well, but Nist is a great place to go.

Highlights:

Diverse Expertise: The discussion stresses the inclusion of CIOs, experts from different business areas, and sector-specific professionals in cybersecurity tabletop exercises to ensure a holistic approach to threat preparedness.

Tailored Scenarios: Scenario planning accounts for the unique vulnerabilities and functions of different sectors, such as hospitals, government agencies, or banks, enabling targeted preparation and response strategies.

Leadership Involvement: Key decision-makers from across the enterprise should participate in tabletop exercises to gain insights into cybersecurity challenges and foster a proactive organizational culture.

Resource Recommendation: NIST (National Institute of Standards and Technology) is highlighted as a valuable resource for structuring tabletop exercises, offering comprehensive guidelines and frameworks for effective cybersecurity planning.

As organizations navigate an increasingly complex cybersecurity landscape, the insights shared underscore the importance of proactive preparation through scenario-based tabletop exercises. By involving diverse expertise and leadership roles from various sectors, organizations can enhance their readiness to address sector-specific threats and vulnerabilities. Leveraging resources like NIST facilitates the structured development of tabletop drills, ensuring comprehensive risk assessment and mitigation strategies. Ultimately, these exercises serve as invaluable tools for strengthening organizational resilience and response capabilities in the face of evolving cyber threats.

Speakers:

https://twitter.com/govcso

https://www.linkedin.com/in/danlohrmann/


Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

They offers valuable takeaways for conducting successful cybersecurity crisis drills, emphasizing participant engagement and actionable outcomes.

 This blog post features Dan's career experiences in cybersecurity, including crisis management and drill participation.

This blog post offers cybersecurity predictions for 2021, emphasizing the evolving threat landscape and the need for continuous improvement.

In the ever-evolving landscape of cybersecurity, enterprises face the constant threat of cyberattacks. To fortify their defenses and enhance their preparedness, organizations must conduct regular tabletop exercises for cyber crisis management. Drawing from extensive experience in both government and private sectors, we'll outline a structured framework for conducting these exercises effectively.

.  

Here is the verbatim discussion:

How long should it be? What should be the structure? What are some best practices? What are some do's and don'ts? So building a kind of high level structured framework for conducting cyber crisis drill for enterprise, how would you approach that? Great question. Yeah. Solve been a part of many of those, both within government and nowin the private sector, working with us, with infragard, with federal agencies, with us state agencies and others. So, first of all, obviously,  there are different types of tabletops. i'm going to talk about one that really, for example, in Michigan, would be a whole of government approach, which really needs to involve the top executive.That's very interesting, Dan. So, Dan, let's consider a scenario like this that suppose we have to do a tabletop exercise for an enterprise. Can you give a kind of playbook for conducting tabletop crisis,cyber crisis drill? So you can start with, like, who are the folks who should be in the room? How long should it be? What should be the structure? What are some best practices? What are some do's and don'ts? So building a kind of high level structured framework for conducting cyber crisis drill for enterprise, how would you approach that?