Continuous%20Security%20Validation%20Advancing%20Cybersecurity%20Practices%20in%20the%20Modern%20Era.png?profile=RESIZE_710x

 

Brad LaPorte provides valuable insights into the current state of cybersecurity practices, emphasizing the need for organizations to embrace continuous security testing and proactive approaches to breach mitigation. He identifies five levels of maturity within organizations and highlights the growing adoption of continuous security testing, particularly among upper-level enterprise.

 

 

Here is the verbatim discussion:

Jesus uh not close enough is the answer so um really what it comes down to is um organizations like current state of the the market right now is organizations are really broken up into um kind of five different levels of maturity so it's it's really from zero all the way up to five um and and with that organizations that typically are in the continuous um security testing space and actually doing it on a continuous basis are the upper level five uh Arena and they typically have the budgets to support it ends up being financial and health care and to um you basically the global 500 that are in that aspect it's starting to go Downstream though which is great because I'm starting to see uh that you know in the lower levels uh uh areas there organizations are starting to get involved and then there's um a lot of manage detection response and and manage security um service providers that are integrating these types of security testings as part of their their larger stack so and they're automating a large portion of it which you ultimately makes it ideal for it to be 247 365 and implementing things like red you know automated red uh continuous automated red team or cart uh attack surface management and identifying you know where the actual attack surface today and that's a very important mindset like accepting that there will be those breaches h i see it more now than I have I ever have in the past two decades but it's not anywhere near where uh it needs to be and unfortunately um the root cause of a lot of what exists today is um it's nimi it's not in my backyard so it's not going to happen to me it's going to happen to somebody else and it's not until it's someone that's close to them so if they're in the industry say they're in retail and um they're the biggest competitor.

 

Highlights:

Continuous Security Testing: LaPorte discusses how organizations at the highest maturity level (level five) are actively engaged in continuous security testing, supported by robust budgets, particularly in financial and healthcare sectors and among global 500 companies. He notes a positive trend of adoption among organizations at lower maturity levels, facilitated by managed security service providers who integrate automated testing into their offerings.

Automated Testing and 24/7 Vigilance: The integration of continuous security testing into larger security stacks by managed service providers enables organizations to achieve 24/7 coverage. LaPorte highlights the importance of automated red team testing and attack surface management in identifying and mitigating potential vulnerabilities proactively.

Acceptance of Breach Inevitability: Despite growing awareness, LaPorte notes that acceptance of breach inevitability remains inadequate, with many organizations still adopting a "not in my backyard" mentality. He emphasizes the need for a cultural shift towards proactive cybersecurity practices, citing the prevalence of this mindset as a root cause of existing vulnerabilities.

 

LaPorte's insights underscore the critical importance of continuous security testing and proactive breach mitigation strategies in today's cybersecurity landscape. By embracing these practices, organizations can enhance their cyber resilience and better protect their assets against evolving threats. However, there remains a significant cultural barrier to overcome, with many organizations still failing to acknowledge the inevitability of breaches. Addressing this mindset is essential to fostering a proactive cybersecurity culture and effectively mitigating risks in an increasingly complex threat environment

 

Speakers:

Brad LaPorte a former army officer with extensive experience in cybersecurity, provides invaluable insights into the evolving landscape of digital threats. With a background in military operations, LaPorte witnessed firsthand the early stages of nation-state cyber attacks, laying the groundwork for his deep understanding of cybersecurity challenges. Through his journey, he has observed the transformation of defense tactics from traditional, labor-intensive methods to modern, cloud-based solutions. LaPorte's expertise offers a unique perspective on the intersection of technology, security, and the underground economy of cybercrime. In this discussion, he shares his experiences and analysis, shedding light on the complexities of cybersecurity in the digital age.

 
 
 
 

Bikash Barai is credited for several innovations in the domain of Network Security and Anti-Spam Technologies and has multiple patents in USPTO. Fortune recognized Bikash among India’s Top 40 Business Leaders under the age of 40 (Fortune 40-under-40).Bikash is also an active speaker and has spoken at various forums like TiE, RSA Conference USA, TEDx etc.

Earlier he founded iViZ an IDG Ventures-backed company that was later acquired by Cigital and now Synopsys. iViZ was the first company in the world to take Ethical Hacking (or Penetration Testing) to the cloud.

 

https://twitter.com/bikashbarai1

https://www.linkedin.com/in/bikashbarai/ 

 

E-mail me when people leave their comments –

You need to be a member of CISO Platform to add comments!

Join CISO Platform