logo
episode-header-image
Dec 2021
41 m

Keeping Security Simple with Johanna Bau...

MISSION
About this episode

There is a lot of conversation among IT security leaders about engaging the workforce in order to mitigate threats. But how do security professionals actually win people over to their side? Many employees are willing to comply but what can be done to really get through to those that are resistant? Johanna Baum, the CEO and Founder of S3 (Strategic Security Solutions), contends that to enact change, leaders must involve those that are most reluctant to go along with security protocols — especially the person still keeping their login password on a post-it note on their computer. In order to change the security culture of a company, Johanna suggests seeking out the person at a company who is least likely to comply.

Main Takeaways

  • It Comes Down to the People: There’s always going to be a security tech stack. A security platform and relevant apps will help reduce threats. But, fundamentally, people are still required to act with any given platform or system as part of the security solution. Furthermore, employees also need to engage in secure behaviors that reduce the overall risk to the company.
  • Involve the Malcontents: Cultural change concerning security is only as strong as the weakest link. Leaders must seek out the malcontents in order to engage them in the process. Leaders must put employees who are reluctant to accept security protocols in situations where they can test out measures and be part of the solution. 
  • Keep Security Simple: Because there are so many security threats, there can be a tendency to assume risk mitigation must be very complicated and beyond human capacity. Although artificial intelligence and automation can certainly be helpful to thwart so many threats, there are also really simple things people can do on their own to embolden security. For instance, this can be as basic as ensuring people log out or use effective passwords. On a company-wide level, it can be as elemental as making sure there is an up to date list of all the users at the organization.

IT Visionaries is brought to you by the Salesforce Platform - the #1 cloud platform for digital transformation of every experience. Build connected experiences, empower every employee, and deliver continuous innovation - with the customer at the center of everything you do. Learn more at salesforce.com/platform

Up next
Yesterday
Cisco’s Vijoy Pandey: The New Internet, AI Agents, and Quantum Networks
Cisco’s Vijoy Pandey - SVP & GM of Outshift by Cisco - explains how AI agents and quantum networks could completely redefine how software, infrastructure, and security function in the next decade.You’ll learn:→ What “Agentic AI” and the “Internet of Agents” actually are→ How Cisc ... Show More
1h 1m
Sep 25
3 Biggest Cybersecurity Threats & What IT Leaders Need To Know
Cybersecurity isn’t just about firewalls and passwords anymore. It’s an all-out battle where hackers run businesses with customer support desks, insider threats can be disguised as your newest hire, and artificial intelligence is both the weapon and the shield. In this special ep ... Show More
36m 4s
Sep 18
$124B Data Problem: How Synthetic Data Accelerates AI
When your AI has to make decisions in the real world, the data you don’t have can hurt people. DiffuseDrive CEO Balint Pasztor joins IT Visionaries to unpack the $124B data scarcity problem holding back autonomous systems — and how synthetic data (done right) can compress years o ... Show More
45m 13s
Recommended Episodes
Dec 2021
Rediscover trust in cybersecurity: A women in cybersecurity podcast. [Special edition]
It's important for employees to be brought into the fold as security's allies, rather than as its adversaries. For cybersecurity teams that operate with an adversarial mindset appropriate for external threats, it can be challenging to approach internal threats differently. You ca ... Show More
49m 21s
May 2024
Creating a Security-Minded Culture
In this podcast, I enjoyed talking with Chirag Shah, Model N's Global Information Security Officer and Data Privacy Officer, about creating a security-minded culture. Infusing a security culture within organizations starts with leadership buy-in and support. Chirag highlighted th ... Show More
39m 50s
Mar 2024
2820: The Cyber Insurance Equation: Risk, Responsibility, and Readiness
In today's digital landscape, the role of cybersecurity within organizations is more critical than ever. As businesses navigate the complexities of protecting their data and infrastructure, the Chief Information Security Officer (CISO) stands at the forefront of this evolving bat ... Show More
36m 29s
Jun 2022
Privacy is a moving target. Here’s how engineering teams can stay on track.
 Ever since personal information started flowing into applications on the web, securing that information has become more and more important. General security and privacy frameworks like ISO-27001 and PCI provide guidance in securing systems. Now the law has gotten involved with t ... Show More
26m 52s
Nov 2023
Cybersecurity
Dr. Eric Cole's latest episode of "Life of a CISO" delves into the importance of reflection and gratitude in a cybersecurity professional's journey. He highlights the tendency to focus on the next challenge without acknowledging past achievements. Dr. Cole emphasizes the value of ... Show More
24m 34s
Dec 2021
#497: Enabling Business Through Security
How does building in the cloud make it easier to achieve positive security outcomes? What role does security culture play and how can the department of no become the department of yes? In this episode, Simon speaks with Paul Hawkins from the Office of the CISO at AWS, to answer t ... Show More
30m 22s
Feb 2023
Implementing and achieving security resilience. [Research Saturday]
Wendy Nather from Cisco sits down with Dave to discuss their work on "Cracking the Code to Security Resilience: Lessons from the Latest Cisco Security Outcomes Report." The report describes what security resilience is, while also going over how companies can achieve this resilien ... Show More
20m 14s
Feb 2022
111: ZeuS
ZeuS is a banking trojan. Designed to steal money from online bank user’s accounts. This trojan became so big, that it resulted in one of the biggest FBI operations ever. SponsorsSupport for this show comes from Axonius. Securing assets — whether managed, unmanaged, ephemeral, or ... Show More
48m 35s
Listen to millions of songs and podcasts on Anghami