Cybersecurity is NOT the problem
LinkedIn
June 30, 2021
Earlier I posted HERE that cybersecurity is not the problem and promised this article.
The following are my observations and my special way of looking at things.
The first issue is a long-debated organizational structure issue. Yet, it continues to contribute to this problem why cybersecurity is not the issue.
See publication
Tags: Cybersecurity, Management, Leadership
Senate cyber-hawk calls for criminal penalties for Negligent CEOs
LinkedIn
May 12, 2021
I agree that many folks will not implement controls if they are not required to do so or do not know to do so. For too long, the business focuses on functionality, ROI, and bottom line. Many in our Security Industry have advocated that Cybersecurity is a stand-alone business function and has a larger impact on these parameters than most other business areas. The recent pipeline attack highlights this.
See publication
Tags: Cybersecurity, Management, Leadership
COVD - 19 The Disrupter
LinkedIn
April 04, 2020
What have we learned from this Global event?
Here are some of my thoughts; we learned getting back to basics is paramount.
In the haste to move Millions of people to remote work; many organizations and "experts" published the same message, use a VPN, strong passwords, updated anti-malware/virus solutions, update operating system(s), logically separate work data from personal, encryption, physical protection/security of your device(s), and awareness to scams, i.e. phishing, social engineering, etc.
See publication
Tags: Cybersecurity, Digital Disruption, COVID19
Let's talk about Cybersecurity Risks
LinkedIn
February 07, 2020
I propose a altered view and mindset around risk
I recently read a great post about risk, and often a risk assessment and a risk program is a gap in organizations. This article is a result of reviewing current risk programs and how we address and think about risks.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Behind The Data Breach: Understanding Cloud Security And Misconfigurations
Cyber Security Hub
September 17, 2019
Many breaches occurring today are applications that reside in the cloud. We often hear the cause is a misconfiguration on the customer side. So, what can be done to aid in identifying these misconfigurations? Hosting the right discussions within the organization and having the proper considerations will reduce the risk and misconfigurations when moving data and applications to the cloud.
See publication
Tags: Cloud, Cybersecurity, Leadership
Business Continuity Planning Made Simple
LinkedIn
August 19, 2019
Business Continuity Planning (BCP) goes beyond Cybersecurity; however, cyber security leaders are often looked at to implement, lead, and design the BCP program.
BCP is the plan implemented when a disaster occurs. These disasters span natural disasters, cyber attacks, or simple power outages. Simply; the question is, how do you keep the business running? That could mean utilizing pen and paper processes until normal operations are restored.
See publication
Tags: Cybersecurity, Leadership, Business Continuity
Moving To The Cloud: Considerations Beyond The Bottom Line
Cyber Security Hub
August 12, 2019
Organizations are rapidly moving to cloud providers for legitimate reasons, including reduced costs, digital transformation initiatives, and improving the agility of business. This allows organizations to focus on distinct, core competencies and how to generate revenue or deliver services.
See publication
Tags: Cloud, Cybersecurity, Leadership
So you want to be good at Cybersecurity?
LinkedIn
July 21, 2019
Here are some simple concepts to be effective in Cybersecurity
Outside learning and remaining proficient at the technical aptitudes required in cybersecurity; there are few items to learn that aids in becoming an effective cybersecurity practitioner.
See publication
Tags: Cybersecurity
Patching And The Basics
Cyber Security Hub
July 04, 2019
Recent breaches and ransomware attacks bring further attention to a long-standing issue of poor cyber security practices. This also ignites the flurry of security product hustlers promoting that their product stops, reduces, or in some manner addresses the issues contributing to these attacks.
See publication
Tags: Cybersecurity, Leadership, Risk Management
Defense Agenda: A Week In The Life Of Kentucky CHFS CISO Dennis Leber
Cyber Security Hub
May 21, 2018
At the Cabinet for Health and Family Services (CHFS) for The Commonwealth of Kentucky, we provide all the social services that a citizen requires. This includes food assistance, healthcare, adoption assistance and child support, just to name a few. The Commonwealth has 120 counties and we operate in all of them.
See publication
Tags: Cybersecurity, Leadership
METT-T for the Information Security Leader
linkedin
December 19, 2017
METT-T is an acronym for planning patrol mission utilized by the US Marine Corps. This acronym is also very useful when applied to planning Information Security.
See publication
Tags: Cybersecurity
Questions to ask when Protecting Data
linkedin
September 21, 2017
This is a list I authored in response to a thread on Peerlyst.com. Thought it would be helpful, and starting point to grow the list. This has also been placed on my blog mostinterestingmaninis.com
See publication
Tags: Cybersecurity
Public Health Informatics and Information Systems
Apr 1, 2019 publication descriptionJ.A. Magnuson, P.C. Fu, Jr. (eds.), Public Health Informatics and Information Systems, 155 Health Informatics, DOI
August 11, 2019
Authoring new chapter for 2019 edition of the Public Health Informatics and Information Systems text book. This chapter covers Health Information Systems Security
See publication
Tags: Cybersecurity, HealthTech, Health and Safety
The Language of Cybersecurity
XML Press
July 01, 2018
The Language of Cybersecurity defines 52 terms that every business professional should know about cybersecurity, even professionals who are not specialists. Anyone who uses any kind of computing device needs to understand the importance of cybersecurity, and every business professional also needs to be able to speak intelligently with cybersecurity professionals.
Expertly compiled and edited by Tonie Flores, this book is an essential reference for cybersecurity experts, managers, students, and anyone who uses a computer, tablet, smart phone, or other computing device.
See publication
Tags: Cybersecurity
CISO Chats - Dennis Leber Talks Human Factors in Cybersecurity
YouTube
September 23, 2021
CISO Hall of Famer Dennis Leber sits down with Alona to discuss human factors engineering in cybersecurity, how cybersecurity literacy needs to be prioritized in leadership positions across the organization, and the ways in which risk assessment needs to evolve to our modern infrastructure.
See publication
Tags: Cybersecurity, Management, Business Strategy
The Art of Medicine, Episode #18, Cybersecurity Update
YouTube
September 17, 2020
Dennis Leber, Chief Information Security Officer (CISIO) at the University of Tennessee Health Science Center (UTHSC), Memphis, TN, joined me for this interview about cybersecurity. Dennis developed his cybersecurity expertise with a stint in the Marines, followed by 14 years in law enforcement. Looking to develop his career, Dennis discovered that cybersecurity addressed his desire to "serve and protect" and his interest in computers. He obtained a master's degree and is soon to complete his Ph.D. When the Army Reserve called him up to active duty in the 2nd Gulf War, Dennis applied his skills to military communications. Back in civilian life, Dennis worked IT in auto manufacturing and built cybersecurity systems from the ground up.
See publication
Tags: Cybersecurity, Management, Business Strategy
Security - Malware, Viruses and More!
This Week in Health Tech
December 18, 2019
Vik and Jimmy welcome guest Dennis Leber, a Cyber Security expert to discuss security challenges in general and for Healthcare organizations.
Who is coming up w/ viruses and malware and why are they trying to hack organizations?
What can we do to keep our data safe?
What to watch out for when using the web and mobile apps.
See publication
Tags: Cybersecurity, HealthTech, Risk Management
Security Leaders Help Make Sense Of CISO Priorities For The Balance Of 2019
Cyber Security Hub
August 20, 2019
Cyber Security Hub took the industry pulse of cyber leaders at the end of 2018 and again in the middle of 2019. Changes in priority and concern highlighted in the CShub Mid-Year 2019 CISO Priorities market report were further discussed with a pair of experienced CISOs during a recorded webinar in August. Here are the key findings from that market report and the CISO perspective for how these can be interpreted by enterprise security leaders.
See publication
Tags: Cybersecurity, Leadership
Ultra Enhanced Deluxe AI with a Drop of Retsyn
Security Boulevard
July 31, 2018
As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Dennis Leber (@dennisleber), CISO, Cabinet for Health and Family Services, Commonwealth of Kentucky and the self proclaimed “Most Interesting Man in Information Security.”
See publication
Tags: AI, Cybersecurity, Leadership
Security and Privacy Assurances in Software
Proquest
September 01, 2021
This qualitative interpretive study explored assurances in software that the privacy and security of consumers are protected. Developers often choose profit and time to market over security or simply do not possess the knowledge to create secure applications. Researchers noted in 2020 that over 11,000 exploitable vulnerabilities in code were reported through the common vulnerability and exploit database (CVE). Of these, 34% of the CVEs, no patch is available to mitigate the risk posed to security and privacy. The six major themes surfaced from the analysis: (a) educational elements, (b) governance elements, (c) operational elements, (d) cultural elements, (e) security elements, (f) technology elements. Privacy and security are a long-standing concern for humans. Early examples of privacy concern are demonstrated by the Bill of Rights proposed by James Madison in 1789 as the fourth amendment. This right to privacy is a time-tested paradox of constitutional law in the United States that was solidified by a Supreme Court ruling in 1965 (Head, 2019). Maslow (1943) discusses basic human needs. Security is the most basic need and must be fulfilled before any other. The use of software in either personal devices or applications running a business, if not developed securely, may expose personal information that compromises security and privacy. The purpose of this study is to determine the assurances software developers can provide to users that solutions consider and protect the privacy and security of users. The result of the study deduced that assurances are desired, what assurances consumers desire, that assurances are preferred from third-party entities, and an opportunity to improve education for developers and consumers.
Keywords: Secure software development, Software, Cybersecurity, Security, Privacy, Information Security, Risk Assessment, Threat modeling, Security forethought, vulnerability, Mitigation, DevSecOps, Secure Coding, Code, Application, Security
See publication
Tags: Cybersecurity, DevOps, Emerging Technology
Public Health Informatics and Information Systems
Springer
January 01, 2020
Reflects changes in health information technology policy that have swept through the field of health information exchange
Contains an updated perspective on public health in general and the implications for healthcare technology and its application
See publication
Tags: Cybersecurity, Health and Wellness, HealthTech
Why did they click that? Human errors factor
BrightTALK
January 19, 2021
This webcast discusses the Human errors factor of cybersecurity. Organizations often focus on the processes and technology and leave out the Human aspect. Many industries embrace Human factor programs in addressing challenges and cybersecurity can learn a lot from these programs and utilize them to improve security and reduce risks.
During this webinar we will discuss; HFACS-Cyber, the need for Human Factors Programs in Cybersecurity, targeting human risk factors, and the business value of Human Factors.
Participants will take away the following:
1. The importance of including Human Factors
2. The risks removed once you include Human Factors
3. The business value and some tips on how to obtain executive support for such a program
See publication
Tags: Cybersecurity, Future of Work, Business Strategy
ISEA 2020 Summit - Statistical Engineering: We Are Not Alone
YouTube
November 19, 2020
Loosely speaking, statistical engineering is a discipline that seeks to provide best practices and rigor in the solution of large, complex, and unstructured problems. It is recognized that these problems will require interdisciplinary expertise and the solutions will be data driven. But statisticians are not alone in solving large, complex, and unstructured problems in a rigorous, systematic, and data driven manner. In this talk we explore two professional associations whose memberships span the knowledgebase necessary to fulfill the vision of statistical engineering. We present several case studies from these communities that beg the question, is this statistical engineering? If so, what can we learn from these communities and should we consider partnership?
See publication
Tags: Cybersecurity, Management, Business Strategy
From Risk to Reward - Pandemic to Possibility Webinar Series
YouTube
October 27, 2020
The global pandemic has forced the growth and need for remote working. Your organization has likely had to adapt to a new model of delivering services and experiences to employees. But what protocols have you put in place for the safety and security of your data? How will your strategy evolve to reduce the new risks that come with telework and take advantage of the opportunities? In this session, we’ll answer questions like these and more and discuss methods and tips to set your organization up for telework success.
See publication
Tags: Cybersecurity, Management, Risk Management
CISO/Security Vendor Relationship: 15 Ways to Make 'First Contact' with a CISO
