I was honored to have Wendy Nather, head of advisory CISOs for Duo Security–now part of Cisco, join me as my guest for this episode of the Inner Circle podcast. Wendy is one of the most respected voices in cybersecurity today–which also explains why Marcus Carey and Jennifer Jin invited her to contribute on the recently released book Tribe of Hackers.
She and I discuss the book some during the podcast–but I had not yet received the book when we were recording. The book is filled with tremendous insight from a diverse array of cybersecurity veterans and visionaries. One of my favorite bits from Wendy is her answer to the question, “How is it that cybersecurity spending is increasing but breaches are still happening?”
“You can certainly spend more money on something and still not be doing it right. On the other hand, you can be doing a lot of things but not spending money in the right places. We tend to equate one with the other–that if you’re spending a lot, you must be doing a lot; and if you’re doing a lot, it must be effective. But I don’t think any of those things follow, necessarily, from that. I think, in a lot of ways, we don’t understand how to solve this problem yet. So we’re throwing more money and lots of different techniques at it in the hope that we’ll find the right thing–find that spaghetti that sticks to the wall–but I don’t think we’ve gotten there yet. Therefore, spending more money doesn’t necessarily equate to solving the problem.”
The main focus of our discussion on the podcast, however, is zero trust security. Wendy and I talk about the need to elevate security beyond two-factor or multifactor authentication to a zero trust approach that continues to verify that a given user, device, or service is still who they say they are and that they still have a valid reason for accessing the data they’re accessing and doing the things they’re doing on your network.
Listen to the podcast and feel free to comment below to share your thoughts.