Defense in Depth discuss 'what are you defending?'

Thursday, 7 May, 2020

Defense in Depth logo over a photograph of a microphone

Cydea’s founder, Robin Oldham, is featured on this week’s Defense in Depth podcast discussing asset valuation.

Citing our blog post, Robin’s comments were picked up by David Spark and featured on the show. "What are we defending? is a question that gets asked no where nearly enough. Ask it early. Ask if often."

Both co-host Allan Alford and this week’s guest Bobby Ford agreed.

“The first thing you have to do is identify critical activities. That’s paramount.”

– Bobby Ford, Global CISO, Unilever

Allan pointed out that it often isn’t a yes/no case when it comes to what you are defending. There is often nuance and decisions cannot be made by the security team alone. Business teams must provide input if the right balance is to be struck.

Absolutely. And I think it’s not just a yes/no proposition, it’s also a stack ranking proposition. Certain things definitely need defending, and need defending now, right away, high priority. Some things, ok, we can put them further down the list. And some you may choose to not touch at all.”

– Allan Alford, Delivery CISO, NTT Data Services

It’s not just impact that drives the need for things to be protected. Perhaps it is a legal requirement that means they must. Perhaps budget applies constraints and novel solutions need to be found. Perhaps it’s just not that important.

For those who situations where teams are challenged to ‘just protect, just monitor… everything!’ Bobby has a great response: Ask them what they want you to do first.

It is a good listen and you can find the podcast on cisoseries.com, plus podcast platforms like Apple Podcasts, Spotify, or Google Play. Don’t forget to read our original blog post and ask yourself what am I defending? too.

Perfect listening for the long weekend, here in the UK!