In this episode of "Secrets of AppSec Champions," titled "Auditing Your Security Program," host Chris Lindsey converses with Roddy Bergeron, a cybersecurity fellow at SherWeb. They tackle several pressing topics in the realm of cybersecurity auditing, starting with the financial repercussions of poor data management. A friend's experience underscores the importance of sending condensed data rather than raw data to avoid increased cloud storage costs. This leads to a broader discussion about data lifecycle policies, retention, and the necessity of consulting legal teams to navigate varying regulatory requirements. They emphasize the importance of proper data integrity measures, like using tamper-proof formats and effective backup strategies such as the three, two, one methodology and worm media.
The conversation then shifts towards the evolving regulatory landscape, highlighting Cybersecurity Maturity Model Certification (CMMC) and its mandate for third-party auditors to certify companies accessing government contracts. Roddy underscores the benefits of external audits in identifying blind spots and ensuring compliance, a practice likened to the financial industry's audit requirements. He shares his rich background in government auditing, nonprofit work, and managed service providers, providing a nuanced perspective on the interconnected risks in IT environments. Roddy offers insights into key cybersecurity practices, stressing how external audits can mitigate risks, identified as crucial in a complex digital landscape.
The episode wraps up with a focus on the human element in cybersecurity. Roddy Bergeron emphasizes the need for emotional intelligence and continuous learning in incident response, pointing out that technical prowess alone is insufficient. He shares his hardest lesson: the necessity of prioritizing the human side of incident response, recognizing the profound impact of cybersecurity incidents on people's lives and careers. The conversation concludes with an invitation from Chris for listeners to subscribe and review the podcast, as they reflect on the importance of humility and ongoing improvement in the ever-evolving cybersecurity field.

Key TimeStamps:
00:00 Evolving Financial Regulations: A Varied Career Perspective
04:32 Importance of Comprehensive Auditing for Business Cybersecurity
07:43 The Impact of Interconnected Systems on Liability
10:32 The Significance of Purposeful Data Collection for Security
12:18 Maximizing Security Visibility without Overload
15:26 Effective Data Management for Businesses
19:23 The Impact of Cybersecurity Legislation and CMMC
24:23 Improving Risk Posture through Third-Party Assessments
28:10 The Crucial Role of Human Empathy in Incident Response
29:10 The Importance of Employee Care During Incidents

For more amazing application security information, please visit the following LinkedIn communities:
https://www.linkedin.com/company/appsec-hive

Provided by Mend.io (https://mend.io)