#125 - Cyber Ranges (with Debbie Gordon)

Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in. Ranges are a full replica of an enterprise network with real tools, traffic, and malware. They allow teams to practice detecting and responding to attacks in a safe environment. Debbie Gordon, founder of Cloud Range, explains how ranges can help organizations accelerate experience and reduce risk in cybersecurity. She emphasizes the importance of educating an organization's user base to become the first and last lines of defense against cyber threats. By training non-technical executives to spot suspicious activity and bring it to the attention of the security team, organizations can minimize the damage caused by phishing attacks, ransomware, and other cyber threats. Gordon also highlights the importance of team training in cybersecurity because it's not just about individual skills, but also about how teams work together to respond to threats. By practicing together in a range environment, organizations can improve their processes, handoffs, and speed in detecting and responding to attacks.

Special thanks to our sponsor Cloud Range Cyber for supporting this episode.

Website: www.cloudrangecyber.com

Email: info@cloudrangecyber.com

Full Transcripts: https://docs.google.com/document/d/1yWenwauzfAiQYafFW0Iew33vbzvlO2BO

Chapters

• 00:00 Polished Security Programs need Policy, Practice, and Proof
• 00:54 Policy
• 02:47 Practice
• 03:44 Proof
• 04:28 How to Apply the Concepts of Ranges to Help Organizations
• 06:05 The importance of Experiential Learning
• 07:48 The Importance of following Procedures
• 12:12 The Benefits of Team Training for Cyber Ranges
• 15:33 The Importance of Muscle Memory
• 20:22 How to Maximize Your Investment in Cybersecurity (KPIs & Measurable Results)
• 24:33 The Advantages of using the MITRE ATT&CK® Framework
• 27:41 The Advantages of Following ISO Standards
• 31:36 How to Improve your Cloud Range Exercises
• 33:22 How to use Cognitive Aptitude Assessments for Workforce Development
• 37:44 How to level the Playing field for Cyber Talent
• 39:39 The Importance of Degrees in Cyber Security
• 41:03 Making the CISO's job easier