#168 - Cybersecurity First Principles (with Rick Howard)

In this episode of CISO Tradecraft, host G Mark Hardy is joined by special guest Rick Howard, Chief Security Officer, Chief Analyst and Senior Fellow at CyberWire. Rick shares his insights on first principles in cybersecurity, discussing how these form the foundations of any cybersecurity strategy. He emphasizes the importance of understanding materiality and integrating the concept of time bound risk assessment to achieve a resilient cybersecurity environment. The episode also delves into the value of Fermi estimates and Bayes algorithm for risk calculation. Amid humor and personal anecdotes, Rick and Mark also reflect on their experiences during 9/11. Rick introduces his book, 'Cybersecurity First Principles', elucidating the rationale behind its conception.

Link to the Cybersecurity First Principles Book: https://www.amazon.com/Cybersecurity-First-Principles-Strategy-Tactics/dp/B0CBVSX2H2/?&_encoding=UTF8&tag=-0-0-20&linkCode=ur2&linkId=1b3010fb678a109743f1fb564eb6d0fc&camp=1789&creative=9325

Transcripts: https://docs.google.com/document/d/1y8JPSzpmqDMd-1PZ-MWSqOuxgFTDVvre

Chapters

• 00:00 Introduction
• 02:00 Guest's Career Journey and Achievements
• 08:49 Discussion on Cybersecurity First Principles
• 15:27 Understanding Materiality in Cybersecurity
• 21:56 The Gap Between Security Teams and Business Leaders
• 22:21 The Importance of Speaking the Language of Business
• 23:03 The Art of the Elevator Pitch
• 24:04 The Impact of Cybersecurity on Business Value
• 25:10 The Importance of a Clear Cybersecurity Strategy
• 26:04 The Value of Business Fluency in Cybersecurity
• 27:44 The Role of Risk Calculation in Cybersecurity
• 29:41 The Power of Estimation in Risk Management
• 30:33 The Importance of Understanding Business Imperatives
• 41:25 The Role of Culture and Risk Appetite in Cybersecurity
• 45:39 The First Principle of Cybersecurity