Why You Must Think Like a HACKER


Here’s the cheat-sheet for this week’s episode of Life of a CISO. In order to be a good CISO, it’s not enough to think like IT support, you must learn to think like the adversary. Remember, prevention is good, but detection is a must, and you can’t have 100% security and have functionality.

Tune in to today’s episode to learn how to start thinking like a hacker so that you can prevent cyber attatcks!

In this episode:

  • 0:04 Welcome to this episode of Life of a CISO
  • 0:37 The importance of thought leadership and strategic thinking
  • 2:15 The most important thing a CISO needs to know: Your critical data, the threats, and vulnerabilities that exist that could cause harm to that critical data?
  • 4:30 100% security doesn’t exist
  • 5:17 What is the difference between a major breach and a minor breach?
  • 6:43 A minor breach is caught before major damage is done. A major breach is not
  • 8:20 Prevention is ideal, detection is a must
  • 9:00 How does an attack occur?
  • 9:22 Every attack is not unique
  • 10:30 Think like an attacker
  • 11:13 The server and the client
  • 15:11 The 5 step process
  • 12:14 Companies fail because they focus most on step 3
  • 13:06 An easy way to see what is visible from outside of your network
  • 15:06 The adversary knows more than you do
  • 17:06 It all starts with an accurate network diagram
  • 18:33 Do your reconnaissance, just like the adversary
  • 19:05 The server (part 1)
  • 20:29 Start with internet-facing systems
  • 21:35 The 90% rule
  • 23:45 If you don’t know the vulnerabilities, your adversary will
  • 24:32 No internet-facing system can have critical data
  • 27:00 Users (Part 2)’
  • 28:25 Emails are not good for file transfers
  • 29:18 Cost/benefit analysis if you stopped allowing email attachments
  • 30:15 Awareness of users
  • 30:40 Most attacks are targeted for Windows
  • 32:28 Review and wrap-up.