Preview Mode Links will not work in preview mode

Defense in Depth

Nov 14, 2019

All links and images for this episode can be found on CISO Series (

Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What's the media's role?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Dave Bittner (@bittner), producer and host of The CyberWire Podcast, Hacking Humans podcast, and Recorded Future podcast.

Thanks to this week’s podcast sponsor, Verodin.


The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.

On this episode of Defense in Depth, you’ll learn:

  • Stop laying blame on the media for negative cybersecurity perceptions. They're acting as a reflection of ourselves, both good and bad.
  • When done right, the media can bring about much needed attention to issues, most often to enlighten those not in the know.
  • A good indicator of media's success in informing us is when our friends and family, who are not as cybersavvy, start asking us our thoughts on big security issues.
  • Disturbing trend is the media referring to an attack as "sophisticated" when it's often a poorly secure server that was just waiting to be breached.
  • Given this trend, many are eager for the media to demystify these supposedly "advanced" attacks demonstrating that the rest of us can protect ourselves even if we're not cyber-sophisticated.
  • Social engineering demos are often done for the purpose of humor rather than showing how dangerous it can be when we let our guard down.
  • Outside of someone like Bruce Schneier, the cybersecurity industry needs the equivalent of a high-profile expert who can speak to the lay person, à la Bill Nye, The Science Guy.