Villains

CISO Series: We Shame Others Because We’re So Right About Everything

Listen here: https://cisoseries.com/we-shame-others-because-were-so-right-about-everything/
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”

Business of Software

Business of Software (Mark Littlewood)
A Conversation with Andy Ellis
https://businessofsoftware.org/2019/10/harry-potter-star-wars-nobody-villain-story-conversation-andy-ellis-cso-akamai/

Andy was one of the speakers at this year’s BoS Conference USA 2019 and talked about why humans were awesome at risk management and why humans were awful at risk management. It is good. Very good. At the speaker dinner, we got into a conversation about how people can take the same data to come to derive completely different meanings. He’d been thinking about this and explained how you can take the Harry Potter stories and come to some very disturbing conclusions. In this discussion with Andy, he explains, using both Harry Potter and the Star Wars trilogy as examples. Very entertaining and thought-provoking… Harry Potter fans might not like it.

Security Stories

Security Stories (Hazel Burton)
Creating more opportunities for others, with Andy Ellis

https://www.buzzsprout.com/926089/4502858-9-creating-more-opportunities-for-others-with-andy-ellis

In this episode we chat to Andy Ellis, who, on the very day we interviewed him, was celebrating his 20th anniversary as the Chief Security Officer for Akamai. We cover many topics - from taking down the "booth babe" culture at RSA, to fighting for more representation and diversity on cyber panels, to how he eliminated the password at his organization and built a Zero Trust network, before that became a thing.

Andy also shares one of the most interesting Star Wars theories we've ever heard, and has a fascinating take on heroes vs villains, and how the two overlap depending on who's telling the story. He then talks about why he hires librarians and journalists in his security team, and also, exactly how hard it is to train lizards. (The last two topics aren't related, btw!)

You can read Akamai's "State of the Internet" report here: https://www.akamai.com/uk/en/resources/our-thinking/state-of-the-internet-report/

CSO (pt 2)

CSO (Bob Bragdon)
Don’t Be Batman: Why CISOs Should Embrace The Sidekick Role, Part 2
https://www.csoonline.com/article/3516080/episode-10-dont-be-batman-why-cisos-should-embrace-the-sidekick-role-part-2.html

In this second half, Akamai CISO Andy Ellis and host Bob Bragdon continue their talk about the good guy/bad guy dynamic in the infosec community and why it can result in you being marginalized in your organization. Ellis’ advice: Don’t try to be the hero; be the sidekick.

CSO (pt 1)

CSO (Bob Bragdon)
Don’t Be Batman: Why CISOs Should Embrace The Sidekick Role, Part 1
https://www.csoonline.com/article/3516079/episode-9-dont-be-batman-why-cisos-should-embrace-the-sidekick-role-part-1.html

There is a prevailing attitude in the infosec community that security pros are the good guys and the bad guys are, well, just about everyone else — users, developers, senior leadership. This good guy/bad guy dynamic can result in you being marginalized in your organization, says Akamai CISO Andy Ellis. His advice: Don’t try to be the hero; be the sidekick.