#125 - Cyber Ranges (with Debbie Gordon)

Are you worried about cyber threats and data breaches? Do you want to build a strong cybersecurity program to protect your organization? Look no further! In this episode of CISO Tradecraft, G Mark Hardy and Debbie Gordon discuss the three dimensions of an effective Information Security Management System: Policy, Practice, and Proof. G Mark emphasizes the importance of having a proper cybersecurity policy that references information security controls or outcome-driven statements. However, it's not enough to have policies on paper; organizations need to practice what's on paper to be prepared for cyber events. This is where ranges come in. Ranges are a full replica of an enterprise network with real tools, traffic, and malware. They allow teams to practice detecting and responding to attacks in a safe environment. Debbie Gordon, founder of Cloud Range, explains how ranges can help organizations accelerate experience and reduce risk in cybersecurity. She emphasizes the importance of educating an organization's user base to become the first and last lines of defense against cyber threats. By training non-technical executives to spot suspicious activity and bring it to the attention of the security team, organizations can minimize the damage caused by phishing attacks, ransomware, and other cyber threats. Gordon also highlights the importance of team training in cybersecurity because it's not just about individual skills, but also about how teams work together to respond to threats. By practicing together in a range environment, organizations can improve their processes, handoffs, and speed in detecting and responding to attacks. Special thanks to our sponsor Cloud Range Cyber for supporting this episode. Website: www.cloudrangecyber.com Email: [email protected] Full Transcripts: https://docs.google.com/document/d/1yWenwauzfAiQYafFW0Iew33vbzvlO2BO Chapters 00:00 Polished Security Programs need Policy, Practice, and Proof 00:54 Policy 02:47 Practice 03:44 Proof 04:28 How to Apply the Concepts of Ranges to Help Organizations 06:05 The importance of Experiential Learning 07:48 The Importance of following Procedures 12:12 The Benefits of Team Training for Cyber Ranges 15:33 The Importance of Muscle Memory 20:22 How to Maximize Your Investment in Cybersecurity (KPIs & Measurable Results) 24:33 The Advantages of using the MITRE ATT&CK® Framework 27:41 The Advantages of Following ISO Standards 31:36 How to Improve your Cloud Range Exercises 33:22 How to use Cognitive Aptitude Assessments for Workforce Development 37:44 How to level the Playing field for Cyber Talent 39:39 The Importance of Degrees in Cyber Security 41:03 Making the CISO's job easier