The Cyber5 Podcast

Delve Risk’s Anthony Johnson

Episode 4 of the podcast focuses on the CISO’s perspective on the importance of understanding the corporate network environment and features Anthony Johnson, Managing Partner of Delve Risk.
Outline:

  • (00:22) Introductions
  • (01:07) Question 1 – As a CISO, if I don’t have clear or accurate insight into the state of my assets and infrastructure, what immediate risks am I incurring?
  • (02:23) Question 2 – You’ve started a role as a CISO at a new company – how do you test the information your presented with around the the network, the current state of the security team and tech stack, and when do you trust it?
  • (03:21) Question 3 – In your experience, what percentage of the network do you think the average CISO and team have a good handle on and are there trends in the gaps?
  • (05:51) Question 4 – Are there any trivial gaps – How complete should a CISO’s knowledge and insight into their environment be; IE If they’re confident on 80% of the network, is that enough?
  • (08:43) Question 5 – How has the emphasis on maintaining a meaningful understanding of your network impacted your strategy around the staffing/teams that you’ve built?
  • (10:53) Recap & Takeaways

Episode 4 | July 24, 2020

Adversary Research
Discovering the methods, motives and identity of threat actors to disrupt attacks 
Reputation Defense
Technical guidance for countering disinformation and slanderous attacks 
Trust & Safety
Intelligence to secure business operations and defend against fraud, abuse and e-crime 
TPRM Exposure
Adversary-centric intelligence to address supplier, M&A and investment risks 
Outside Intel
Research for defending outside the firewall that leverages tier 3 intelligence programs 
Executive Shield
Assessment of threats to key personnel with attribution and PII takedown  
Adversary Insights Retainer℠
Annual retainers for client-driven inquiries and rapid-response research 
Intelligence Team as a Service
Collaborative engagement providing robust intelligence and tier 3 cyber analysts  
Event-Driven Intel Investigations
Multidimensional security fact-finding that delivers insights into adversary behavior 
On Demand Threat Research
Proactive and preventative investigations that reveal threat actor context and risk correlations 
Investment Zero Touch Diligence℠
Project-based discovery to assess risk for investments, IPO, Mergers and Acquisitions 
TPRM Zero Touch Diligence℠
Subscription assessment of external network hygiene, key personnel, and non-traditional business risks