The New SEC Rule
11/20/23 • 46 min
Episode Summary
In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Professional Engineers, Senior Advisor for the Chertoff Group, Senior Advisor to the CEO of Stuart Levine & Associates, and Co-Chair of Nasdaq Cybersecurity and Privacy.
Today, Chris talks about the developments since January 2023, the timeframe requirements in practice, and normalizing cybersecurity incidents as business-as-usual. What is Inline XBRL? Learn how startups could prepare themselves for these changes, the scope of disclosure, and how risk management strategies might evolve to address Cloud-specific threats.
Timestamp Segments
· [02:36] What has changed since January?
· [06:49] Why things changed.
· [08:51] Was it a good move?
· [12:27] Determining the materiality of cybersecurity incidents “without unreasonable delay.”
· [17:49] Is 4 days enough?
· [22:19] The scope of disclosure.
· [24:09] Normalizing cybersecurity incidents.
· [26:24] Moving toward real-time monitoring.
· [28:52] Is insurance becoming a forcing function?
· [32:18] Evolving risk management strategies.
· [36:05] Third-party disclosure requirements
· [39:51] How do startups prepare?
· [41:52] What is Inline XBRL?
· [42:54] Inline XBRL to 8-k.
· [43:30] How the tagging requirement impact the disclosure process.
Notable Quotes
· “The magnitude of these events is the percentage of the event relative to revenue.”
· “We’re going to see market forces drive these safety standards within our enterprises.”
Relevant Links
LinkedIn: Christopher Hetner
Resources:
https://www.sec.gov/news/press-release/2023-139.
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Episode Summary
In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Professional Engineers, Senior Advisor for the Chertoff Group, Senior Advisor to the CEO of Stuart Levine & Associates, and Co-Chair of Nasdaq Cybersecurity and Privacy.
Today, Chris talks about the developments since January 2023, the timeframe requirements in practice, and normalizing cybersecurity incidents as business-as-usual. What is Inline XBRL? Learn how startups could prepare themselves for these changes, the scope of disclosure, and how risk management strategies might evolve to address Cloud-specific threats.
Timestamp Segments
· [02:36] What has changed since January?
· [06:49] Why things changed.
· [08:51] Was it a good move?
· [12:27] Determining the materiality of cybersecurity incidents “without unreasonable delay.”
· [17:49] Is 4 days enough?
· [22:19] The scope of disclosure.
· [24:09] Normalizing cybersecurity incidents.
· [26:24] Moving toward real-time monitoring.
· [28:52] Is insurance becoming a forcing function?
· [32:18] Evolving risk management strategies.
· [36:05] Third-party disclosure requirements
· [39:51] How do startups prepare?
· [41:52] What is Inline XBRL?
· [42:54] Inline XBRL to 8-k.
· [43:30] How the tagging requirement impact the disclosure process.
Notable Quotes
· “The magnitude of these events is the percentage of the event relative to revenue.”
· “We’re going to see market forces drive these safety standards within our enterprises.”
Relevant Links
LinkedIn: Christopher Hetner
Resources:
https://www.sec.gov/news/press-release/2023-139.
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Previous Episode
The AI Episode
Episode Summary
In today’s episode, AI Safety Initiative Chair at Cloud Security Alliance, Caleb Sima, joins Matt to talk about some of the myths surrounding the quickly evolving world of AI. With two decades of experience in the cybersecurity industry, Caleb has held many high-level roles, including VP of Information Security at Databricks, CSO at Robinhood, Managing VP at CapitalOne, and Founder of both SPI Dynamics and Bluebox Security.
Today, Caleb talks about his inspiring career after dropping out of high school, dealing with imposter syndrome, and becoming the Chair of the CSA’s AI Safety Initiative. Is AI and Machine Learning the threat that we think it is? Hear about the different kinds of LLMs, the poisoning of LLMs, and how AI can be used to improve security.
Timestamp Segments
· [01:31] Why Caleb dropped out high school
· [06:16] Dealing with imposter syndrome.
· [11:43] The hype around AI and Machine Learning.
· [14:55] AI 101 terminology.
· [17:42] Open source LLMs.
· [20:31] Where to start as a security practitioner.
· [24:46] What risks should people be thinking about?
· [28:24] Taking advantage of AI in cybersecurity.
· [32:32] How AI will affect different SOC functions.
· [35:00] Is it too late to get involved?
· [36:29] CSA’s AI Safety Initiative.
· [38:52] What’s next?
Notable Quotes
· “There is no way this thing is not going to change the world.”
· “The benefit that you're going to get out of LLMs internally is going to be phenomenal.”
· “It doesn't matter whether you get in now or in six months.”
Relevant Links
LinkedIn: Caleb Sima
Resources:
Skipping College Pays Off For Few Teen Techies
The future of cloud security.Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Next Episode
30 years in cybersecurity
Episode Summary
On this episode, InfoSec veteran, Aaron Turner, joins the show to talk about everything from Cloud to AI. Over the past three decades, Aaron has served as Security Strategist at Microsoft, Co-Founder and CEO of RFinity, Co-Founder and CEO of Terreo, VP of Security Products R&D at Verizon, Founder and CEO of Hotshot Technologies, Founder and CEO of Siriux, Faculty Member of IANS, Board Member at HighSide, President and Board Member of IntegriCell, and most recently as CISO at a large infrastructure player.
Today, Aaron talks about the critical decisions that led to his success, the findings in his IANS research, and the importance of physical vs logical separation in home networks. What are the things that are lacking in current AI services? Hear about the security applications of behavioral AI, Aaron’s approach as he gets back into industry, and what it takes for Aaron to remain sharp.
Timestamp Segments
· [02:49] Getting started.
· [10:53] Aaron’s keys to success.
· [16:40] Aaron’s IANS research.
· [20:42] Physical vs logical separation.
· [24:19] Top mistakes that customers make.
· [26:56] Real-world AI applications.
· [32:13] Thinking about AI and risk.
· [36:15] What’s missing in the current AI services?
· [40:46] Getting back into the industry.
· [45:22] How does Aaron stay sharp?
Notable Quotes
· “Get deep in something.”
· “Make sure you put yourself in situations where people expect you to be sharp.”
Relevant Links
LinkedIn: Aaron Turner.
Resources:
Simplify cloud security with Prisma Cloud, the Code to Cloud platform powered by Precision AI.
Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.
Cloud Security Today - The New SEC Rule
Transcript
[00:00] Intro: This is the Cloud Security Today podcast, where leaders learn how to get Cloud security done. And now, your host, Matt Chiodi.
[00:13] Matt Chiodi: On December 15 of 2023, the new cybersecurity rules from the US Securities and Exchange Commission, otherwise known as the SEC, will take effect. On today's show, I have probably the best person that I can think of, Chris Hetner, to talk about what's changed. Now, some of you may recall, back
If you like this episode you’ll love
The Paid Search Podcast | A Weekly Podcast About Google Ads and Online Marketing
The Why And The What – Product Management Podcast
MarTech Podcast ™ // Marketing + Technology = Business Growth
Voices of Search // A Search Engine Optimization (SEO) & Content Marketing Podcast
The Legendary Leaders Podcast
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/cloud-security-today-215519/the-new-sec-rule-37353171"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to the new sec rule on goodpods" style="width: 225px" /> </a>
Copy