Skip to content

CISO Thoughts with David Lindner - March 25

    
CISO Thoughts with David Lindner - March 25

Insight #1

When communicating to your stakeholders and the public about an incident, it’s extremely important to be transparent, accurate, and fast. It’s always better to explain that you don’t know yet or you are investigating and then explain what exactly you are doing to figure it out. At the same time you are performing an investigation,  provide any proactive measures your customers can take to limit any potential exposures.
 

Insight #2

When it comes to your open source software usage, it is extremely important to pin your libraries to a specific version and not just blindly pull the latest. There have been way too many incidents such as the node-ipc issue that we can prevent by simply pinning to a specific version. 
 

Insight #3

You cannot hack yourself secure. There is no way to have a 100% secure system if that system has any functionality at all. The best approach to secure your environments is to put together a layered approach with appropriate controls to identify, protect, detect, respond, and recover (yes the NIST CSF). Understanding what you have, how you are protecting, what you should be detecting, and how quickly you can respond and recover will always win in the race to being as secure as possible. 

 

David Lindner, Chief Information Security Officer

David Lindner, Chief Information Security Officer

David is an experienced application security professional with over 20 years in cybersecurity. In addition to serving as the chief information security officer, David leads the Contrast Labs team that is focused on analyzing threat intelligence to help enterprise clients develop more proactive approaches to their application security programs. Throughout his career, David has worked within multiple disciplines in the security field—from application development, to network architecture design and support, to IT security and consulting, to security training, to application security. Over the past decade, David has specialized in all things related to mobile applications and securing them. He has worked with many clients across industry sectors, including financial, government, automobile, healthcare, and retail. David is an active participant in numerous bug bounty programs.