Ross Young, Creator of the OWASP “Tasmanian Devil” Threat and Safeguard Matrix [TaSM]

If malware slipped through your network’s firewall, what processes would your organization follow to identify it, detect it, respond to it, recover from it, and protect against similar attacks in the future? If you don’t have a thorough plan in place to put in motion for this eventuality then it’s best to pay close attention to my interview with the creator of the Open Web Application Security Project (OWASP) Threat and Safeguard Matrix [TaSM], Ross Young.

Ross Young has had a successful career in the private and public workforce on the offensive and defensive security side. He is the current Chief Information Security Officer (CISO) at Caterpillar Financial who, prior to this, was also a Divisional CISO at Capital One, spent more than 10 years in the CIA, while holding high-level security roles at The Federal Reserve and NSA.

Ross also pioneered the OWASP Threat and Safeguard Matrix, nicknamed TaSM (like a Tasmanian Devil), to help CIOs and CISOs understand what the biggest threats and risks to their company that they need to focus on. TaSM acts as a simple matrix that identifies the NIST functions of identify, protect, detect, respond and recover, helping companies create a contingency plan to bounce back after a cyber-attack.

I spoke with Ross in great detail about the importance of quickly responding to malware and ransomware that compromises your IT system availability. He did a fantastic job of explaining just how important having a lightning fast response time was to sidestepping cyber-attacks. Ross completed the defense innovation picture by detailing the importance of having a robust, but easy to follow, Business Continuity Plan (BCP) in place prior to the attack.

Listen as I talk to Ross about the benefits of integrating TaSM into your organization’s defense plan, using Deception Technology to entice attackers to interact with false IT assets while you deploy a Disaster Recovery (DR) test to restore your backups and gain resiliency from cyber threats.

As a CIO and Business IT Leader here are some wins you will get by listening:

CIA and NSA roles contain quite a caliber of personnel. [3:00]
You must leverage skills and experiences now to prepare for the future of hacking. [3:30]
OWASP TaSM helps companies understand where their biggest threats and risks lie. [5:00]
Be proactive against ransomware by building a defense in-depth strategy. [6:30]
What active protection mechanisms are in place to secure your financially significant applications? [7:30]
Manage your domain administrator accounts with a PAM or BeyondTrust to deter malware injections. [8:30]
Testing your BIA findings against your DRP will help you understand your potential operational disruption following a ransomware attack. [10:00]
Business continuity dictates how a business lives on if there’s no IT system availability. [11:30]
TaSM is much more than a cyber framework. It’s a tool for your organization to operate as a risk committee. [13:00]
Compliance, Cyber and HR can use TaSM to implement focused safeguards to protect the organization. [14:00]
When your legal and HR officers recommend higher budgets to prevent phishing, that’s a good place to be as a CISO. [14:30]
TaSM increases organizational visibility, allowing teams to create a consistent, standardized way to perform threat modeling. [16:30]
TaSM gives the CIO and CISO the power to measure and monitor the effectiveness of compliance safeguards. [18:00-19:00]
How often do people have MFA but they don’t really take advantage of conditional access? [21:30]

How to Connect with Ross

Key Resources

Resources referenced in Podcast:

OWASP Threat and Safeguard Matrix (TaSM), OWASP, owasp.org/www-project-threat-and-safeguard-matrix/.

Love this episode? Leave a Review

Share it on your LinkedIn feed.

If you haven’t already, please make sure you leave us a review on iTunes.

About Bill Murphy

Bill Murphy is a world renowned IT Security Expert dedicated to your success as an IT business leader. Follow Bill on LinkedIn and Twitter.

If you are interested in learning more about my company, RedZone Technologies, and our security expertise, in particular related to Cloud and Email Security Kill Chain Strategy, Techniques and Tactics you can email cloudkill@redzonetech.net.

Read Full Transcript

You can go to the show notes to get more information about this interview and what we discussed in this episode. Click Here to download the full transcript.