(2020-06-25) vulnerability disclosure, bug bounty, Canon, threat intel, purple teaming
(00:09:49) […] it is like steering a super tank on occasion. When someone says “It's been three weeks, why didn't you fix that?” It's like, well, it's just taken me a week to get it all translated into Japanese and arrange a meeting with the right person. Trust me, I'm trying to make this happen. I can't just click my fingers…
Quentyn Taylor is the Director of Information Security at Canon Europe, Middle East and Africa. He talks to Stu about important aspects of vulnerability disclosure and bug bounties programmes, where to start, how to set the boundaries and drive business and budget decisions based on findings – amongst many other things. They also touch on:
- Humble beginnings
- Passport-less travelling
- Vulnerability disclosure and bug bunty programmes
- Challenges for middle to large size organisations
- Hyper verticalization of IT organisations
- Waterfall vs Agile(ish)
- Importance of understanding your own attack surface
- Red & Purple teaming and driving budget conversations based on the findings
- Internal auditing vs external bug bounty hunters
- Value of prior experience and curiosity when transitioning to InfoSec
They finish the conversation with excellent rant about CISO – the sacrificial lamb of data breaches, Cyber threat intelligence and scientific approach to report writing.
Excellent conclusion of this interesting podcast episode.
- (00:23:55) […] people tend to overestimate the pace of change in the short term and underestimated in the long term
- (01:11:20) […] don't set yourself up and say:” I must become a CISO is where I must be. Now, there are so many other diversified senior roles that you may actually find more interesting, because if you're not enjoying your life, what the hell are you doing with it? […] do the job you enjoy. So find a place you enjoy, find a company you enjoy and enjoy it!