In this episode, Ryen Macababbad, Microsoft America’s Lead for Customer Architecture and Engineering, breaks security down to the basics with the CIA Triad – Confidentiality, Integrity, Security.
In a world where our electronic data and access to the internet are paramount to our success, Ryen reviews some traditional security “best practices” (like implicit trust) and how they may not be appropriate in a post-COVID world.
For example, VPN-based access to your network was fine when you can trust everything from the server to the network to the end-user device. However, how many organizations enabled their users to BYOD (bring your own device)? Connect from Starbucks? Each of these items requires more considerations for security, and offers more opportunities for insecure access to your data.
Or what about password policies that require 90 day updates? Do you users set unique, secure passwords every 90 days or do they use an easy pattern such as “Fall2020” and “Winter2020”.
Surely MFA fixes these concerns – except if you use SMS for MFA a simple man-in-the-middle attack can give bad actors access to your information.
In this episode, Ryen provides more than simply doom-and-gloom as she introduces concepts of passwordless-access, multi-factor with apps instead of SMS, education on phising awareness, and more.
In addition to a great conversation on the common woes of “good security” Ryen covers five things we have to consider in this post-COVID world:
- Don’t share passwords – everyone should have their own identity, and get rid of passwords altogether!
- Approach security with empathy to solve business problems instead of create barriers.
- Do not implicitly trust – anything. Networks. VPN. Devices. MFA over SMS.
- Ensure conditional access policies – BYOD is great, but ensure you have the ability to secure it!
- MAKE IT EASY!
About Ryen Macababbad
Ryen is the Americas Lead for Customer Architecture & Engineering at Microsoft. She manages a diverse team of highly skilled Architects focused on helping customers implement Zero Trust Foundation principles and solutions such as Azure Active Directory (Azure AD) and Microsoft Endpoint Manager (MEM), as well as their solutions within Azure Security like Sentinel and Azure Defender.
She is hugely passionate about cybersecurity and helping Microsoft’s customers secure their environments and improve their security posture and dedicated to helping others solve problems using her knowledge and experience as well as the expertise of those with whom she is connected.
Ryen’s number one priority when working with customers is to build a trust relationship by being authentic and showing her genuine empathy for the problems they are trying to solve so that she can work together with them to drive solutions. That trust is integral to our collaboration to improve productivity and the security posture of the organization.
Ryen is a Veteran of the U.S. Army, having served two combat tours overseas, in Iraq and Afghanistan, where she used her skillsets in problem solving, troubleshooting, hardware repair and maintenance. Her years of active service taught her discipline, ethics, perseverance, the value of hard work, and how to understand the bottom line. This allows her to be results-oriented and adapt quickly in high-paced environments utilizing well-honed critical thinking skills to find or create solutions.
She is an extremely driven individual with a solid work ethic and an energetic, passionate personality that motivates everyone around her.