Patrick Garrity, Security Researcher at Nucleus Security, interviews Aleksandr Yompolski, CEO of Security Scorecard, about the evolving cybersecurity landscape and the role of security ratings and risk assessments.

They discuss the challenges organizations face in defending against exploitation attacks, the need for collaboration and communication in the industry, and the importance of balancing security and business agility.

Aleksandr emphasizes the value of data-driven approaches and automation in cybersecurity, as well as the need for standardized metrics and accountability in security ratings.

The conversation highlights the ongoing need for proactive and resilient cybersecurity practices in a rapidly changing digital world.

Chapters

00:30 Alex's experience as a CISO and the mission of Security Scorecard

03:24 Impact of external exposure trends in the last ten years

06:03 Shift towards exploitation as an initial attack vector

07:33 Organizations' progress in improving external attack surfaces

09:21 Challenges in making progress in cybersecurity

10:55 Importance of collaboration in the security industry

11:59 Resistance to measuring and discussing cybersecurity programs

13:36 Adoption of a standard set of metrics for measuring cyber risk

14:00 Role of software vendors in hindering cybersecurity efforts

15:19 Balancing security and business agility

18:41 Misconceptions about cybersecurity ratings

19:57 Use of security ratings for decision making

21:44 Need for standardization and accountability in security ratings