This website uses cookies to optimise our user experience. OK. Got it.

Next 4 Events

Roundtable: Identity Governance and Privileged Access Management (29 Sept)

12:00 to 13:00 (UK Time)
Friday 29 Sep 2023

View Event Details

Secure Agility SOC as a Service Demo

09:30 to 10:15 (AEDT)
Friday 06 Oct 2023

View Event Details

Friday Briefing: Demo Event Marketing

09:30 to 10:15 (AEDT)
Friday 13 Oct 2023

View Event Details

Cyber Strategies for CIOs Open Discussion Roundtable

12:00 to 13:00 (AEDT)
Friday 20 Oct 2023

View Event Details

StrategyMix Insights Online Forum


The StrategyMix Insights Online Forum operates 24/7 which means you can ask cyber questions, get answers and exchange ideas with your peers, whenever it is convenient to you. It's a closed group, uses a Q&A format and it is tightly moderated. We apply the Chatham House Rule by encouraging all members to post under an anonymous username.

We have a sufficiently active member base that we can virtually guarantee that if you ask a question, you will get a high quality answer.

StrategyMix Insights Forum - Every Question Gets a Great Answer

Last 5 Insight Questions

Some context: I’m working with our head of DevOps on securing the global DevOps program. So, I’m focused on creating a custom framework for securing the “production line” of software developed in-house. I’m looking at OWASP’s DevSecOps maturity framework plus Gartner’s content (I have a sub). Both aren’t exactly what I’m looking for. My question: I’m interested to know which frameworks and controls companies are considering for securing repositories for source code, artifacts and containers, commits and CI/CD pipelines. We’re standardising on GitHub, including GH Advanced Security, and are looking at tools like Cycode and Legit Security.

Last Update: 19 Sep 2023 - (Cyber Leaders)

We have been PCI compliant for a decade now and we have used PCI as a de facto cyber framework despite its limitations (it is very prescriptive and very narrow in scope). We want to adopt one of the broader frameworks (NIST, Essential 8 etc) while avoiding too much duplication and added work – does anyone have any recommendations or experiences to share in this area? We looked at this in panel discussion and there were some suggestions that NIST works best as a basis but the best answer may be a tailored mix. I like that (and I think it is always inevitable to some extent) but I do also like the certainty when interacting with partners, insurers and board of being able to state compliance to a particular framework. Any further thoughts?

Last Update: 19 Sep 2023 - (Cyber for CIOs)

How are others handling threats like juice-jacking, or staff plugging in random USB drive/disk? What combination of approaches do you use?

Last Update: 13 Sep 2023 - (Cyber for CIOs)

With all the leakage of personally identifying data happening around the globe, will we ever see a digital or other ID that can’t be faked?

Last Update: 06 Sep 2023 - (Cyber for CIOs)

In the privileged access management (PAM) world, how do you best remediate the risk when service accounts are being automatically managed? ie: credentials changed (or not changed)

Last Update: 06 Sep 2023 - (Cyber Leaders)