I feel like I am really settling into my role as the founder and principal member of the one-man short-video sketch comedy troupe Rob & Rob. This year, we published another dozen or so videos on LinkedIn, racking up over half a million views!
Let’s take a look at the top five videos:
1. Most INSANE Cybersecurity Questionnaire
Topping the charts this year was a video I published not even two months ago.
Now why was it so popular? People either:
1. Really hate doing cybersecurity questionnaires.
2. Really love my “crazy CISO wig.”
Seriously, that wig was in my previously-most-popular video: “Should the CISO report the CEO?”
Some cybersecurity questionnaires are onerous, and even simple questionnaires become onerous when you have to do dozens of them!
I always recommend creating a golden cybersecurity questionnaire, which greatly speeds up the process of filling them out.
2. Time for your Physical Security Audit!
While SOC 2 audits can usually be done entirely remotely for most companies that don’t feature on-premises networks, ISO 27001 still often insists on an in-person audit of each office in-scope.
So we thought… What would an ISO 27001 audit be like if they had to visit your home as a remote worker? This video was the result.
It also marked our first off-site shoot for a Rob & Rob sketch!
3. That’s not a pen test!
I have seen A LOT of different scans and reports called “pen tests.” Like the guy testing pens in this video, they are not truly a cyber penetration test!
A penetration test is a simulated attack on your environment with the explicit goal of identifying and compromising weaknesses before the bad guys can do it.
4. Agents, Agents everywhere!
If I had a dime for every SaaS tool that wants to install agents to function, well I wouldn’t be rich, but I’d have HUNDREDS of dimes!
Agents usually require a broad swathe of permissions to function, creating additional vendor risk with the SaaS tool that uses them. One of the reasons the Crowdstrike incident was so damaging was because the agents had permission to push updates automatically!
While Crowdstrike is an example of a tool that really does need an agent, there are a lot of SaaS tools that really shouldn’t be using them. If given a choice, I would typically recommend a tool that doesn’t use one over a tool that does.
5. You know you have too many contractors when…
Vendors, contractors, and subcontractors, oh my!
A lot of people outside of your organization probably have access to your systems. While their access should be governed by your cybersecurity policies, you don’t have the same level of oversight on them as you do your normal employees.
Is each external person’s access tracked somewhere? Do they have the right amount of access? Least privilege permissioning is especially useful with contractors!
Thanks for Watching
This year, I reached 13,000 followers on LinkedIn. These videos have been the biggest driver of new followers, and I find it very gratifying to share fun and helpful cybersecurity and compliance information to the LinkedIn community.
Cybersecurity is important, but that doesn’t mean we can’t have fun!
If you have been watching, thank you. If not, give me a follow! More videos will come in 2025.
Happy New Year!
