CRF

LOGIN

Wait Just An Infosec – An Interview with James Tarala

Businesswoman in Outdoor Cafe

Speaker: James Tarala
Event: RSA Conference
Date: May 9, 2023
Watch on YouTube: https://www.youtube.com/watch?v=9shrhvEiW0I 

Introduction 

At the RSA Conference 2023, James Tarala joined SANS Institute’s live broadcast to discuss cyber hygiene, risk management, and evolving cybersecurity trends. Tarala, a senior SANS instructor and cybersecurity expert, has over 20 years of experience in cybersecurity education, governance, and compliance. 

In this interview, James Tarala shares insights into cyber hygiene best practices, the importance of multi-factor authentication (MFA), and emerging cybersecurity trends that organizations should focus on. 

Key Takeaways 

  • Cyber hygiene is about proactive, consistent security habits—not just a once-a-year cleanup. 
  • Multi-Factor Authentication (MFA) is one of the most critical cybersecurity measures, yet many organizations apply it inconsistently. 
  • Cyber hygiene frameworks should focus on high-impact security controls, not just compliance checkboxes. 
  • AI and API security are emerging trends that will shape cybersecurity strategies in 2023 and beyond. 
  • Businesses must integrate security into software development—API security, code reviews, and DevSecOps are gaining importance. 

 

Summary of the Discussion 

The Concept of Cyber Hygiene 

James Tarala recalls a conversation with Jane Lute, former CEO of the Center for Internet Security (CIS), where they discussed cyber hygiene in the context of basic health habits: 

“When I go to my dentist, they tell me to brush and floss so I don’t lose my teeth when I’m old. What’s the cybersecurity equivalent of that?” 

Cyber hygiene is not about doing 100 things but rather focusing on a few key controls that have a measurable impact on security posture. Some of the most effective cyber hygiene practices include:

  • Enforcing MFA on all business applications. 
  • Keeping software and systems patched. 
  • Limiting administrative privileges to prevent credential abuse. 
  • Using application whitelisting to block unauthorized executables. 

 

The Importance of Multi-Factor Authentication (MFA) 

During the live audience poll, MFA was ranked as the top security measure. Tarala reinforced the importance of applying MFA consistently across all accounts: 

“Almost every organization I work with says they use MFA—but when you ask where they use it, it’s only on 20% of their applications.” 

To maximize security, businesses should: 

  • Apply MFA across all cloud and on-prem applications. 
  • Implement single sign-on (SSO) solutions to simplify access management. 
  • Ensure privileged accounts, remote access, and sensitive data systems are protected with MFA. 

 

Why Cyber Hygiene Needs to Be Consistent 

James Tarala compares cyber hygiene to health and fitness: 

“You can’t just eat healthy one day a month and expect results. Cyber hygiene works the same way—it has to be a habit, not an occasional deep clean.” 

Many organizations make the mistake of treating cybersecurity as an annual compliance activity instead of a daily security practice. Continuous monitoring, regular security audits, and employee education are critical components of a strong cyber hygiene program. 

 

Emerging Cybersecurity Trends 

As he walked the RSA Conference floor, Tarala noticed key trends shaping the future of cybersecurity:

  1. AI in Cybersecurity – AI is being widely adopted in both attack and defense strategies. 
  2. API Security and Secure Development Practices – Companies are investing more in API security, code reviews, and DevSecOps to reduce software vulnerabilities. 
  3. Network Segmentation and Zero Trust Architectures – Organizations are moving toward zero trust principles and micro-segmentation to reduce lateral movement in cyber attacks.

One of the most promising trends is the increased focus on software security: 

“It’s great to see so many vendors focusing on API security and development practices. For too long, we’ve neglected security in the software development lifecycle.” 

 

How Businesses Can Improve Cyber Hygiene 

James Tarala provides a framework for businesses to track and improve their cybersecurity posture:

  1. Identify key security priorities. Define which cyber hygiene controls matter most for your organization. 
  2. Measure and track security progress. Use metrics and dashboard reports to track MFA adoption, patching effectiveness, and security incidents. 
  3. Integrate security into business operations. Security should not be an IT-only concern—it should be embedded into software development, cloud environments, and employee training programs. 
  4. Engage executives and leadership. Cyber hygiene should be a board-level discussion, not just a technical issue.

 

Actionable Insights 

  • Audit MFA deployment to ensure ALL critical applications and accounts require multi-factor authentication. 
  • Develop a structured cyber hygiene program with regular security checkups instead of an annual compliance review. 
  • Prioritize software and API security by incorporating secure development practices. 
  • Adopt network segmentation strategies to limit lateral movement in cyber attacks. 
  • Encourage a security-first mindset among employees—continuous education is key to reducing cyber risks. 

 

Conclusion 

Cyber hygiene is not about doing everything—it’s about doing the right things consistently. Organizations that prioritize MFA, secure software development, and proactive monitoring will significantly reduce their cyber risk. 

By making cyber hygiene a daily habit, businesses can build resilience against cyber threats and ensure long-term security success. 

 

For more insights on this topic, watch the full interview here.