Ahead of the Breach - Bindi Davé, Deputy CISO at DigiCert
Ahead of the Breach Podcast sits down with Bindi Davé Deputy CISO at DigiCert, to explore the importance of establishing trust in digital communications and the impact of zero trust and AI on security practices.
Every week, Casey Cammilleri interviews an expert who is in charge of empowering security experts and practitioners with the knowledge and insights needed to excel in the future of cybersecurity.
We recently spoke with Bindi Davé, Deputy CISO at DigiCert. Here are the top takeaways from the interview.
#1: Build the Connective Tissue in Cybersecurity
“Automation, we should embrace it. It helps us be more efficient — but be strategic with it. So I've seen a lot of organizations that will look at, ‘hey, let's just buy a tool for a tool, implement it, and great, it's done.’ That's, okay, but where is the connective tissue?
“Because cyber security — you know this on the pentesting side — everything is error related. You have a vulnerability, you have to look at the data that's on it. You have that vulnerability, if it was exploited, what data was compromised? Okay, that's your data part of the program, your DLP component and who's accessing it. So it's, it's all woven together.
“So why aren't we building the connective tissue also within our technologies, with our processes and our people that support those. So that's what I've done differently now is there's an inventory, but it's continuously updated with manual intervention. So we have discovery scanning happening on our subnets that's going in, and making sure that we can reconcile off of our inventory source, but also apply prioritization with business context to those CIs.”
Actionable Takeaway: Embrace automation, but ensure tools work cohesively with your processes, people, and technologies. Continuously update inventories with manual intervention and prioritize assets using business context. Strengthen the "connective tissue" by integrating tools like discovery scanning and vulnerability analysis into a unified, strategic approach to cybersecurity.
#2: Apply the Business Context for Smarter Risk Management
“Apply that business context. And now you're putting automated risk level against that to say I know about it, now I have visibility into it, I know how important it is so teams can prioritize. And now I know the cyber risks against it because I'm doing attack surface management and monitoring against those systems.
“I have an understanding of what vulnerabilities live on there, which ones are actively being exploited so that we can build standard operating procedures to support different teams in inoculating ourselves and remediating it. Or even just auto remediating it, depending on the risk tolerance of the business.”
Actionable Takeaway: Apply business context to cyber risks by automating prioritization and aligning teams. Combine visibility, attack surface monitoring, and vulnerability exploitation insights to build standard operating procedures. Where possible, auto-remediate risks based on your organization's tolerance, fostering proactive risk mitigation and streamlined team operations.
#3: Collaboration is Key to Cybersecurity Success
“Teamwork makes the dream work. Technology can be easy. You can procure something and you leverage APIs and tech is easy, but do you have the championship with the other teams?
“Because security teams, we're bringing that visibility, but we're not necessarily using the solution that we've built. We're partnering with other teams, usually in the technology departments and SRE and our engineers or developers to making sure that we're joining forces with them and they're part of the design and part of the discussions and what they'll be actually receiving. It's a huge part of it.”
Actionable Takeaway: Security isn’t just about tools — it’s about teamwork. Engage engineers, developers, and SREs early in the process. Partner across teams to co-design and implement solutions they will own, ensuring alignment, efficiency, and long-term success. Strong inter-team collaboration is the foundation of effective cybersecurity initiatives.
Listen to full episodes out now
For more information about Ahead of the Breach, please visit www.sprocketsecurity.com/aob-podcast. Episodes are available on all major podcast platforms.
We look forward to bringing you more conversations with actionable insights that help in your pursuit to protect your most valuable assets — and help clients do the same!
Sprocket Security
Sprocket Security is made of an expert team providing continuous penetration testing, among additional cybersecurity solutions for businesses who want to operate preventively, stopping exploits before they happen. Contact us today!
Further Reading
Explore Latest Content.
Ahead of the Breach - Bindi Davé, Deputy CISO at DigiCert
Ahead of the Breach Podcast sits down with Bindi Davé Deputy CISO at DigiCert, to explore the importance of establishing trust in digital communications and the impact of zero trust and AI on security practices. read more →
Read moreContinuous Human & Automated Security
The Expert-Driven Offensive
Security Platform
Continuously monitor your attack surface with advanced change detection. Upon change, testers and systems perform security testing. You are alerted and assisted in remediation efforts all contained in a single security application, the Sprocket Platform.
Expert-Driven Offensive Security Platform
- Attack Surface Management
- Continuous Penetration Testing
- Adversary Simulations
