LeastTrust IT

Speaker Profile

Speaker catagories include:

Cybersecurity

Intellectual Property (IP) / Insider Threat

Corporate Innovation Programs

Technology Transfer

Tim Schnurr is a cybersecurity professional that often speaks on emerging strategies for intellectual property (IP) strategy, cybersecurity, and corporate innovation programs 

Tim's hosts a weekly podcast on the cyber hygiene, compliance, and emerging risk strategies. Fridays at 2PMEST - TEAMTIM with co-hosts Tim Golden and Jesse Miller

Podcast  TEAMTIMLIVE

Recent Speaking Tracks:

Cyber Hygiene & Hardening: 5 new effective & low cost technologies -  This cyber hygiene track discusses five emerging technologies that are easy to implement and will drive employees to embrace them both inside and outside of work. The five technologies include: password managers, phishing resistant multi-factor authentication, browser security, more secure communications including Teams, and Iphone advantages. The discussion dives into what each one entails, why they are so effective, and by understanding the “Why” we can all get onboard with these emerging technologies. 


Navigating the Noise of Cybersecurity. The “Why now?”, “How much is enough?”, “Is security a cost?” and “Why this stack?” This cybersecurity culture track focuses on cutting through the noise of cybersecurity in a world filled with headline news and vendor marketing.  Corporate leadership and employees want to understand the data on cybersecurity losses and what trends are driving strategy shifts in cybersecurity, and why evidencing cybersecurity maturity is a growing business requirement. What role do frameworks provide? How are attacks shifting? How much is enough? Is security a cost or investment? Is there a method to the madness or do we just buy products that cybersecurity vendors sell us? 


Corporate Innovation Programs Lift Cybersecurity. How innovation programs can provide a foundation and culture to protect data - This cybersecurity culture track focuses on how companies can flip the script on cybersecurity uptake. The employee knows how to best get the job done, but technology is usually dictated from IT. How can companies experiment and bring cross collaboration between tech providers and users. By rewarding employees to seek efficiencies, productivity, and effectiveness, employees can become a security enabler vs security risk. We explore the concept of “shadow IT” and how “un-authorized” IT can actually be a positive force when managed with safeguards. We discuss how some firms have struck a balance in security and innovation while also maintaining a productive dialogue across all participants.


What can we learn from Mature Cyber Programs. This cybersecurity strategy track looks at the differences in cybersecurity investment amounts and allocations of mature vs small businesses. The 5 largest banks spend 10x per employee per month and allocate spending largely on the proactive vs reactive controls. Governance is largely absent from small business cyber efforts. Governance includes delegation, accountability, risk identification, policy building, and tracking. Mature programs also focus on making themselves small in terms of attack surface area. Least Trust and Lean Function are the two core tenants of hardening the access and storage of data. Least trust (also known as Zero Trust) is providing data access only a need to know basis. This creates resilience as data access is segmented across the firm and no one breach will result in a horizontal contagion. Lean Function involves limiting the applications or software each employee can use. This limits the amount of code, vulnerabilities, and opportunities that external attackers can enter the organization and also the ways insiders can leak data.

Why Insider Threats do more Harm than External Hackers. Insider threats are a major drain on the global economy, responsible for 82% of cyber losses. But most reports focus on accidental mistakes (56%) rather than deliberate theft (26%), which leads to underestimating the true damage. In this session I hope to convey the magnitude of losses to all businesses, why now, and reasonable defenses to counter intentional insider threats.  

Insiders have unique advantages: access to valuable data, knowledge of its worth, and connections to potential buyers (like competitors). Think of a departing employee taking customer lists to help a rival gain market share. External attackers often target generic privacy data like social security numbers or credit cards, creating legal trouble and leverage for themselves. Malicious insiders know where the real jewels are, causing much larger losses.

This session dives in proprietary data governance, identification, protection, training, regulation, detection, and enforcement