290 avsnitt • Längd: 30 min • Veckovis: Torsdag
Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
The podcast Defense in Depth is created by David Spark, Steve Zalewski, Geoff Belknap. The podcast and the artwork on this page are embedded on this page using the public podcast feed (RSS).
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Itai Tevet, CEO, Intezer.
In this episode:
Thanks to our podcast sponsor, Intezer
Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining us is Yaron Levi, CISO, Dolby.
In this episode:
Thanks to our podcast sponsor, Intezer
Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Dan Walsh, CISO, Paxos. Joining us is Sharon Milz, CISO, Time.
In this episode:
Thanks to our podcast sponsor, Intezer
Intezer’s AI-driven solution automates alert triage and investigations, cutting through the noise to highlight serious threats. By integrating with your security tools, it escalates only 4% of alerts for fast remediation, helping SOC teams focus on what matters. Learn more at intezer.com today!
All links and images for this episode can be found on CISO Series.
Check out these posts for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Ross Haleliuk, author, Venture in Security. Be sure to check out Ross's podcast, Inside the Network, and his book Cyber for Builders: The Essential Guide to Building a Cybersecurity Startup.
In this episode:
Thanks to our podcast sponsor, Nudge Security
Manage SaaS security and governance at scale with Nudge Security. Discover all SaaS accounts ever created by anyone in your org on Day One, including genAI tools. Surface identity security risks and resolve them with automated playbooks. Start your free 14-day trial today.
All links and images for this episode can be found on CISO Series.
Check out these posts for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is Allan Cockriel, group CISO, Shell.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Cybercrime doesn’t take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud’s advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Karthik Krishnan, founder and CEO, Concentric AI.
In this episode:
Thanks to our podcast sponsor, Concentric AI
Concentric AI’s DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.
Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Damon Fleury, chief product officer, SpyCloud.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Cybercrime doesn’t take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud’s advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Joe Lewis, CISO, CDC.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Cybercrime doesn’t take breaks. Protect your organization from ransomware, account takeover, and online fraud with SpyCloud. SpyCloud recaptures stolen identity data from breaches, infostealer malware, and phishing attacks that put your business at risk. Teams use SpyCloud’s advanced analytics and powerful automation to stay ahead of attackers. Visit spycloud.com for your free risk report and start disrupting cybercrime today.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP and deputy CISO - Gaming, Microsoft. Joining us is Adam Fletcher, CSO, Blackstone.
In this episode:
Thanks to our podcast sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Shawn Bowen, VP, Deputy CISO - Gaming, Microsoft. Joining us is Patty Ryan, senior director, CISO, QuidelOrtho.
In this episode:
Thanks to our podcast sponsor, GitGuardian
GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt. Sir Tim Berners-Lee co-founded Inrupt to provide enterprise-grade software and services for the Solid Protocol. You can find their open positions here.
In this episode:
Thanks to our podcast sponsor, Concentric AI
Concentric AI’s DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.
Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat.
In this episode:
Thanks to our podcast sponsor, Concentric AI
Concentric AI’s DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.
Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security.
In this episode:
Thanks to our podcast sponsor, Nudge Security
Get a full inventory of all SaaS accounts ever created by anyone in your org, in minutes, along with automated workflows to scale SaaS security and governance. No agents, browser plug-ins or network changes required. Start today with a free 14-day trial.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Arellano, vp, enterprise cybersecurity, PayPal.
In this episode:
Thanks to our podcast sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation.
In this episode:
Focus on you
Embrace the risk lifecycle
Thanks to our podcast sponsor, Scrut Automation
Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel.
In this episode:
Don’t put the CISO behind the 8-ball
The sales hustle
Thanks to our podcast sponsor, Scrut Automation
Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView.
In this episode:
Thanks to our podcast sponsor, Scrut Automation
Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest Rob Allen, chief product officer, ThreatLocker.
In this episode:
Thanks to our podcast sponsor, ThreatLocker
ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Bil Harmer, operating partner and CISO, Craft Ventures.
In this episode:
Thanks to our podcast sponsor, Cyera
Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Jim Bowie, CISO, Tampa General Hospital.
In this episode:
Thanks to our podcast sponsor, SeeMetrics
SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work.
Ready to automate your security programs? start connecting your environment at seemetrics.co
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is Andrew Cannata, CISO, Primo Water.
In this episode:
Thanks to our podcast sponsor, Cyera
Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Shirley Salzman, CEO and co-founder, SeeMetrics.
In this episode:
Thanks to our podcast sponsor, SeeMetrics
SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work.
Ready to automate your security programs? start connecting your environment at seemetrics.co.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is our sponsored guest, Adam Bateman, CEO, Push Security.
The SaaS attacks matrix community resource mentioned by Adam in the episode can be found here.
Editorial note: Geoff Belknap is an advisor to Push Security.
In this episode:
Where are we going wrong
Finding the missing pieces
Protecting an expanding border
It starts with understanding risk
Thanks to our podcast sponsor, Push Security
Prevent, detect and respond to identity attacks using Push Security’s browser agent. Enable Push’s out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera.
In this episode:
The data security check has come due
Putting data security at the heart of defense in depth
Automation is key
You need to know what you’re protecting
Thanks to our podcast sponsor, Cyera
Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance. As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo.
In this episode:
Moving beyond technology
The art of a CISO
CISOs always operate in context
Elevating the CISO conversation
Thanks to our podcast sponsor, SeeMetrics
SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work.
Ready to automate your security programs? start connecting your environment at seemetrics.co
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is our guest, Neil Watkins, svp technology and cybersecurity services, i3 Verticals.
In this episode:
Visibility doesn’t matter without context
Not all visibility is created equal
Don’t forget to bring people into the loop
Remediation doesn’t scale with more visibility
Thanks to our podcast sponsor, GitGuardian
GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH.
In this episode:
Is working the help desk a great place to get entry level cyber security skills?
So why is it so often overlooked or even looked down upon?
What kind of experience do you need?
What is the ideal path to break into the cybersecurity industry?
Thanks to our podcast sponsor, Push Security!
Prevent, detect and respond to identity attacks using Push Security’s browser agent. Enable Push’s out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR.
Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax.
In this episode:
Are we seeing AI and LLM rapidly push into what was science fiction into production?
What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from the real thing?
How do we keep up as security professionals?
What are the security implications for this tech hitting the consumer market?
Thanks to our podcast sponsor, Sonrai Security
A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Vivek Ramachandran, founder, SquareX.
In this episode:
Are secure web gateways still an effective tool in the enterprise?
As the browser has changed a lot in the last decade, are Secure Web Gateways - SWGs still keeping up?
Why is this a problem?
Does anyone have a better solution?
Thanks to our podcast sponsor, SquareX
SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest.
In this episode:
In this episode:
Why do so many vendors claim to offer zero-trust solutions?
Is that framework even applicable to some product categories?
Do your eyes roll when you hear "zero trust solution"?
What do most people think it is, and what’s the reality?
Thanks to our podcast sponsor, SquareX
SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security.
In this episode:
Why does scaling least privilege in the cloud remain challenging?
Is throwing more people at the problem feasible?
How are you managing it?
What aspects haven’t been considered?
Thanks to our podcast sponsor, Sonrai Security
A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts.
In this episode:
How do CISOs feel about sales pitches?
Do they have legitimate complaints?
When do these legitimate complaints cross the line to sounding entitled?
Do CISOs need to show a little more empathy to sales?
Thanks to our podcast sponsor, SquareX
SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian.
In this episode:
How to manage data leaks outside your perimeter?
When data leaks increasingly come from third-parties, what can you do to protect your organization?
How do we even begin to address this problem?
Is there a one size fits all fix?
Thanks to our podcast sponsor, GitGuardian
GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render.
In this episode:
In today's current climate, is the role of the CISO still worth it?
Does the position carry a lot of potential liability?
Do the upsides still outweigh the risks?
Do CISOs tend to have more responsibility than authority?
Thanks to our podcast sponsor, Sonrai Security
A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment.
Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback?
In this episode:
How important is onboarding new cyber talent?
Does it set the tone for their tenure with your organization?
What should CISOs do to make sure onboarding is effective for both sides?
What are the mistakes CISOs should avoid, and what are the best ways to excel?
Thanks to our podcast sponsor, OffSec
OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.
All links and images for this episode can be found on CISO Series.
Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank.
In this episode:
Why does advancing your career require more than just technical skills?
Does it require you to build relationships within your organizations, particularly with your boss?
How can you consciously build these relationships with an eye to leveling up your career?
How do you develop soft skills?
Thanks to our podcast sponsor, OffSec
OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude.
In this episode:
Why does it take so long to integrate new tools and get them up to speed?
Are we always in a state where we are always lacking readiness?
What should we be measuring?
Do we focus too much on singular events?
Thanks to our podcast sponsor, Prelude
Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures.
In this episode:
Why is it so darn expensive to get any training on the defender side?
Why is there a mountain of free education for red teaming?
Shouldn’t blue team training should be free or less expensive as well?
Is this the firewall that's preventing us from having all those cyber experts we so desperately need?
Thanks to our podcast sponsor, Query
Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife.
In this episode:
Why do we see a dearth of CISOs listed in executive leadership?
Is this just a factor of company reporting structure?
Or do CISOs really not have a seat at the table with the business?
How do we convince the C-suite?
Thanks to our podcast sponsor, Query
Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query.
In this episode:
Isn't the whole point of a single pane of glass making sense of your data?
But when these dashboards are limited to a single platform, how useful are they?
Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts?
We know we want to take action based on our data, so how do we get there?
Thanks to our podcast sponsor, Query
Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation.
In this episode:
Data is the life blood of an organization but what happens when you collect too much?
Do you put risk on both your organization and for any individuals that data belongs too?
Is it still wise to collect as much data as possible?
How can CISOs embrace data minimization that doesn't clash with the needs of the business?
Thanks to our podcast sponsor, Material Security
Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.
All links and images for this episode can be found on CISO Series.
The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security.
In this episode:
Where are we in terms of monitoring anomalous behavior of our users?
Why are we still struggling to understand what happens after threat actors are in our networks?
How are new AI-based tools helping us to scale efforts?
What's working and where do we need to improve?
Thanks to our podcast sponsor, Reveal Security
Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M.
In this episode:
Why do security startups fail?
All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry?
What's unique about cybersecurity startups?
What's the most common reason you've seen a cyber startup not succeed?
Thanks to our podcast sponsor, RevealSecurity!
Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan.
In this episode:
A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right?
Why are we so quick to dismiss compliance as simple check boxes?
Why is compliance important and why is it often getting a bad name these days?
What are the elements that make a great solution?
Thanks to our podcast sponsor, RevealSecurity!
Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace.
In this episode:
Why do mergers and acquisitions always present challenges to an organization?
When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition?
Can cybersecurity considerations make or break a deal?
What skills did you find yourself flexing with your first M&A experience?
Thanks to our podcast sponsor, Aphinia!
Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys’ team because the only way to succeed is together: https://aphinia.com/#signup_form
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian.
In this episode:
When did we all agree that red teaming was about validating security?
Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined?
Is this making it hard to see its value?
Can moving red teaming upstream be more valuable to your organization?
Thanks to our podcast sponsor, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG.
In this episode:
Vendors need to reach out to CISOs, but what does a successful approach look like?
Do vendors often spray and pray with outreach, rather than doing a bare minimum of research?
What else can vendors do to try to create meaningful outreach to CISOs?
How do you like security sales professionals to build a relationship with you?
Thanks to our podcast sponsor, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health.
In this episode:
Thanks to our podcast sponsor, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM.
In this episode:
Thanks to our podcast sponsor, SpyCloud
Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what’s stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys.
In this episode:
Thanks to our podcast sponsor, Censys
Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B). Learn more at www.censys.com.
All links and images for this episode can be found on CISO Series.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security.
In this episode:
Thanks to our podcast sponsor, Nudge Security
Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.
All links and images for this episode can be found on CISO Series.
In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vectors, but are they actually the weak leak in your defenses?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Christina Shannon, CIO, KIK Consumer Products.
Thanks to our podcast sponsor, SPHERE
SPHERE is the Identity Hygiene pioneer. It closes the loop on ownership, certification, and remediation challenges through an automated remediation process. By working with the IAM and PAM solutions organizations have in place, SPHEREboard automates discovery and remediation on an ongoing basis. Learn more at sphereco.com!
In this episode:
All links and images for this episode can be found on CISO Series.
We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us this week is our guest Jay Wilson, CISO, Insurity.
Thanks to our podcast sponsor, SlashNext
SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today.
In this episode:
All links and images for this episode can be found on CISO Series.
The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Jamil Farshchi, CISO, Equifax.
Thanks to our podcast sponsor, Nudge Security
Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.
In this episode:
All links and images for this episode can be found on CISO Series.
Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Lee Parrish, CISO, Newell Brands.
Thanks to our podcast sponsor, Censys
In this episode:
All links and images for this episode can be found on CISO Series.
Work from home flourished during the pandemic. Many workers love it and don't want to go back. Some organizations are pushing for a return to the office. Is in-office work necessary to improve productivity and cybersecurity posture?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us for the episode is our guest, Shawn Bowen, CISO, World Kinect Corporation.
Thanks to our podcast sponsor, Nudge Security
Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.
In this episode:
All links and images for this episode can be found on CISO Series.
Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Carla Sweeney, SVP, InfoSec, Red Ventures.
Thanks to our podcast sponsor, Censys
Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B). Learn more at www.censys.com.
In this episode:
All links and images for this episode can be found on CISO Series.
What do the people least in the know about cyber, want to know? What are they asking?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Caitlin Sarian, AKA cybersecuritygirl on TikTok.
Thanks to our podcast sponsor, DataBee from Comcast Technology Solutions
DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business.
In this episode:
All links and images for this episode can be found on CISO Series.
A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Matt Tharp, Head of Field Engineering, Comcast DataBee.
Thanks to our podcast sponsor, Comcast Technology Solutions
In this episode:
All links and images for this episode can be found on CISO Series.
A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group.
Thanks to our podcast sponsor, Comcast
DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes.
Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business.
In this episode:
All links and images for this episode can be found on CISO Series.
When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Tim Brown, CISO, Solarwinds.
Thanks to our podcast sponsor, Push Security
Do you have visibility of all the SaaS apps your employees are storing corporate data on? Are employees protecting all their accounts against identity-based attacks? Discover all the SaaS your employees use - including shadow apps and identities - and secure your data. Find out more at pushsecurity.com.
In this episode:
All links and images for this episode can be found on CISO Series.
We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress.
Thanks to our podcast sponsor, Egress
Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com.
In this episode:
All links and images for this episode can be found on CISO Series.
Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Suha Can, CISO, Grammarly.
Thanks to our podcast sponsor, Opal
Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev.
In this episode:
All links and images for this episode can be found on CISO Series.
The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Jesse Whaley, CISO, Amtrak.
Thanks to our podcast sponsor, Opal
Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev.
In this episode:
All links and images for this episode can be found on CISO Series.
What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Paul Guthrie (@pguthrie), information security officer, Blend.
Thanks to our podcast sponsor, Opal
Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It’s fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev
In this episode:
All links and images for this episode can be found on CISO Series.
With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO’s architectural strategy?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth.
Thanks to our podcast sponsor, AppOmni
Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.
In this episode:
All links and images for this episode can be found on CISO Series.
When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
All links and images for this episode can be found on CISO Series.
If you're struggling to get your first job in security or you're trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.
Thanks to our podcast sponsor, Egress
Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com.
In this episode:
All links and images for this episode can be found on CISO Series.
What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
All links and images for this episode can be found on CISO Series.
Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni.
Thanks to our podcast sponsor, AppOmni
Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.
In this episode:
All links and images for this episode can be found on CISO Series.
There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division.
Thanks to our podcast sponsor, Brinqa
Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com.
In this episode:
All links and images for this episode can be found on CISO Series.
How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42.
Thanks to our podcast sponsor, Code42
Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com.
In this episode:
All links and images for this episode can be found on CISO Series.
All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Kemas Ohale, vp, global information security, Lippert.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
All links and images for this episode can be found on CISO Series.
What do we need to do to fix our processes to truly reduce risk and vulnerabilities?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Amad Fida (@brinqa), CEO, Brinqa.
Thanks to our podcast sponsor, Brinqa
Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com.
In this episode:
All links and images for this episode can be found on CISO Series.
Security professionals talk a lot about the reputational damage from breaches. And it seems logical, but major companies still do get breached and their reputation seems spared. What's the reality of what breaches can do to a company's reputation?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Cecil Pineda, CISO, R1.
Thanks to our podcast sponsor, Brinqa
Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com.
In this episode:
All links and images for this episode can be found on CISO Series.
Do RFPs or request for proposals work as intended? It seems they're loaded with flaws yet for some organizations who must follow processes, they become necessary evils for both buyers and sellers. What can we do to improve the process?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Keith McCartney (@kmflgator), vp, security and IT, DNAnexus.
Thanks to our podcast sponsor, TrustCloud
TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools.
In this episode:
All links and images for this episode can be found on CISO Series.
What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security.
Thanks to our podcast sponsor, Orca Security
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security.
In this episode:
All links and images for this episode can be found on CISO Series.
One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Joy Forsythe, VP, Security, Thrive Global.
Thanks to our podcast sponsor, Code42
Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com.
In this episode:
All links and images for this episode can be found on CISO Series.
Do we really need more categories of security products? Every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Corey Elinburg (@celinburg), CISO, CommonSpirit Health.
Thanks to our podcast sponsor, Egress
In this episode:
All links and images for this episode can be found on CISO Series.
How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar (@sravish), founder and CEO, TrustCloud.
Thanks to our podcast sponsor, TrustCloud
TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools.
In this episode:
All links and images for this episode can be found on CISO Series.
Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Kenneth Foster (@Kennethrfoster1), vp of IT governance, risk and compliance at FLEETCOR.
Thanks to our podcast sponsor, AppOmni
Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment.
In this episode:
All links and images for this episode can be found on CISO Series.
We talk a lot on this show about what makes cybersecurity such a hard job, yet there are so many people who are in it and love it. What draws people to this profession and why do they love it so much?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest David Cross (@MrDBCross), CISO, Oracle SaaS Cloud.
Thanks to our podcast sponsor, Orca Security
Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security.
In this episode:
All links and images for this episode can be found on CISO Series.
We expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them. These scams are designed to make humans respond to them. Why aren't we building our security programs to account for this exact behavior that is simply not going to go away?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ken Athanasiou, CISO, VF Corporation.
Thanks to our podcast sponsor, Code42
In this episode:
All links and images for this episode can be found on CISO Series.
How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Radley Meyers (@radleymeyers), Partner, SPMB Executive Search.
Thanks to our podcast sponsor, SPMB
SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
In this episode:
All links and images for this episode can be found on CISO Series.
How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks.
Thanks to our podcast sponsor, SPMB
SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
In this episode:
All links and images for this episode can be found on CISO Series.
What would it take to build your entire security program on open source software, tools, and intelligence?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome guest DJ Schleen (@djschleen), distinguished security architect, Yahoo Paranoids.
Thanks to our podcast sponsor, SPMB
SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
In this episode:
All links and images for this episode can be found on CISO Series.
Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, Dolby. Yaron and I welcome Dan Walsh, CISO, VillageMD.
Thanks to our podcast sponsor, TrustCloud
TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools.
In this episode:
All links and images for this episode can be found on CISO Series
The cybersecurity sales process is so terribly inefficient. And everyone, the targets and cybersecurity leaders, are losing valuable time because of that inefficiency. Where can we start making improvements?
Check out this post for the discussion that's the basis for this podcast episode. This week's Defense in Depth is hosted by me, David Spark (@dspark), producer, CISO Series. Our guest co-host is John Overbaugh, CISO, ASG. John and I welcome our guest, Jerich Beason (@blanketsec), commercial CISO, Capital One.
Thanks to our podcast sponsor, Compyl
GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.
In this episode:
Why is the cybersecurity sales process so terribly inefficient? Where can we start making improvements? What could be done to improve the efficiency? What is the solution to removing wasted effort and time?
All links and images for this episode can be found on CISO Series.
When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss.
Thanks to our podcast sponsor, runZero
runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com.
In this episode:
All links and images for this episode can be found on CISO Series
Why do strongly supported security frameworks have such severe limitations when building a security program?
Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl.
Thanks to our podcast sponsor, Compyl
GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.
In this episode:
All links and images for this episode can be found on CISO Series.
Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are ton of people getting training and trying to get into the industry, but we still have this problem. Why?
Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome Edwin Covert (@ebcovert3), head of cyber risk engineering, Bowhead Specialty.
Thanks to our podcast sponsor, Orca Security
In this episode:
All links and images for this episode can be found on CISO Series.
Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line?
Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jason Kikta (@kikta), CISO, Automox.
Thanks to our podcast sponsor, Automox
Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes.
In this episode:
All links and images for this episode can be found on CISO Series.
"When the asset discovery market launched, every single company that offered a solution used the line, “You can’t protect what you don’t know.” Everyone agreed with that.
Problem is, “what you don’t know” has grown… a lot."
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero.
Thanks to our podcast sponsor, runZero
runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com.
In this episode:
All links and images for this episode can be found on CISO Series
A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Angela Williams, CISO, UL.
Thanks to our podcast sponsor, Automox
Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes.
In this episode:
All links and images for this episode can be found on CISO Series
Why do CISOs seem more stressed out than other C-level executives?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Jared Mendenhall, Head of information security, Impossible Foods.
Thanks to our podcast sponsor, Compyl
GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.
In this episode:
All links and images for this episode can be found on CISO Series
How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Lee Parrish (@leeparrish), CISO, Newell Brands.
Thanks to our podcast sponsor, Qualys
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
In this episode:
All links and images for this episode can be found on CISO Series
Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Steve Tran, CSO, DNC.
Thanks to our podcast sponsor, runZero
runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com.
In this episode:
All links and images for this episode can be found on CISO Series
As an outside observer, how can you tell if a company is staying cyber healthy? While there is no financial statement equivalency to let you know the strength of a company's security profile, there are signals that'll give you a pretty good idea.
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Matt Honea, CISO, SmartNews.
Thanks to our podcast sponsor, Automox
Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes.
In this episode:
All links and images for this episode can be found on CISO Series
The cyber attack surface just keeps growing to the point that it seems endless. Protecting it all is impossible. Is there anything that can be done to reduce that attack surface and limit your exposure?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Jonathan Trull (@jonathantrull), CISO, Qualys.
Thanks to our podcast sponsor, Qualys
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
In this episode:
All links and images for this episode can be found on CISO Series
Those reports on security procedures for the business are falling short. No one is reading them. What good are security controls if your staff doesn't know about them or adhere to them? Is it time to hire a marketing manager for the security team?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Laura Deaner (@b3dwin), CISO, Northwestern Mutual.
Thanks to our podcast sponsor, IANS Research
CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada.
In this episode:
All links and images for this episode can be found on CISO Series
Cybersecurity budgets are increasing, by a lot. What's fueling the increase and where are those budgets being spent?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest sponsored guest Nick Kakolowski, senior director of research at IANS Research.
Thanks to our podcast sponsor, IANS Research
CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada.
In this episode:
All links and images for this episode can be found on CISO Series
What's the difference between a head of security, a vp of security, and a CISO? Do job responsibilities change whether you're a security analyst or a threat engineer? Roles are confusing and so is the pay and responsibilities attached to them.
Check out this post and this post for the basis of today's discussion. this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Hadas Cassorla, CISO, M1. Our guest is Renee Guttman, former CISO of Coca-Cola, Time Warner, Campbells.
Thanks to our podcast sponsor, IANS Research
CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada.
In this episode:
All links and images for this episode can be found on CISO Series
Instead of complaining about the security hiring process, walk a mile in a recruiter's shoes and have a little compassion to what they're going through, and how you might be able to help, at any level.
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap) with our guest Caleb Sima (@csima), CSO, Robinhood.
Thanks to our podcast sponsor, Safe Security
If your CFO or Board was to ask: ‘How much could we lose to a cyber attack?’ Would you know?
Introducing SAFE - the industry’s most complete Cyber Risk Quantification solution to help you answer those crucial questions in real-time:
Learn more at www.safe.security
In this episode:
All links and images for this episode can be found on CISO Series
Are security programs drifting from a prevention to a resilience strategy? If so, are you truly operating in a resilient environment? Or are you still acting in a prevention stance but you know you should be resilient?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest David Ratner (@davidhratner), CEO, HYAS.
Thanks to our podcast sponsor, HYAS
"Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don’t just react, take your security back with HYAS. Visit HYAS.com"
In this episode:
All links and images for this episode can be found on CISO Series
How do you talk to non-technical business leaders about cybersecurity? It's a concern, it's a risk, they want to know so they can make logical business decisions. How do you help?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Our guest is Sara Hall, deputy CISO, MassMutual.
Thanks to our podcast sponsor, HYAS
"Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don’t just react, take your security back with HYAS. Visit HYAS.com"
In this episode:
All links and images for this episode can be found on CISO Series
Why are cybersecurity professionals burning out? What's the dynamic of the job, the pressures being put on them, that causes the best to leave? And this industry can't afford to lose its best talent.
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Bozidar Spirovski (@spirovskib), CISO, Blue dot.
Thanks to our podcast sponsor, HYAS
Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don’t know A: what’s expected and B: when something’s happening that isn’t expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don’t just react, take your security back with HYAS. Visit HYAS.com
In this episode:
All links and images for this episode can be found on CISO Series
You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time.
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, First Bank.
Thanks to our podcast sponsor, Keyavi
Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.
In this episode:
All links and images for this episode can be found on CISO Series
Files are still the core of how people do business. How are you dealing with the onslaught of files coming into your network? People are sharing files across a multitude of platforms, and many for which you may not even know about. What checks and balances do you put in place to make sure you've got file integrity no matter the source?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Aviv Grafi, founder and CTO, Votiro.
Thanks to our podcast sponsor, Votiro
Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. That’s v-o-t-i-r-o.com
In this episode:
All links and images for this episode can be found on CISO Series
Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, BCD Travel.
Thanks to our podcast sponsor, Votiro
Can you trust that the files entering your organization are free of hidden threats like malware & ransomware? With Votiro you can. Votiro removes evasive and unknown malware from files in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with email, cloud apps & storage, and content collaboration platforms like Microsoft 365 - wherever files need to flow. Learn more at Votiro.com.
In this episode:
All links and images for this episode can be found on CISO Series
Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jack Kufahl, CISO, Michigan Medicine.
Thanks to our podcast sponsor, SolCyber
At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting.
In this episode:
All links and images for this episode can be found on CISO Series
One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security.
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union.
Thanks to our podcast sponsor, Qualys
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
In this episode:
All links and images for this episode can be found on CISO Series
What can we do to reduce the damage of a breach and the duration of detection and remediation?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Dave Klein (@cybercaffeinate), director, cyber evangelist, Cymulate.
Thanks to our podcast sponsor, Cymulate
The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here.
In this episode:
All links and images for this episode can be found on CISO Series
Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One.
Thanks to our podcast sponsor, SlashNext
SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API.
In this episode:
All links and images for this episode can be found on CISO Series
You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is sponsored guest Scott McCrady (@scottsman3), CEO, SolCyber.
Thanks to our podcast sponsor, SolCyber
At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting.
In this episode:
All links and images for this episode can be found on CISO Series
Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing?
Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.
Thanks to our podcast sponsor, Keyavi
Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.
In this episode:
All links and images for this episode can be found on CISO Series
Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Shevelyov, former CSO, Silicon Valley Bank.
Thanks to our podcast sponsor, Keyavi
Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.
In this episode:
All links and images for this episode can be found on CISO Series
What’s your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Simon Goldsmith (@cybergoldsmith), director of information security, OVO Energy.
Thanks to our podcast sponsor, Votiro
Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
In this episode:
All links and images for this episode can be found on CISO Series
Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs?
Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Ty Sbano (@tysbano), CISO, Vercel.
Thanks to our podcast sponsor, Thinkst
Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.
In this episode:
All links and images for this episode can be found on CISO Series
How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is John Ayers (@cyberjohn1747), vp of advanced detection and response office of the CTO, Optiv.
Thanks to our podcast sponsor, Optiv
The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters.
In this episode:
All links and images for this episode can be found on CISO Series
Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO?
Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Michael Weiss, CISO, Human Interest.
Thanks to our podcast sponsor, Optiv
The modern enterprise needs a solution as unique as its business. Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters.
In this episode:
All links and images for this episode can be found on CISO Series
For years we've been referring to malware protection as a cat and mouse game. The crooks come up with a new malware attack, and then the good guys figure out a way to stop it. And that keeps cycling over and over again. So where are we today with malware protection and is there any way to get ahead of the cycle?
Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Aviv Grafi (@avivgrafi), CTO and founder, Votiro.
Thanks to our podcast sponsor, Votiro
Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
In this episode:
All links and images for this episode can be found on CISO Series
We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Lisa Kubicki (@lmk2), trust and security, training and awareness director, DocuSign.
Thanks to our podcast sponsor, Drata
Save 200+ hours with Drata's automated continuous compliance solution for SOC 2, ISO 27001, PCI DSS, HIPAA, GDPR, & CCPA. Drata connects to your techstack with 75+ integrations, including AWS, GitHub, GCP, & more to automate the compliance process. Kickstart your compliance journey by requesting a demo and get 10% off
In this episode:
All links and images for this episode can be found on CISO Series
You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rich Lindberg, CISO, JAMS.
Thanks to our podcast sponsor, SolCyber
At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting.
In this episode:
Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby.
Thanks to our podcast sponsor, Optiv
Need a guide on your Zero Trust journey? Jerry Chapman, Engineering Fellow at Optiv and author of "Zero Trust Security: An Enterprise Guide" shares the following takeaways: - The key elements of Zero Trust - How to visualize your Zero Trust journey and place it in the proper context - Integrated technologies to drive adaptive processes and a mature security model Learn more at www.optiv.com/zerotrust.
In this episode:
All links and images for this episode can be found on CISO Series
Cyber professionals, who is responsible on your team for investigating new solutions?
Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Ryan, director of enterprise technology security and risk, Baker Tilly.
Thanks to our podcast sponsor, Votiro
Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.
In this episode:
All links and images for this episode can be found on CISO Series
In the cyber industry we pat each other on the back and give each other awards, all while the statistics for breaches appear to be worsening, Are we celebrating growing failure? Does the cyber industry suck?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Fredrick Lee (AKA "Flee") (@fredrickl), Flee, CSO, Gusto.
Thanks to our podcast sponsor, Cymulate
The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here.
In this episode:
All links and images for this episode can be found on CISO Series
For some, the definition of zero trust has expanded from how we grant access to networks, applications, and data to how we trust individuals in the real world. Are we taking zero trust too far?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Thomas Doughty, CISO, Prudential Financial.
Thanks to our podcast sponsor, Netfoundry
NetFoundry, built on OpenZiti, is the only solution purpose-built to connect massively distributed apps, edges, clouds and devices in minutes, ensuring zero trust of the internet, local and OS host network and delivered as SaaS. Isolating the app to make network security irrelevant and remove the pain of public DNS, VPNs, bastions, as well as complex firewall rules.
In this episode:
All links and images for this episode can be found on CISO Series
Developers and security professionals have been heavily sold on the concept of "shift left" or deal with security issues early in development rather bolting it on at the end. It all made logical sense, but now we've been doing it for a few years and has shift-left actually reduced application security concerns?
Check out this post, this post, and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Mike Gorman (@gormamic), head of security and compliance, NetFoundry.
Thanks to our podcast sponsor, Netfoundry
NetFoundry, built on OpenZiti, is the only solution purpose-built to connect massively distributed apps, edges, clouds and devices in minutes, ensuring zero trust of the internet, local and OS host network and delivered as SaaS. Isolating the app to make network security irrelevant and remove the pain of public DNS, VPNs, bastions, as well as complex firewall rules.
In this episode:
All links and images for this episode can be found on CISO Series
Do we have a Monitgue/Capulet rivalry between technical and compliance professionals? Why is this happening, and what can be done to improve it? Does it need to be improved?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Linda White, director of InfoSec, Axiom Medical.
Thanks to our podcast sponsor, Netfoundry
NetFoundry, built on OpenZiti, is the only solution purpose-built to connect massively distributed apps, edges, clouds and devices in minutes, ensuring zero trust of the internet, local and OS host network and delivered as SaaS. Isolating the app to make network security irrelevant and remove the pain of public DNS, VPNs, bastions, as well as complex firewall rules.
In this episode:
All links and images for this episode can be found on CISO Series
Why do we end up with so many bad security products? Who is to blame and how can we fight back an ecosystem that may be fostering subpar products?
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Haroon Meer (@HaroonMeer), founder and researcher, Thinkst Canary.
Thanks to our podcast sponsor, Thinkst Canary
Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.
In this episode:
All links and images for this episode can be found on CISO Series
What are you doing to prepare for the next cyber disaster? You must train for it, because when it happens, and it will happen, everyone should know what they need to do.
Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Roland Cloutier (@CSORoland), CISO, TikTok.
Thanks to our podcast sponsor, Keyavi
Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how.
In this episode:
All links and images for this episode can be found on CISO Series
What if you didn't spend all your time patching vulnerabilities but instead created a security policy that prevented known vulnerabilities from being exploited. How doable is this solution of virtual patching?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ody Lupescu, CISO, Ethos Life.
Thanks to our podcast sponsor, Araali Networks
Managing vulnerabilities at the speed and scale of the cloud is challenging, especially when the implications of a single mistake gives attackers an asymmetric advantage over defenders. Araali allows your security teams to resilient patch and monitor the most valuable apps and services so they cannot be exploited even if they are vulnerable. To learn more, visit araali.
In this episode:
All links and images for this episode can be found on CISO Series
A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rishi Tripathi (@ris12hi), CISO, Mount Sinai Health System.
Thanks to our podcast sponsor, Tines
Tines was founded by experienced security practitioners who cared about their teams. When they couldn’t find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines – everything from phishing response to employee onboarding. To learn more, visit tines.com.
In this episode:
All links and images for this episode can be found on CISO Series
"If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process?
Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.
Our guest is Brian Brushwood (@shwood), creator of Scam School and World's Greatest Con. Plus he's launched multiple channels with millions of subscribers and multiple number one comedy albums. Plus, he's a touring magician. He's our first non-cyber professional guest, but he is so perfect for this episode.
Thanks to our sponsor, Varonis
On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.
In this episode:
All links and images for this episode can be found on CISO Series
Could you build a data-first security program? What would you do if you focused your security program on just the asset?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Brian Vecci (@brianthevecci), field CTO, Varonis.
Thanks to our sponsor, Varonis
On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.
In this episode:
All links and images for this episode can be found on CISO Series
Offensive security or "hacking back" has always been seen as either unethical or illegal. But now, we're seeing a resurgence in offensive security solutions. Are we redefining the term, or are companies now "hacking back?"
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Eric Hussey, CISO, Aptiv.
Thanks to our podcast sponsor, Varonis
On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.
In this episode:
All links and images for this episode can be found on CISO Series
A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby.
In this episode:
All links and images for this episode can be found on CISO Series
How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Mike Hanley (@_mph4), CSO, GitHub.
Thanks to our podcast sponsor, Anjuna
Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource anywhere.
In this episode:
All links and images for this episode can be found on CISO Series
You're a security vendor and you've got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Ed Amoroso (@hashtag_cyber), founder and CEO, Tag Cyber.
Huge thanks to our sponsor, Cymulate
The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Michael Johnson, CISO, Novi (the financial arm of Meta, formerly Facebook)
Thanks to our podcast sponsor, Anjuna
Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource anywhere.
In this episode:
All links and images for this episode can be found on CISO Series
Security professionals are drowning in activities. Not all of them can be valuable. What should security professionals stop doing be to get back some time?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jim Rutt, CISO, Dana Foundation.
Thanks to our podcast sponsor, Thinkst
Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Hardware, VM and Cloud-based Canaries are deployed and loved on all 7 continents.
In this episode:
How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Alastair Cooke (@demitasenz), analyst, GigaOm.
Huge thanks to our podcast sponsor, MazeBolt
In this episode:
All links and images for this episode can be found on CISO Series
Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System.
Thanks to our podcast sponsor, Eclypsium
Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
In this episode:
All links and images for this episode can be found on CISO Series
Automation was supposed to make cybersecurity professionals’ lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Lozada (@brianl1775), CISO, HBOMax.
Thanks to our podcast sponsor, deepwatch
Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian.
Thanks to our podcast sponsor, Tessian
95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.
In this episode:
All links and images for this episode can be found on CISO Series
Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises.
Thanks to our podcast sponsor, Eclypsium
Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
In this episode:
All links and images for this episode can be found on CISO Series
Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard.
Thanks to our podcast sponsor, Tessian
95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.
All links and images for this episode can be found on CISO Series
In most jobs there’s often a clear indicator if you’re doing a good job. In security, specifically security leadership, it’s not so easy to tell. “Nothing happening” is not an effective measurement. So how should security performance be graded?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Deneen DeFiore (@deneendefiore), CISO, United Airlines.
Thanks to our podcast sponsor, Tessian
In this episode:
All links and images for this episode can be found on CISO Series
If we’re going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, Eclypsium.
Thanks to our podcast sponsor, Eclypsium
Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
All links and images for this episode can be found on CISO Series
Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life.
Thanks to our podcast sponsor, Qualys
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
In this episode:
All links and images for this episode can be found on CISO Series
How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys.
Thanks to our podcast sponsor, Qualys
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security.
Thanks to our podcast sponsor, Qualys
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Andy Ellis (@csoandy), operating partner, YL Ventures.
Thanks to our podcast sponsor, Varonis
What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment.
In this episode:
All links and images for this episode can be found on CISO Series
When a senior person at your company asks you, "Are we secure?" how should you respond?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Paul Truitt, principal US cyber practice leader, Mazars.
Thanks to our podcast sponsor, Varonis
Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Learn more about how to prevent ransomware.
In this episode:
What are the tell tale signs you've got ransomware before you receive the actual ransomware threat?
Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Brian Vecci (@BrianTheVecci), field CTO, Varonis.
Thanks to our podcast sponsor, Varonis
What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Robert Wood (@holycyberbatman), CISO at Centers for Medicare & Medicaid Services.
Thanks to our podcast sponsor, Living Security
Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers.
In this episode:
All links and images for this episode can be found on CISO Series
SIEM tools that ingest and analyze data are ubiquitous in security operations centers. But just knowing what's happening in your environment is not enough. For competitive reasons, must SIEM tools expand and offer more automation, intelligence, and the ability to act on that intelligence?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Chris Grundemann (@ChrisGrundemann), category lead, security, GigaOm.
Thanks to our podcast sponsor, Keyavi
Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Adam Keown, director, information security, Eastman.
Thanks to our podcast sponsor, VMware
In this episode:
All links and images for this episode can be found on CISO Series
What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Rebecca Harness (@rebeccaharness), CISO, St. Louis University.
Thanks to our podcast sponsor, VMware
In this episode:
All links and images for this episode can be found on CISO Series
For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Sandy Wenzel (@malwaremama), cybersecurity transformation engineer, VMware.
Thanks to our podcast sponsor, VMware
In this episode:
All links and images for this episode can be found on CISO Series
You've just joined a company as CISO, what's the very first step you would take to improve the security posture of your new company?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Olivia Rose, vp of IT and security, Amplitude.
Thanks to our podcast sponsor, Proofpoint
Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.
In this episode:
All links and images for this episode can be found on CISO Series
How is ransomware getting into your network? Is the path direct, like via email, or does it take a more circuitous route?
Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Ryan Kalember (@rkalember), evp, cybersecurity strategy, Proofpoint.
Thanks to our podcast sponsor, Proofpoint
Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.
In this episode:
All links and images for this episode can be found on CISO Series
Why should security professionals get certifications? Do they actually teach you what you need to know to solve cybersecurity challenges? OR do they act as gateways or approval checks to be admitted into the field of cybersecurity?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Will Gregorian (@willgregorian), head of IT and security, Rhino and our guest Shawn M. Bowen (@smbowen), CISO, World Fuel Services.
Thanks to our podcast sponsor, Palo Alto Networks
First, every company became a software company. Now, every company needs to be a cybersecurity company too. Prisma Cloud from Palo Alto Networks a single security platform that delivers comprehensive protection from code through app, so your company can keep doing what it's supposed to do. Learn more at paloaltonetworks.com/prisma/cloud.
In this episode:
All links and images for this episode can be found on CISO Series
How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams?
Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest Matthew Chiodi (@mattchiodi), CSO, public cloud, Palo Alto Networks.
Thanks to our podcast sponsor, Palo Alto Networks
If you're doing cloud security right, no one knows if you've done anything. When you do it wrong, well, you end up on Cybersecurity Headlines. Prisma Cloud from Palo Alto Networks helps ensure your security stays in the quietly appreciated group. It's a single security platform that delivers comprehensive protection from code to cloud. Learn more at paloaltonetworks.com/prisma/cloud.
In this episode
All links and images for this episode can be found on CISO Series
What does a young person, eager to get into cybersecurity, have to show or prove to land their first help desk, tech support role?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Bryan Zimmer (@bryanzimmer), head of security, Humu.
Thanks to our podcast sponsor, Palo Alto Networks
In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud paloaltonetworks.com/Prisma/cloud.
In this episode
All links and images for this episode can be found on CISO Series
What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be?
Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care.
Thanks to our podcast sponsor, Proofpoint
Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.
In this episode
All links and images for this episode can be found on CISO Series
The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers
Thanks to our podcast sponsor, RevCult
On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.
In this episode:
All links and images for this episode can be found on CISO Series
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Liam Connolly, CISO, Seek. and our guest Ben Sapiro (@ironfog), head of technology risk and CISO, Canada Life.
Thanks to our podcast sponsor, RevCult
On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-salesforce-security/
Thanks to our podcast sponsor, RevCult
On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-cloud-configuration-fails/
Why do we hear so many stories about incidents related to poor or misconfigured cloud services?
Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest, Brendan O'Connor, CEO, AppOmni.
Thanks to our podcast sponsor, AppOmni
AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/starting-pay-for-cyber-staff/
What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest Dan Walsh (@danwalshciso), CISO, VillageMD.
Thanks to our podcast sponsor, AppOmni
AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.
In this episode:
All links and images for this episode can be found on CISO Series.
https://cisoseries.com/fear-of-automation/
Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our guest Edward Frye (@edwardfrye), CISO, Aryaka Networks and president of Silicon Valley chapter of ISSA.
AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/
Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience?
Check out this post and this Twitter discussion for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Dev Akhawe (@frgx), CISO, Figma.
Thanks to our podcast sponsor, Sonatype
With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code.
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/
How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and sponsored guest Wayne Jackson, CEO, Sonatype.
Thanks to our podcast sponsor, Sonatype
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/
Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our sponsored guest, Aidan Simister (@aidansimister), CEO, Lepide.
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/
Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head of cybersecurity for Netflix DVD and our guest is Bryan Zimmer (@bryanzimmer), head of security for Humu.
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-insider-risk/
By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Zalewski, CISO, Levis, and our sponsored guest Mark Wojtasiak (@markwojtasiak), vp, portfolio strategy & product marketing, Code42 and author of Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can't Ignore.
Thanks to our podcast sponsor, Code42
Redefine data security standards for the hybrid workforce. Check out Code42.
In this episode:
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/
Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, Melody Hildebrandt (@mhil1), evp, product & engineering and CISO, Fox.
Thanks to our podcast sponsor, Code42
Redefine data security standards for the hybrid workforce. Check out Code42.
In this episode
Does Zero Trust obscure the core principles it's supposed to serve?
How does Zero Trust affect the assumptions around cybersecurity’s control and ownership of a network
What are the real Zero Trust best practices?
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-mentoring/
Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and our guest Sean Catlett, CSO, Slack.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/
How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tomás Maldonado (@tomas_mald), CISO, NFL
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats - fast.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/
What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix
Thanks to our podcast sponsor, Trend Micro as bold
Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-cloud-security-myths/
The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our sponsored guest Mark Nunnikhoven (@markna), vp, cloud research, Trend Micro.
Thanks to our podcast sponsor, Trend Micro
Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-what-is-securitys-mission/
What's the mission of your security program? Is it to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY, OR, is it to PROTECT THE COMPANY BRAND by effectively PREVENTing, DETECTING and RESPONDING to cyber-threats? These are the two options for security's mission that we discuss on this week's show.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Johna Till Johnson (@JohnaTillJohnso), CEO, Nemertes Research.
Thanks to our podcast sponsor, Trend Micro
The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-vendor-cisos/
It's hard to be a CISO. But, what's it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Allan Alford (@AllanAlfordinTX), CTO/CISO, TrustMAPP, and host of The Cyber Ranch Podcast.
Thanks to our podcast sponsor, TrustMAPP
Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need
You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, deputy CISO, Levis, and our guest Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies .
Thanks to our podcast sponsor, TrustMAPP
Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber
Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department's general counsel?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest, David Schellhase (@davidschellhase), general counsel, Slack.
Thanks to our podcast sponsor, TrustMAPP
TrustMAPP delivers Security Performance Management, giving CISOs a real-time view of the effectiveness of their security program. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs. To learn about the MAPP methodology, download the white paper at https://trustmapp.com/mapp-paper/
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-data-destruction
How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Shawn Bowen, CISO, Restaurant Brands International (RBI), and our sponsored guest, Frank Milia, partner, (@ITAssetRecvry), IT Asset Management Group.
Thanks to our podcast sponsor, IT Asset Management
Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today at itamg.com/CISO
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-how-to-make-cybersecurity-more-efficient/
You're a new CISO told to hold headcount even and find the resources to do 20% more work. We're already maxed out. So how do we do more? Coming up next we're getting smart and more efficient with security.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Mike Morgan, (@theywerecones) head of information security, infrastructure director, Foster Farms
Thanks to our podcast sponsor, IT Asset Management Group
Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today at itamg.com/CISO
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-does-a-ciso-need-tech-skills
Does a CISO need technical skills to be an effective cybersecurity leader? Many CISOs don't have them. Are they still effective and does it affect their ability to lead?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Ben Sapiro, (@ironfog), CISO, Great-West LifeCo, and our guest, Zach Powers, CISO, Benchling.
Thanks to our episode sponsor, IT Asset Management Group
Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties. Is it clear who is responsible for the performance of your data disposition practice? IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today at itamg.com/CISO.
In this episode
All links and images for this episode can be found on CISO Series
https://cisoseries.com/defense-in-depth-how-do-you-know-if-youre-good-at-security/
What metrics or indicators signal to you that an organization is “good at security”?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Justin Berman (@justinmberman), former CISO, Dropbox.
Thanks to our podcast sponsor, Imperva
Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.
In this episode
All links and images for this episode can be found on CISO Series
You're a new CISO at a new org given a headcount of ten to build a cybersecurity team. What's your strategy to build that team?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest JJ Agha (@jaysquaredx2), CISO, Compass.
Thanks to our podcast sponsor, Imperva
Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.
In this episode
All links and images for this episode can be found on CISO Series
(https://cisoseries.com/defense-in-depth-are-our-data-protection-strategies-evolving/)
As we're evolving from putting data on premises to the cloud, are our data protection strategies evolving as well? There are issues of securing data, knowing where it travels, and privacy implications of data. How are we handling all of that?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Chris Brown, senior director, data security at Imperva.
Thanks to our podcast sponsor, Imperva.
Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.
In this episode
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-cisos-be-licensed-professionals/)
Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Patrick Benoit (@patrickbenoit), vp, global head of GRC and BISO, CBRE.
Thanks to this week's podcast sponsor, F5
External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.
Highlights from this episode of Defense in Depth:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)
Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.
Thanks to this week's podcast sponsor, F5.
External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-imposter-syndrome/)
For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest David Peach (@realdavidp), CISO and head of privacy, The Economist Group.
Thanks to this week's podcast sponsor, F5.
CISOs are dealing with the increasing sophistication of cyber attackers that are taking advantage of their applications. Find out how F5 helps organizations expand their security and see the unseen by watching the F5 Security Summit webinar. View it here.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-why-dont-more-companies-take-cybersecurity-seriously/)
With every cybersecurity breach, we still don't seem to be getting through. Many companies don't seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Ben Sapiro, global CISO, Great-West LifeCo.
Thanks to this week's podcast sponsor, Sonatype.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-protection-and-visibility/)
Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Elliot Lewis (@elliotdlewis), CEO, Keyavi Data.
Thanks to this week's podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-whats-an-entry-level-cybersecurity-job/)
Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn. The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not know what an entry level cybersecurity job is.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Joseph Carrigan (@JTCarrigan), senior security engineer at Johns Hopkins University Information Security Institute, and co-host Hacking Humans podcast.
Thanks to this week's podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/)
Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Paul Asadoorian (@securityweekly), founder & CTO, Security Weekly, and chief innovation officer, Cyber Risk Alliance.
Thanks to this week's podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/)
Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Jérémy Thomas, CEO, GitGuardian.
Thanks to this week's podcast sponsor GitGuardian.
GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/)
How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Chad Boeckmann (@SDS_Advisor), CEO, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/)
Privacy is an uphill battle. The problem is those gathering the data aren't the ones tasked with protecting the privacy of those users for whom that data represents.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire Podcast.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/)
What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-xdr-extended-detection-and-response/)
Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what's going on in your environment.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/)
Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Dustin Wilcox, CISO, Anthem.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-college-necessary-for-a-job-in-cybersecurity/)
Where is the best education for our cyber staff of the future? Where does college fit in or not fit in?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Dan Walsh, CISO, Rally Health.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/)
What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.
Thanks to this week’s podcast sponsor, PlexTrac.
PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/)
Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What's breaking down?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Liam Connolly, CISO, Seek.
Thanks to this week's podcast sponsor, Salt Security.
Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-junior-cyber-people/)
There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Naomi Buckwalter (@ineedmorecyber), director of information security & privacy at Energage.
Thanks to this week's podcast sponsor, Salt Security.
Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/)
Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying?
Check out this post and the Valimail survey for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Lee Parrish (@LeeParrish), CISO, Hertz.
Thanks to this week's podcast sponsor, AttackIQ.
AttackIQ, the leading independent vendor of breach and attack simulation solutions, built the industry’s first Security Optimization Platform for continuous security control validation and improving security program effectiveness and efficiency. AttackIQ is trusted by leading organizations worldwide to plan security improvements and verify that cyberdefenses work as expected, aligned with the MITRE ATT&CK framework. On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-how-vendors-should-approach-cisos/)
"How do I approach a CISO?" It's the most common question I get from security vendors. In fact, I have another podcast dedicated to this very question. But now we're going to tackle it on this show.
Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Ian Amit (@iiamit), CSO, Cimpress.
Here also is my original article with Allan Alford when he first launched this engage with vendors campaign.
Thanks to this week's podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-secure-access/)
What is the Holy Grail of secure access? There are many options, all of which are being strained by our new work from home model. Are we currently at the max?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Rohini Kasturi, chief product officer, Pulse Secure.
Thanks to this week’s podcast sponsor, Pulse Secure.
Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 24,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/)
Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp?
Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Helen Patton (@OSUCISOHelen) CISO, The Ohio State University.
Thanks to this week's podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-a-cloud-migration/)
You're migrating to the cloud. When did you develop your security plan? Before, during, or after? How aware are you and the board of the cloud's new security implications? Does your team even know how to apply security controls to the cloud?
Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Sandy Bird, CTO and co-founder, Sonrai Security.
Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing, and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue.
Thanks to this week's podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-api-security/)
APIs are gateways in and out of our kingdom and thus they're also great access points for malicious hackers. How the heck do we secure them without overwhelming ourselves?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Roey Eliyahu, CEO, Salt Security.
Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-threat-intelligence/)
We all know that shared intelligence has value, yet we're reticent to share our threat intelligence. What prevents us from doing it and what more could we know if shared threat intelligence was mandated?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Joel Bork (@cincision), senior threat hunter, IronNet Cybersecurity.
Thanks to this week's podcast sponsor, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/)
Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime?
Check out this post by Brian Krebs for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Zalewski, deputy CISO, Levi Strauss.
Thanks to this week's podcast sponsor, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-security-budgets/)
How do you calculate a security budget? Is it a percentage of the IT budget? Something else? And why does it grow so drastically after a breach?
Thanks to this week's podcast sponsor, IronNet Cybersecurity.
To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-role-of-the-biso/)
What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nicole Dove (@IssaUrbanGirl), BISO, ADP, and host of Urban Girl Corporate World podcast.
Thanks to this week's podcast sponsor, Deep Instinct.
Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-accounts/)
As bad as all security professionals know, shared accounts are a fact in the business world. They still linger, and from an operational standpoint they're hard to secure and get accountability. Why are they still around and what can be done about them?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Jake King (@jakeking), CEO, Cmd.
Thanks to this week's podcast sponsor, Cmd.
Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bug-bounties/)
What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Justin Berman (@justinmberman), head of security, Dropbox.
Thanks to this week's podcast sponsor, Cmd.
Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/)
The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nina Wyatt, CISO, Sunflower Bank.
Thanks to this week's podcast sponsor, Cmd.
Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/)
We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment?
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (@so_cal_aggie), head of product marketing, Deep Instinct.
Thanks to this week's podcast sponsor, Deep Instinct.
Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-asset-valuation/)
What's the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause?
Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Bobby Ford, global CISO, Unilever.
Thanks to this week's podcast sponsor, CyberArk.
At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)
We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.
Thanks to this week’s podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-fix-security-problems-with-what-youve-got/)
Stop buying security products. You probably have enough. You're just not using them to their full potential. Dig into what you've got and build your security program.
Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Brent Williams (@brentawilliams), CISO, SurveyMonkey.
Thanks to this week's podcast sponsor, Deep Instinct.
Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-risk-lead-grc/)
Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can't start with it?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our guest is Marnie Wilking (@mhwilking), global head of security & technology risk management, Wayfair.
Thanks to this week’s podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-responsible-disclosure/)
Security researchers and hackers find vulnerabilities. What's their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Tom Merritt (@acedtect), host, Daily Tech News Show.
Thanks to this week’s podcast sponsor, Qualys.
Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth:-internet-of-things/)
When Internet of Things or IoT devices first came onto the market, security wasn't even a thought, let alone an afterthought. Now we're flooded with devices with no security and their openness and connectivity are being used to launch malicious attacks. What are methods to secure environments today and how should these IoT devices being secured in the future?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Josh Corman (@joshcorman), founder of I Am The Cavalry.
Thanks to this week’s podcast sponsor, Pulse Secure.
Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 20,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-governance-the-most-important-part-of-grc)
Your policy should rarely change. But your ability to achieve that policy is found in procedures or governance that should inform, steer, and guide your team. Those procedures should change often and others should follow. Are they?
Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Mustapha Kebbeh (@mustaphake), CISO, Brinks.
Thanks to this week's podcast sponsor, CyberArk.
At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/)
Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security?
Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Yaron Levi (@0xL3v1) CISO, Blue Cross Blue Shield of Kansas City. Our guest is Gary Harbison, vp, global CISO, Bayer.
Thanks to this week's podcast sponsor, IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hybrid-cloud/)
The consistency of your security program becomes a challenge once you introduce the cloud. Controls and visibility are not necessarily transferable. How do you maintain the control you want in a hybrid environment?
Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Taylor Lehmann (@BostonCyberGuy), vp, CISO, athenahealth, and our sponsored guest, Chris Meenan (@chris_meenan), director, offering management and strategy, IBM Security.
Chris Meenan, director, offering management and strategy, IBM Security, David Spark, producer, CISO Series, Taylor Lehmann, vp, CISO, athenahealth.
Thanks to this week's podcast sponsor, IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-tenure/)
The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above?
Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. Our guest is John Meakin, CISO, Equiniti.
Thanks to this week's podcast sponsor, IBM Security.
IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-toxic-security-teams/)
There's an endless number of variables that contribute to creating a toxic security teams. How does it happen, and what are ways to manage and eradicate the toxicity?
Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Jinan Budge (@jinan_forrester), principal analyst serving security & risk professionals at Forrester.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-personality-tests-in-the-workplace/)
As a cybersecurity leader, should you use personality tests for hiring and managing a team? Does it create diversity, understanding of communication styles, or does it just create more conflict?
Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Ursula Alford, psychologist, Department of Neuropsychology, Baylor Scott & White Institute of Rehabilitation.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-lack-of-diversity-in-cybersecurity/)
Cybersecurity teams are notoriously not diverse. At the same time we keep hearing and talking about the need for diversity. Is it critical? Can you be just as successful without it?
Check out this Twitter feed for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Christopher Zell, vp, head of information security, The Wendy's Company.
Thanks to this week's sponsor, Electronic Frontier Foundation.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/)
When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let go with an attractive payout?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Norman Hunt (@normanhunt3), deputy CISO, GEICO.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-post-breach-desperation-and-salary-negotiations/)
A data breach usually spells financial and reputational disaster. But such an event can also be an opportunity for a security professional to capitalize.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Michael Piacente, co-founder and managing partner, Hitch Partners.
Thanks to this week’s podcast sponsor, Anomali.
Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence that drives effective security and risk decision making. Customers using Anomali identify cyber threats from all layers of the web, automate blocking across their security infrastructures, and detect and remediate any threats present in their networks. www.anomali.com
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-presenting-to-the-board/)
What metrics, reports, or strategies should a security professional utilize to communicate the value to the board? Or is the mode of "presenting to the board" a damaged approach?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Barry Caplin (@bcaplin), executive leadership partner, Gartner.
Thanks to this week’s podcast sponsor, Anomali.
Anomali is a leader in intelligence-driven cybersecurity solutions. Anomali turns threat data into actionable intelligence that drives effective security and risk decision making. Customers using Anomali identify cyber threats from all layers of the web, automate blocking across their security infrastructures, and detect and remediate any threats present in their networks. www.anomali.com
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-iran-cybersecurity-threat/)
The Iran conflict has threatened new retaliations and we don't know where they're going to come from. Cyber retaliation is a real possibility. Who's being threatened and how should we prepare?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Nicholas Hayden, global head of threat intelligence, Anomali.
Thanks to this week’s podcast sponsor, Anomali.
Anomali is a leader in intelligence-driven cybersecurity solutions. Anomaly turns threat data into actionable intelligence that drives effective security and risk decision making. Customers using Anomali identify cyber threats from all layers of the web, automate blocking across their security infrastructures, and detect and remediate any threats present in their networks. www.anomali.com
On this episode of Defense in Depth, you’ll learn:
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-building-a-fully-remote-security-team/)
Could you be successful with a fully virtual InfoSec team? Many say it can't be done, while some have actually done it and been successful.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Kathy Wang, former CISO, GitLab.
Thanks to this week’s podcast sponsor, Pulse Secure.
Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 20,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-account-takeover/)
An account takeover traditionally follows a methodical path that takes considerable time before anything bad happens. Is it worth a company's time and effort to be monitoring a potential account takeover at the earliest stages?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Mike Wilson, CTO and co-founder, Enzoic.
Thanks to this week’s podcast sponsor, Enzoic.
Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/)
Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Rakesh Patwari (@rakeshpatwari), UX lead, Salesforce and UX instructor at UC Berkeley Extension.
Thanks to this week’s podcast sponsor, Enzoic.
Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-trends-for-2020/)
We're coming to the end of the year and that means it's time to make our predictions for 2020. Mark this episode and check back in one year to see how we did.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Rob Potter, chief revenue officer for Verodin.
Thanks to this week’s podcast sponsor, Verodin.
The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-readiness-as-hiring-criteria/)
What if every candidate interviewed was tested on their cybersecurity competency? How would that affect hiring and how would that affect your company's security?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Greg van der Gaast, head of information security, University of Salford.
Thanks to this week’s podcast sponsor, Enzoic.
Enzoic is an enterprise-focused cybersecurity company committed to preventing account takeover and fraud through compromised credential detection. Organizations can use Enzoic solutions to screen customer and employee accounts for exposed username and password combinations to identity accounts at risk and mitigate unauthorized access. Learn more about Enzoic.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-and-the-media/)
Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What's the media's role?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Dave Bittner (@bittner), producer and host of The CyberWire Podcast, Hacking Humans podcast, and Recorded Future podcast.
Thanks to this week’s podcast sponsor, Verodin.
The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/)
When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors?
Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud.
This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Paul Calatayud (@paulcatalayud), CSO for Americas, Palo Alto Networks.
Thanks to this week’s podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-product-security-improving/)
We've been at this cybersecurity thing for a long time. Are products improving their security? A recent study says they aren't.
Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products.
This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Michael L. Woodson (@mlwoodson), CISO, MBTA.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/)
If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point?
Check out this post initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?"
That conversation sparked this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health.
Thanks to this week’s podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices. On this episode of Defense in Depth, you’ll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cyber-defense-matrix/)
A simple way to visualize your entire security program and all the tools that support it.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Sounil Yu (@sounilyu), creator of the Cyber Defense Matrix and former chief security scientist at Bank of America.
Thanks to this week’s podcast sponsor, Verodin.
The Verodin Security Instrumentation Platform proactively identifies gaps in security effectiveness attributable to equipment misconfiguration, changes in the IT environment, evolving attacker tactics, and more. Learn how Verodin, part of FireEye, has made it possible for organizations to validate the effectiveness of cyber security controls, thereby protecting their reputation and economic value.
On this episode of Defense in Depth, you’ll learn:
First, just look at the darn thing and it'll start to make sense.
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-user-centric-security/)
How can software and our security programs better be architected to get users involved?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Adrian Ludwig, CISO, Atlassian, a customer of our sponsor, Castle.
Thanks to this week’s podcast sponsor, Castle.
Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows. Learn more at www.castle.io
On this episode of Defense in Depth, you'll learn:
All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-securing-the-new-internet/)
If you could re-invent the entire Internet, starting all over again with security in mind, what would you do?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode, Davi Ottenhimer (@daviottenheimer), who happens to be working on this project with Tim Berners-Lee at Inrupt to create a new Internet and secure it.
Thanks to this week’s podcast sponsor, Castle.
Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows. Learn more at www.castle.io
On this episode of Defense in Depth, you'll learn:
Creative Commons photo attribution to Joybot.
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-resiliency/)
How fortified is the business to withstand cyberattacks? Can it absorb the impact of the inevitable hits? Would understanding the business' level of resilience provide the appropriate guidance for our security program?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Anne Marie Zettlemoyer, vp, security engineering and divisional security officer, MasterCard.
Thanks to this week’s podcast sponsor, Castle.
Castle is helping businesses keep customers’ online accounts safe from targeted account takeovers, automated credential stuffing, and risky user transactions. Castle’s user-centric approach to account security allows organizations to fully automate threat response and account recovery in real-time with risk-based authentication, granular access policies, and custom workflows. Learn more at www.castle.io
On this episode of Defense in Depth, you'll learn:
And here are some items Anne Marie mentioned at the end of the show:
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ransomware/)
Why is Ransomware so prevalent? Why are so many getting caught in its net? And what are some of the best tactics to stop its scourge?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Brian Vecci (@BrianTheVecci), field CTO, Varonis.
Thanks to this week’s podcast sponsor, Varonis.
The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.
On this episode of Defense in Depth, you'll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-top-ciso-communication-issues/)
Understanding risk. Communicating with the board. Getting others to understand and care about security. What is the most vexing cybersecurity issue for a CISO?
Check out this post by Kate Fazzini, cybersecurity reporter for CNBC, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Mark Eggleston (@meggleston), CISO, Health Partners Plans.
Thanks to this week’s podcast sponsor, Varonis.
The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.
On this episode of Defense in Depth, you'll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-excuses/)
"I've got all the security I need."
"I'm not a target for hackers."
These are just a few of the many rationalizations companies make when they're in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond?
Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers.
Thanks to this week’s podcast sponsor, Varonis.
The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab.
On this episode of Defense in Depth, you'll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-employee-hacking/)
A cyber professional needs their staff, non-IT workers, and the board to take certain actions to achieve the goals of their security program. Should a CISO use the hacking mindset on their own people?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Yael Nagler (@MavenYael), consultant.
Thanks to this week’s podcast sponsor, Anomali.
Anomali harnesses threat data, information, and intelligence to drive effective cyber security decisions.
On this episode of Defense in Depth, you'll learn:
100% Security. A great idea that's impossible to achieve. Regardless, CEOs are still asking for it. How should security people respond and we'll discuss the philosophical implications of 100% security.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Rich Friedberg (@richf321), CISO, Blackbaud.
Thanks to this week’s podcast sponsor, Anomali.
Anomali harnesses threat data, information, and intelligence to drive effective cyber security decisions.
On this episode of Defense in Depth, you'll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-proactive-security/)
How proactive should we be about security? What's the value of threat intelligence vs. just having security programs in place with no knowledge of what attackers are trying to do?
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is AJ Nash, director of cyber intelligence strategy, Anomali.
Thanks to this week’s podcast sponsor, AnomaliAnomali harnesses threat data, information, and intelligence to drive effective cyber security decisions.
On this episode of Defense in Depth, you'll learn:
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/)
Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither?
Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Ian McShane (@ianmcshane), VP, product marketing, Endgame.
Thanks to this week’s podcast sponsor, Endgame
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.
On this episode of Defense in Depth, you'll learn:
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hacker-culture/)
The hacker community needs a new PR campaign. Far too many people equate hacker with criminal. But hacker is a mindset of how one approaches security. What is that approach and why are CISOs so attracted to hiring hackers?
Check out this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Joseph Menn (@josephmenn), journalist, Reuters, and author of "Cult of the Dead Cow: How the Original Hacking Supergroup Might Just Save the World".
Thanks to this week’s podcast sponsor, Trend Micro
On this episode of Defense in Depth, you'll learn:
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bad-best-practices/)
All professionals like to glom onto "best practices." But in security, "best" practices may be bad out of the gate, become useless over time, or they're not necessarily appropriate for all situations. Stay tuned, we're about to expose some of the worst "best" practices.
Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Yaron Levi (@0xL3v1), CISO, Blue Cross/Blue Shield of Kansas City.
Thanks to this week’s podcast sponsor, Endgame
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.
On this episode of Defense in Depth, you'll learn:
All images and links are available on CISO Series (https://cisoseries.com/defense-in-depth-cyber-harassment/)
Whether a jilted lover or someone trying to wield their power over another, cyber harassment takes many forms and it doesn't stay in the digital world. It comes into our real world and gets very dangerous. What is it and how can it be thwarted?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Parry Aftab (@parryaftab), founder of StopCyberbullying Global.
Thanks to this week’s podcast sponsor, Endgame
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss. To learn more visit www.endgame.com.
On this episode of Defense in Depth, you'll learn:
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-series-one-year-review/)
The CISO/Security Vendor Relationship Podcast is now more than a year old. On this episode, the hosts of both podcasts, reflect on the series and we respond to listeners critiques, raves, and opinions.
Check out this post and this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is the co-host of the CISO/Security Vendor Relationship Podcast, Mike Johnson.
Thanks to this week’s podcast sponsor, Trend Micro
On this episode of Defense in Depth, you'll learn:
All images and links for this episode available at CISO Series (https://cisoseries.com/defense-in-depth-economics-of-data/)
Do we understand the value of our data? Do our adversaries? And is the way we're protecting it making it too expensive for them to steal?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Chip Witt (@rt_clik), head of product strategy for SpyCloud.
Thanks to this week’s podcast sponsor, SpyCloud
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll learn:
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-tool-consolidation/)
While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Adam Glick, vp, cybersecurity, Brown Brothers Harriman.
Thanks to this week’s podcast sponsor, SpyCloud.
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll learn:
Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-camry-security/)
The Camry is not the fastest car, nor is it the sexiest. But, it is one of the most popular cars because it delivers the best value. When CISOs are looking for security products, are they also shopping for Camry's instead of "best of breed" Cadillacs?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Lee Vorthman (@leevorthman), sr. director, global security engineering and architecture, Pearson.
Thanks to this week’s podcast sponsor, SpyCloud.
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you'll learn:
All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/)
In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Matt Southworth (@bronx), CISO of Priceline.
Thanks to this week’s podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
And here's Jan Schaumann's presentation at BsidesNYC 2016 entitled "Defense at Scale". Matt mentioned it on the show.
All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-erp-security/)
For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Branden Newman, CISO, adidas, brought to us by our sponsor, SecurityBridge.
Thanks to this week’s podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-managing-obsolete-yet-business-critical-systems/)
Obsolete systems that are critical to your business. They're abandoned, unpatchable and unmanaged. We've all got them, and often upgrading is not an option. What do you do?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Mitch Parker (@mitchparkerCISO), Exec. Director, InfoSec and Compliance, Indiana University Health.
Thanks to this week’s podcast sponsor, SecurityBridge
Advanced cybersecurity for SAP, from codebase to production. Powered by anomaly detection, detect threats in real-time so that they can be remediated before any harm is done. Eliminate false-positives and focus on actionable intelligence. Ensure compliance with direction to actual vulnerabilities, with amazing intelligence dashboards guiding remediation.
On this episode of Defense in Depth, you'll learn:
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-hiring/)
Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is one our favorite InfoSec gadflies, Greg van der Gaast.
Thanks to this week’s podcast sponsor, Morphisec
Detection-based security technologies are by definition reactive, responding to threats after they’ve hit. Morphisec takes an offensive strategy to advanced attacks, dismantling the attack pathways to prevent an attack from ever landing. No detection, no hunting, no clean-up. Watch the on-demand webinar to see how it works. More at www.morphisec.com.
On this episode of Defense in Depth, you'll learn:
Find images and links for this episode on CISO Series (https://cisoseries.com/defense-in-depth-how-cisos-discover-new-solutions/)
Are security professionals so burned out by aggressive cybersecurity marketing that they're giving up on discovering new and innovative solutions? What are the best ways for cyber professionals to discover new solutions?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Yaron Levi (@0xl3v1), CISO, Blue Cross and Blue Shield of Kansas City.
Thanks to this week’s podcast sponsor, ComplianceForge
ComplianceForge is a business accelerator. ComplianceForge offers a full-stack of cybersecurity documentation that ranges from policies and standards, to controls, metrics, procedures and program-level documentation to provide evidence of due diligence in managing risk, vulnerabilities, secure design and other pertinent areas that requires clear and concise documentation.
On this episode of Defense in Depth, you'll learn:
Find all links and images from this episode on CISO Series (https://cisoseries.com/defense-in-depth-is-the-cybersecurity-industry-solving-our-problems/)
Is the cybersecurity industry solving our problems? We've got lots of new entrants. Are they doing anything new, or just doing the same thing slightly better?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest this week is Taylor Lehmann (@BostonCyberGuy), CISO, Wellforce.
Thanks to this week’s podcast sponsor, Remediant
Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant's SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.
On this episode of Defense in Depth, you'll learn:
This is a special episode of Defense in Depth being shared on this feed. Find the full post with links and images on the CISO Series site here (https://cisoseries.com/defense-in-depth-vulnerability-management/)
So many breaches happen through ports of known vulnerabilities. What is the organizational vulnerability in vulnerability management?
Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Justin Berman (@justinmberman), CISO for Zenefits.
Vulcan’s vulnerability response automation platform allows enterprises to automate their TVM programs. Vulcan integrates to existing IT DevOps and security tools to fuse enterprise data with propriety intelligence which allows to accurately and subjectively priorities and remediate vulnerabilities - either using a patch workaround or compensating control.
On this episode of Defense in Depth, you'll learn:
If you can't see all the show notes (with images and links) head here: https://cisoseries.com/defense-in-depth-privileged-access-management-pam/
Where does privileged access management (PAM) fit in the order of operations?
Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest for this episode is Tim Keeler, CEO and co-founder of Remediant.
Thanks to this week’s podcast sponsor, Remediant
Eighty one percent of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant's SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.
On this episode of Defense in Depth, you'll learn:
Full post for this episode (https://cisoseries.com/defense-in-depth-machine-learning-failures/)
Is garbage in, garbage out the reason for machine learning failures? Or is there more to the equation?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Davi Ottenheimer (@daviottenheimer), product security for MongoDB.
Thanks to this week’s podcast sponsor, Remediant
81% of cyberattacks utilize stolen administrative credentials. Yet, legacy enterprise password vaults solve only a fraction of the problem and are difficult to rollout. Remediant's SecureONE takes a new approach to privileged access management: offering agent-less, vault-less, continuous detection and just-in-time-administration. Learn what Remediant can do in a half-day POC deployment.
On this episode of Defense in Depth, you'll learn:
The full post (if you're not seeing links and images) can be found here (https://cisoseries.com/defense-in-depth-software-fixing-hardware-problems/)
As we have seen with the Boeing 737 MAX crashes, when software tries to fix hardware flaws, it can turn deadly. What are the security implications?
Thanks to this week’s podcast sponsor, Unbound Tech
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode Dan Glass (@djglass), former CISO for American Airlines.
Founded in 2014, Unbound Tech equips companies with the first pure-software solution to protect cryptographic keys, ensuring they never exist anywhere in complete form. By eliminating the burden of hardware solutions, keys can be distributed across any cloud, endpoint or server to offer a new paradigm for security, privacy and digital innovation.
On this episode of Defense in Depth, you'll learn:
To see all the notes and links for this episode, go here (https://cisoseries.com/defense-in-depth-tools-for-managing-3rd-party-risk/)
Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Eric Cowperthwaite, director of information security, Esterline.
Got feedback? Join the conversation on LinkedIn.
Thanks to this week’s podcast sponsor, Praetorian
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
On this episode of Defense in Depth, you'll learn:
Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security?
Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Webroot.
Thanks to this week’s podcast sponsor, Praetorian
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
On this episode of Defense in Depth, you'll learn:
Is the RSA Conference a must attend for security professionals? Or is it enough to "just be in San Francisco that week"?
Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Tyson Martin, CISO for Lumber Liquidators.
David Spark, producer of CISO Series, Tyson Martin, CISO, Lumber Liquidators, and Allan Alford, CISO, Mitel.
Thanks to this week's sponsor, Praetorian.
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
On this episode of Defense in Depth, you'll learn:
If a company's brand and value is built on trust, then your security department is critical to building the value of the company.
Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Scott McCool (@McCoolScott), former CIO of Polycomm.
Thanks to this week’s podcast sponsor, SpyCloud
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you’ll learn:
Do companies who deliver "threat intelligence" deliver on that promise, or is there more the customer needs to bring to the table to be able to take action?
Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest for this episode is Eric Murphy (@_EricMurphy), VP, security research, SpyCloud.
Thanks to this week’s podcast sponsor, SpyCloud
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you’ll learn:Defense in Depth is available at CISOSeries.com.
Is the "free to use" Secure Controls Framework the one meta-framework to rule them all?
Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Tom Cornelius, founder and contributor of the Secure Controls Framework (SCF) (@scf_support).
Thanks to this week’s podcast sponsor, SpyCloud
Learn more about how you can protect employees and customers from account takeover with SpyCloud.
On this episode of Defense in Depth, you’ll learn:
Defense in Depth is available at CISOSeries.com.
Is your own staff the greatest threat to the security of your company? On this episode of Defense in Depth we discuss protecting your business from itself.
Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Vijay Bolina (@_jamesbaud_), CISO, Blackhawk Network.
Thanks to this week’s podcast sponsor, Fluency Security:Fluency’s correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization’s path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019.
On this episode of Defense in Depth, you’ll learn:Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com.
Security for the business affects everyone and all departments. On this episode of Defense in Depth we discuss the values and difficulties of building an information security council.
Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Nick Espinosa (@NickAEsp), host of nationally syndicated show The Deep Dive with Nick Espinosa, and his daily podcast is called Nick's Nerd News Daily. Find Nick on Facebook, YouTube, and his articles on Forbes.
Thanks to this week’s podcast sponsor, Fluency Security: Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization’s path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you’ll learn:
Will the privacy outcry and new regulations limit companies’ abilities to do business, or will it span a whole new industry? We discuss building a business in the new age of privacy regulations on this week’s Defense in Depth.
Chris Jordan, CEO, Fluency Security
This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest is Chris Jordan, CEO of Fluency Security.
Thanks to this week’s podcast sponsor, Fluency Security: Fluency’s correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization’s path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you’ll learn:Defense in Depth is part of the CISO Series network which can be found at CISOSeries.com.
What are the most important metrics to measure when building out your security program? One thing we learned on this episode is those metrics change, as your security program matures.
This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft.
Fluency's correlation and risk scoring technology combined with their approach of using pseudonyms in place of certain PII data greatly facilitates your organization's path towards compliance. Over time, machine learning and artificial intelligence algorithms detect anomalies at an impressive level of scalability. Run Fluency as a standalone or integrate it into your existing SIEM. Learn more by visiting us at booth #4529 at the RSA® Conference 2019. On this episode of Defense in Depth, you'll learn:Just a quick welcome message to this weekly show covering controversial and confusing topics in cybersecurity.
En liten tjänst av I'm With Friends. Finns även på engelska.