CISO Series Podcast
Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/lets-just-dump-on-zooms-security-and-offer-no-solutions/)

Sure, we're all in this together, but isn't it fun just to trash a popular product's really bad security?

This week’s episode of CISO/Security Vendor Relationship Podcast features me, David Spark (@dspark), producer of CISO Series, and co-host Mike Johnson. Our sponsored guest is Brian Johnson, CEO and co-founder, DivvyCloud.

Thanks to this week's podcast sponsor, DivvyCloud.

DivvyCloud

DivvyCloud provides continuous security and compliance across all CSPs and containers, including AWS, GCP, Azure, Ailibaba, and Kubernetes, providing a comprehensive view of what’s in your cloud, along with the tools and automation you need to manage it today, tomorrow, and into the future as your business grows and changes.

On this week's episode

Why is everybody talking about this now?

Yaron Levi, CISO, Blue Cross Blue Shield of Kansas City a frequent and recent guest of the podcasts, had an incendiary post on LinkedIn where he challenged the long held belief in cybersecurity that "we're all in this together." Well that theory was put to the test with the outcries of Zoom's security and privacy flaws. Levi believes the security industry failed. Instead of trashing Zoom we should be offering suggestions of how they could fix a now universally used application. His challenge exploded online with over 200 comments. How could we/can we handle this situation better?

Look at this, another company breached

Oh Marriott. You blew it again. Two massive data breaches in two years. This one just gave too much access to too many customers from a branch office. Years ago this would be a front page story we'd be talking about for weeks if not months. Now they're just another breach and it doesn't seem that the affected users seem to care. How much damage are these breaches doing to companies if the customers have breach fatigue and can't see the damage immediately or even directly? And what percentage of these breaches do you believe are the result of poorly architected or implemented security programs?

It's time to play "What's Worse?!"

We get a chance to talk about Mike's favorite topic, toxic team members.

Please, Enough. No, More.

Today's topic is Identity Access Management or IAM. We discuss what we've heard enough about with IAM and what would we'd like to hear a lot more.

It’s time for “Ask a CISO”

We have a question from a listener, a college student. Here's her question:

"I'm a college student interested in majoring in cybersecurity. However I'm more of a people person and I'm afraid cybersecurity is just dealing with computers and having no people interaction. I'm just wondering what I should expect if I continue to pursue a cybersecurity major."

Direct download: CISO_Vendor_04-21-2020_FINAL.mp3
Category:podcast -- posted at: 6:00am PDT