CISO/Security Vendor Relationship Podcast and Series is available at CISOSeries.com.

We're clawing each other's eyes out in the latest episode of the CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest this week is Darren Death (@darrendeath), VP of InfoSec, CISO, ASRC Federal.

Special thanks to Virtru for sponsoring this episode. As a reader, I know you’re always worried about your data. That’s why Virtru is providing a free copy of Forrester’s 14-page report on the Future of Data Security and Privacy to readers for a limited time. Click here to grab your copy while it’s still available.

On this episode:

How CISOs are digesting the latest security news

A nasty fight between two security vendors becomes public because one of the CEOs decides to expose the other CEO. But did he really? What's really going on? Thanks to Nathan Burke of Axonius for bringing this story to our attention.

Why is everybody talking about this now?

Is calling someone a "blocker" the most weaponized word in the tech industry? How can this be avoided and what are the scenarios this term comes up?

What's Worse?!

We've got a split decision on this week's question on trust.

What's a CISO to do?

Robert Samuel, CISO, Government of Nova Scotia asks our CISOs, "What does success look like?" How do CISOs define success?

Ask a CISO

Where should an SMB, that may have little to no security team, begin building out its security program?

CISO/Security Vendor Relationship Podcast and Series can be found at CISOSeries.com.

A newly proposed provision in the Consumer Data Protection Act (CDPA) could result in jail time for intentional data privacy violations.

We're not scared. We're still peeping into your digital lives on the latest episode of the CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our sponsored guest this week is Will Ackerly, co-founder and CTO of Virtru.

Special thanks to Virtru for sponsoring this episode. As a reader, I know you’re always worried about your data. That’s why Virtru is providing a free copy of Forrester’s 14-page report on the Future of Data Security and Privacy to readers for a limited time. Click here to grab your copy while it’s still available.

On this episode

Why is everybody talking about this now?

Huge fines and massive jail time for intentional violations of data privacy. Do the new provisions in the CDPA go too far or are they just right?

What's a CISO to do?

Listener Bradley Teer of Armor Cloud Security asks, “What’s the scariest moment or event that's ever happened in your career as a security practitioner?"

What's Worse?!

Two listeners, Rick McElroy of Carbon Black and Jamie Leupold of PreVeil asked the same question for this week's game. It's a question Mike knew was eventually going to be asked.

Please, Enough. No, More.

We talk about data privacy in today's segment. Can we get beyond the discussion of GDPR?

Ask a CISO

On a previous episode we talked about the meager adoption of multi-factor authentication. We concluded that it was still too complicated to use. So what's encryption's excuse? Why isn't encryption available and used by all? How does the security paradigm change if everyone is sending encrypted messages?

CISO/Security Vendor Relationship Podcast and Series has moved to CISOSeries.com.

Tired of deleting pages of vendor pitches? Wouldn't it be more efficient if  you could see them altogether on one screen so you could simply choose which ones to ignore? We're improving vendor non-engagement efficiency in the latest installment of the CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest this week is Chris Castaldo (@charcuteriecoma), sr. director of cybersecurity, 2U.

This episode is sponsored by Vulcan Cyber, your automated vulnerability remediation solution. Put an end to manual-only patch management and reduce vulnerability risk with a cloud-based solution that bridges the vulnerability remediation gap. Automate and orchestrate the vulnerability remediation process with Vulcan Cyber.

Got feedback? Join the conversation on LinkedIn.

On this episode:

Why is everybody talking about this now?

Six months ago Mike Johnson proposed the idea of "Demos for charities" and it got mixed results, but some people took on the challenge from both the practitioner and the vendor side. See how our guest offered up 45 minutes of his time in exchange for a donation to his favorite charity.

What's a CISO to do?

In light of the most recent Marriott breach, Brian Krebs wrote a great thought piece about our new acceptance of "security" and that is we can't count on companies security our data. How do security professionals communicate that to their team and users and still maintain trust?

What's worse?!

This week's challenge comes from William Birchett, Sr. Manager IT Security at City of Fort Worth. Both options are annoying and we have a split decision on what's worse.

First 90 days of a CISO

Tony Dunham of the Professional Development Academy asks how can InfoSec professionals develop the soft skills needed for leadership prior to being put in the pilot seat?

Ask a CISO

We talk about user-centric design and my co-host has some not-so-nice-words for vendors selling a "single pane of glass" solution.