All links and images for this episode can be found on CISO Series.

It appears our security awareness training is working, up to a point. Most people are well aware of the need for secure passwords, but they don't actually create secure passwords.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext.

Thanks to our podcast sponsor, SlashNext

With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.

In this episode:

• Why does it seem like our security awareness training is only working up to a certain point?
• Most people are well aware of the need for secure passwords, but why don't they actually create secure passwords?
• Is it true that, “people are not the weakest link, they're just the top attack vector?”

All links and images for this episode can be found on CISO Series.

It appears we're not providing security awareness training fast enough. That's because hackers are specifically targeting brand new employees who don't yet know the company's procedures. Illicit hackers are discovering they're far easier to phish.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Gene Spafford (@therealspaf), Professor, Purdue University.

Gene's book available for pre-order Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.

25th anniversary of CERIAS

Thanks to our podcast sponsor, Lacework

Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at lacework.com/cisoseries.

In this episode:

• Is cybersecurity awareness a long term marketing effort?
  
• Where are we making progress with the general populous when it comes to improving the human aspect of cybersecurity?
  
• How difficult and how long can it take to discover what a company's crown jewels are, and what needs to be done?

All links and images for this episode can be found on CISO Series.

That headline is not a joke. An actual job listing on LinkedIn requested just that. We're all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs. 

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• Why do some job listing seem to have unrealistic requirements for entry level job-seekers? Who needs 15+ years experience in practically anything?
  
• What is the value of security operations if you’re not detecting and dealing with incidents?
  
• What do you think cybersecurity awareness month should accomplish?

All links and images for this episode can be found on CISO Series.

CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO's stress seem that much more powerful? Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• Why does a CISO's stress seem that much more powerful?
  
• Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?
  
• What part of the supply chain security effort is truly building trust in your supplier and having ongoing reassurances that that trust is being maintained?

All links and images for this episode can be found on CISO Series.

"The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software," said Robert Slaughter of Defense Unicorns on LinkedIn. That's at the core of the third-party security issue.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• How big of a problem is outdated software in our industry? Is insecurity just the result of a lack of efficient process?
  
• How much does a company’s transparency before, during, and after a breach tell us about their corporate character?
  
• What's the behavior after a breach you want to see that reaffirms your commitment to doing business with a vendor?

All links and images for this episode can be found on CISO Series

Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They're looking not necessarily for a specific answer, but rather a kind of answer and they're also looking to make sure you don't answer the question a specific way. Don't get caught in the trap.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis.

Thanks to our podcast sponsor, Okta

Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.

In this episode:

• What parts of cybersecurity can you comfortably outsource? What parts of cybersecurity do you want to outsource, but can't?
  
• One of the major arguments for outsourcing is "Finding cyber talent is really tough." Do you agree with that rationale to outsource?
  
• When building a security program for a startup, how do you establish scope and requirements?

All links and images for this episode can be found on CISO Series

If you know a difficult concept very well and you're incapable of explaining it simply to others who don't understand it, it's known as the "curse of knowledge." It is for this reason far too many talented cybersecurity professionals struggle to educate others.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Okey Obudulu (@okeyobudulu), CISO, Skillsoft.

Thanks to our podcast sponsor, Trend Micro

Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!

In this episode:

• How important is knowing the crown jewels in your security program? Wouldn't a "crown jewel"-focused security program be myopic?
  
• Have you been guilty of "curse of knowledge" when you tried to explain something and what did you do to improve?
  
• How often does a security leader come into a program and have the sense they're starting out at square one?
  

All links and images for this episode can be found on CISO Series

CISOs say stress and burnout are their top personal risks. Breaches, increased regulations, and the tech talent shortage are all contributors to the stress. Sure would be nice for the CISO and the rest of the team to look at a chart that showed the CISO's stress level in real time.

This week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Meredith Harper (@mrhciso), svp, CISO, Synchrony.

This episode was recorded in front of a live audience in Chicago at The City Hall nightclub for the opening night of Evanta's Global CISO Executive Summit.

Thanks to our podcast sponsor, Cisco

Cisco Secure delivers a streamlined, customer-centric approach to security that ensures it’s easy to deploy, manage, and use. We help 100 percent of the Fortune 100 companies secure work – wherever it happens – with the broadest, most integrated platform. Learn more at cisco.com/go/secure.

In this episode:

• What do you think companies can do to alleviate this pressure and help a CISO better succeed?
• Why is there such a significant disconnect between companies’ increased commitment to diversity and inclusion and the day-to-day experiences of women of color?
• How can enterprise security maintain visibility into, and control over who and what is accessing their data?

All links and images for this episode can be found on CISO Series

For some reason, the ABCs of sales ("Always Be Closing") in the world of cybersecurity sales has translated into "Always Be Creepy." Eagerness to make just a connection, forget closing, has turned into extremely forward approaches that would make anyone feel uncomfortable.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and my guests will be Steve Tran, CSO, Democratic National Committee and Matt Crouse, CISO, Taco Bell. It was recorded in front of a live audience in Santa Monica as part of the ISSA-LA Information Security Summit XII.

Thanks to our podcast sponsor, Ostrich Cyber-Risk

Ostrich Cyber-Risk “Birdseye” is a unified qualitative and quantitative cyber risk management application that allows you to quickly assess, prioritize and quantify your organization’s financial and operational risks in real-time, in one place. Benchmarked against industry-standards (NIST, CIS, ISO), Birdseye simulates risk scenarios, continuously tracks roadmap progress, and creates shareable reports.

In this episode:

• What do security leaders do when they can't push through security initiatives they know should be done?
  
• Is this a real concern for CISOs, and if so, how does a CISO handle their staff when best efforts get thwarted?
  
• What's your advice for new CISOs when dealing with unsolicited sales emails from security vendors? Do they just ignore it all? Should they filter it out?

All links and images for this episode can be found on CISO Series

After every breach, you hear the same mantra from the attacked company: "We take security and privacy seriously." It's lost all its meaning. But what if you truly ARE serious about how you handle security and privacy? Should you say "seriously" twice?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Geoff Belknap (@geoffbelknap), CISO, LinkedIn and co-host of Defense in Depth. It was recorded in front of a live audience at Microsoft's Silicon Valley Campus in Mountain View, California as part of a regular ISSA-SV and ISSA-SF meeting.

Check out all the fantastic photos from the event here.

Thanks to our podcast sponsor, SafeBreach and Noname Security

SafeBreach provides continuous security control validation powered by our breach and attack simulation (BAS) platform.
We enable security leaders to proactively prioritize remediation efforts and drive ROI quickly by consolidating technology costs around what truly enhances your security posture.
Real-world attacks. Real-time results.

Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection

In this episode:

• If you truly ARE serious about how you handle security and privacy, should you say "seriously" twice?
  
• Given the immense complexity not just on integration but also training, are we going to see more consolidation of point solutions into suites?
  
• When would it make sense for a company to completely dump their security team and completely outsource it? And if you were to outsource it, what the heck would that look like?

All links and images for this episode can be found on CISO Series

There are vendors that CISOs can't look away from. Who are they and what did they do to get so much attention from CISOs?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Saša Zdjelar, svp, security assurance, Salesforce.

Thanks to our podcast sponsor, Sysdig

Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.

In this episode:

• What’s a great approach from a security vendor?
  
• What techniques do CISOs deploy to cut through the marketing noise?
  
• Can you think of vendors that were so good that you couldn't ignore them. What made them achieve that status?

All links and images for this episode can be found on CISO Series

If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It's actually really hard to hire a diverse team because what you want to do is simply hire people who look, talk, and sound like you. People who come from the same background as you. While that may work for building friends, it's not necessarily the best solution when building a team to secure your company.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and "Project Zero Trust."

Thanks to our podcast sponsor, Feroot

Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Our automated, client-side, data protection capabilities increase web application visibility, facilitate threat analysis, and detect and protect from client-side attacks, such as Magecart, XSS, e-skimming, and other threats focused on front-end web applications.

In this episode:

• What are the personality types you need on your staff?
  
• Can you be a vCISO if you're not a CISO first. And if you're a vCISO without ever being a CISO, are you just a cybersecurity consultant?
  
• Also, what are some creative uses of honeypots most users don't consider?
  

All links and images for this episode can be found on CISO Series

What are signs your team is getting burnt out? It's not an imbalance of work and family, it's feeling you're having no impact. That you're working your tail off and nothing is getting accomplished. This happens often in cybersecurity.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sara-Michele Lazarus, vp/head of trust and security, Stavvy.

Thanks to our podcast sponsor, Sysdig

Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.

In this episode:

• What are signs your team is getting burnt out?
• What's the most valuable skill in a cybersecurity analyst?
• Why are we seeing so many zero day exploits right now?

All links and images for this episode can be found on CISO Series

Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.

Thanks to our podcast sponsor, Trend Micro

Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!

In this episode:

• Why is the term “zero trust” fraught with so many misnomers?
  
• Is there such a thing as privacy anymore? Do you agree with the term “good enough”, and if so what is a "good enough" factor, what does it entail, and what should we expect from that?
  
• Where has the United States done the most to improve national cybersecurity?
  

All links and images for this episode can be found on CISO Series.

You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell's, Coca-Cola, and Time Warner.

Thanks to our podcast sponsor, Okta

Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.

In this episode:

• When interviewing, what are the right answers, and which ones are red flags that should cause you to run?
• Has the cloud just created a bigger security problem that's creeped up on us? 
• Are legacy systems just a ticking time bomb or have you seen success in managing them?

All links and images for this episode can be found on CISO Series

Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign.

Thanks to our podcast sponsor, SlashNext

SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API.

In this episode:

• Are big conferences like RSA worth it? What's the value of the trade show floor at RSA?
  
• Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night?
  
• Are the customers and vendors getting priced out?
  

All links and images for this episode can be found on CISO Series

Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Is it OK if users see security as heroes but security professionals shouldn't see themselves that way?
• What have you heard enough about when it comes to data protection, and what would you like to hear a lot more?
• How can we best create a cyber risk balance sheet?

All links and images for this episode can be found on CISO Series

Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Should certifications be a requirement on your job listings?
• Are the SIEMs failing or do the users not know how to configure them? Or is it both?
• Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?

All links and images for this episode can be found on CISO Series

You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

In this episode:

• We welcome the winner of “Capture The CISO!” How did they prepare in terms of making the demo and for appearing on the show? And what advice would they give for contestants in season 2?
  
• What do employers look for or ask in an interview that would lead them to hire and promote someone into a CISO role in their company?
  
• How can cybersecurity professionals improve their decision making over time?
  

All links and images for this episode can be found on CISO Series

We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Anna Belak (@aabelak), director of thought leadership, Sysdig.

Thanks to our podcast sponsor, Sysdig

Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.

In this episode:

• What are the questions a CISO should be able to answer?
  
• How much dishonesty do you find in cybersecurity?
  
• How does one LEAD a cloud migration?
  
• What are some lies about machine learning that everyone needs to be aware of?
  

All links and images for this episode can be found on CISO Series

What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

Thanks to our podcast sponsor, Keyavi

Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.

In this episode:

• Can the US government, through regulation, shift the tide of never-ending cybersecurity failures?
  
• Your network was just hit with ransomware. What do you do in your environment?
  
• What should we be discussing more of when it comes to protecting data in the supply chain?
  
• What's the biggest security flaw you've seen in every environment you've ever worked?
  

All links and images for this episode can be found on CISO Series

If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Carla Sweeney, vp information security, Red Ventures.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Is a CISO really an architect of choices, for themselves and the other business leaders?
  
• Why and how can controls impose friction or drag on business velocity?
  
• What are the types of questions you ask when you're referencing a resume and what are some examples of really impressive responses?
  
• What are some things that get a bad rap, but are actually quite secure?
  

All links and images for this episode can be found on CISO Series

Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual.

Thanks to our podcast sponsor, PlexTrac

PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time.

Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

In this episode:

• What areas should we focus on improving the security user experience for non-security people?
  
• Does it get easier at the top? What factors do you think result in the workload being tougher or easier for a CISO?
  
• How can radical transparency help and where can it backfire?
  
• What can we do to avoid poisoned systems and how can we tell if our systems have been poisoned?
  

All links and images for this episode can be found on CISO Series

Should you monitor your staff? I mean reallymonitor them. Some bosses are installing screen grabbing and click tracking software to monitor employees and by most estimates employees hate it so much that half of them would quit if their supervisors installed monitoring software on their computers. But in some cases an employee's behavior may lend themselves to being monitored.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Ian Hassard (@ihassard), director of product management, Okta.

Thanks to our podcast sponsor, Okta

Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.

In this episode:

• What are the real world positive impacts that result on the business in terms of risk reduction, product development, and prevention?
  
• What are some alternatives to address the authentication problem?
  
• What have you heard enough about with authentication, and what would you like to hear a lot more about?
  
• To what level should you and shouldn't you monitor your staff? What cases do you feel you would have to install monitoring software?
  

All links and images for this episode can be found on CISO Series

Next time you're annoyed by a security vendor's pitch, instead of firing back at them at what an idiot they are, or complaining about it on social media, why not see if you can find a friendly manager at the vendor company and explain what happened so they can actually address the problem appropriately?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rob Suarez, CISO, BD.

Thanks to our podcast sponsor, Trend Micro

Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!

In this episode:

• Where could we possibly draw the line of what can be known to the public, but at the same time not offering insight to the attackers?
  
• We examine what makes medical establishments an attractive target. Why are medical records valuable and outside of havoc is there any other purpose of tampering with medical devices?
  
• How do you use industry-specific threat information to make better security decisions?
  
• Why do some cybersecurity companies succeed and others fail?
  

All links and images for this episode can be found on CISO Series

I have no idea what I need to spend to demonstrate our security program is working. What's it going to take? Or maybe I need just others on my team to just validate that they truly do care about security.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is John McClure (@johnmcclure00), CISO, Sinclair Broadcast Group.

Thanks to our podcast sponsor, Keyavi

Data that protects itself?  Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how.

In this episode:

• What’s your best indicator that your security program is actually improving?
  
• We examine certifications and separate myth from reality for those trying to get into cybersecurity and also for more seasoned professionals?
  
• What security flaw often gets overlooked?
  
• How does one go about asking for a team building budget for a remote team?
  

All links and images for this episode can be found on CISO Series

How dangerous is it for a cybersecurity professional to pull a G-d complex with the email server just because they didn't like the way one salesperson behaved?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Jadee Hanson (@jadeehanson), CIO/CISO, Code42.

Thanks to our podcast sponsor, Code42.

As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more.

In this episode:

• Is it alright to block a vendor because one salesperson is persistent and annoying?
  
• How can one go about creating a cybersecurity report card?
  
• Is it just inevitable that your staff is going to eventually violate policies?
  
• How to determine a delicate balance between a complete non-tolerance policy versus complete tolerance?
  

All links and images for this episode can be found on CISO Series

What if we could convince management that security is not a cost center, but a means to actually make and save money for the business? The concept isn't so completely outrageous. Companies are using privacy and security as differentiators, and certain security tools such as single sign on, password managers, and passwordless reduce operational costs in support tickets.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mary Gardner, CISO, The Greenbrier Companies.

Thanks to our podcast sponsor, Buchanan Technologies

Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more.

In this episode:

What are areas we should focus on improving the security user experience for non-security people?
We ask if CISOs have it easier than their middle managers.
We think about the factors that result in the workload being tougher or easier for a CISO.
And we examine how we can protect our machine learning algorithms and AI from absorbing poisoned data.

To see the blog post and read the transcript, head over to CISO Series.

We don't celebrate quitting. Maybe we should. When should you do it when you don't have another offer?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Hadas Cassorla, CISO, M1.

On this episode:

• When a "good" security control is actually bad for business.
• A "how to" engage with a CISO during a presentation meeting.
• Losing your passion for cybersecurity. What next?
• Building a budget for remote team building.

HUGE thanks to our sponsor, Keyavi

Data that protects itself?  Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how.

I have talked to vendors who get all excited about Gartner opening up a new category for them. All I can think is uggh, something new to confuse the security marketplace. I know there's a need to label products in categories to simplify sales. But the complexity is driving buyers nuts.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is RJ Friedman, CISO, Buchanan Technologies.

Thanks to our podcast sponsor, Buchanan Technologies

Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more.

In this episode: 

• Do we need another industry-produced acronym?
• How can a vendor better demonstrate they can become a partner?
• With the list of security “minimum requirements” constantly growing, do you believe more and more organizations are falling below the security poverty line?
• And we ask how best to reduce the amount of false positives?
  

All links and images for this episode can be found on CISO Series

Are bad security policies of yesteryear just because we didn't know any better at the time, or were they some bozos idea of legitimate security yet the rest of us knew it was just security theater?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Dr. Diane M Janosek (@dm_janosek), deputy director of compliance, NSA and senior legal advisor for Women in Cybersecurity.

Thanks to our podcast sponsor, Code42

As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more.

In this episode:

• We highlight obsolete security policies to steer clear of.
• We examine security in space and how can others who are not directly involved in these industries create some type of positive impact?
• And we ask how we can improve inclusion by decrypting the lack of diversity in our industry.

All links and images for this episode can be found on CISO Series

Legacy tech can often be the anchor that prevents an organization from growing. Put the issue of dealing with legacy tech long enough and the problem could get bigger than the business itself.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is TJ Mann (@teejaymann), CISO, Children's Mercy Kansas City.

Thanks to our podcast sponsor, CYREBRO

Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO.

In this episode:

• How legacy technology impedes business agility?
• Are we doing anything better to deal with legacy technology
• Is there anything that can be done at the purchase point to understand how you'll sunset equipment and technology
• And we ask whether or not our industry is willing to take the time and effort to hire and train the talent they so desperately want and need.
  

All links and images for this episode can be found on CISO Series

People violate cybersecurity policies at a rate of one out of every 20 job tasks. It's just a matter of time before all your employees are in violation.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bruce Schneier (@schneierblog), chief of security architecture, Inrupt and fellow and lecturer and Harvard Kennedy School.

Thanks to our podcast sponsor, PlexTrac

PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time.

Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs!

In this episode:

• Special tips for new CISOs just starting out and trying to establish their position.
• We examine where there are market forces fighting the most against achieving societal values in the digital space?
• What are signs that we're moving in the right direction of developing a digital social contract?
• And we ask, is "employees violating security policies" the top issue that needs to be resolved?
  

All links and images for this episode can be found on CISO Series

A young woman is killing it in her first cybersecurity job out of college. Management is so thrilled with her that they want to give her a promotion. Problem is the promotion reveals a lot of other innerworkings that don't speak well of the company's culture.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Davi Ottenheimer (@daviottenheimer), vp trust and digital ethics, Inrupt.

Thanks to our podcast sponsor, Code42

As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more.

In this episode:

• A student has some serious privacy concerns when they learn that "all data is being monitored and anonymously collected."
• We examine how we can break from the Internet Oligarchs who appear to be consuming, selling, and using so much of our data.
• How GDPR can benefit organizations to stay ahead of the competition.
• A young recruit facing imposter syndrome after receiving a promotion with added responsibilities.
  

All links and images for this episode can be found on CISO Series

First job out of college and you get the cybersecurity job of your dreams... and nightmares. It's just too much, and you definitely don't have the experience to handle it all.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rick Doten (@rick_doten), CISO, Carolina Complete Health.

Check out Rick's Youtube channel with the CIS Critical Security Control videos.

Thanks to our podcast sponsor, Kenna Security

Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most.

In this episode:

• We look at the #1 job according to a U.S. News & World Report. Hint: It’s Information Security Analyst.
• We examine the possibility & practicality of running a security program entirely based upon free and open-source software.
• We break down how to help brand new recruits on the ground as they start their careers in cybersecurity.
  

"No business wants more security, they want less risk," said a redditor on the cybersecurity subreddit. Executives seem to not care about cybersecurity because they're not talking in those terms. They talk in terms of managing risk. It's the InfoSec professional's job to do the translation.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Tom Doughty, vp and CISO, Prudential Financial.

Thanks to our podcast sponsor, CYREBRO

Ninety percnet of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO.

In this episode:

• How do you discuss cybersecurity with executives who don’t care about cybersecurity?
• Does cybersecurity insurance help motivate better cybersecurity awareness?
• Why are we still struggling with cybersecurity hiring?
• What does a great day in information security look like?

All links and images for this episode can be found on CISO Series

A CISO hears about your company's product from some other CISOs. Eager to find more information like a video demo they could watch on their own, they visit your site. They can't find anything except a prominently placed "Request a Demo" button. Fearing the marketing and salespeople who will hound them if they fill out the information, they just bail.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jim Routh (@jmrouth1), former CISO for MassMutual and CVS/Aetna.

Thanks to our podcast sponsor, Buchanan Technologies

Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more.

In this episode:

• Why do vendors put the product demo videos behind gated walls?
• Tips for improving cybersecurity awareness within a large organization.
• The annoying pains of the vendor ecosystem.
• What are some really bad cybersecurity practices that need to be corrected right away?
  

All links and images for this episode can be found on CISO Series

The web is awash with sites claiming they know what the security trends will be for 2022. All of them were filled with quotes from security experts at different vendors who "surprise" we're saying the big trend is what their product can fix. One publication, eWEEK, had probably the only logical set of trends and they look a lot like what happened in 2021.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ori Arbel, CTO, CYREBRO.

Thanks to our podcast sponsor, CYREBRO

Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO.

In this episode:

• How should you be handling your security operations center (SOC)?
• Tips for improving your incident response planning.
• What are the cloud security trends of 2022?

All links and images for this episode can be found on CISO Series

Are security conferences really helpful in advising you on making your business more secure, or are they just adding more worries to your plate that aren't actually going to be threats your business is going to have to face?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jason Witty, CSO, USAA.

Thanks to our podcast sponsor, CyCognito

By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network.

In this episode:

• What is the board’s risk appetite?
• Is attending conferences helpful?
• What can security vendors do to help with board-level communications?

All links and images for this episode can be found on CISO Series

Our entire network launched because of the irritation CISOs had with vendors could have stopped some breach that happened to another company. Then the chest pounding subsided, and we thought we were making an impact, until Log4j appeared...

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Tim Rohrbaugh, CISO, JetBlue.

Thanks to our sponsor, CyCognito

By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network.

In this episode:

• Questionable vendor marketing tactics
• Developing your threat intelligence
• Valuable skills that hiring managers look for

All links and images for this episode can be found on CISO Series

The trick to getting the attention of CISOs is to create an awesome company. Focus on that and the attention will follow.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Katie Stebbins (@ktlgs), board president, Global Epic.

Thanks to our podcast sponsor, Kenna Security

Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most.

In this episode:

• So, how do you become so awesome that you can't be  ignored?
• What happens when you expand your view of the purpose of security metrics?
• Is it possible to have a Digital Geneva Convention?

All links and images for this episode can be found on CISO Series

If you're up against Google, Facebook, or Apple for hiring talent, chances are pretty good that your company is not going to match their pay and benefits. So if they're the bar for salary and benefits, your business' offerings will inevitably be subpar. So how do you build your employer brand to contend in areas where you're deficient in areas you can't compete?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Dan DeCloss (@wh33lhouse), CEO, PlexTrac.

Thanks to our podcast sponsor, PlexTrac

In this episode:

• When setting up defenses against MITRE ATT&CK mappings, how much is enough?
• What are you doing to build your employer brand and attract cyber talent to your business?
• How should you review your pentest results?

All links and images for this episode can be found on CISO Series

Every organization has an Acceptable Use Policy (AUP) for their computers and network. Nobody reads it and everybody violates it. How the heck do you enforce or discipline people who violate your company's AUP?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Matt Radolec, senior director, incident response and cloud operations, Varonis.

Thanks to our podcast sponsor, Varonis

On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.

In this episode:

• Why do tabletop exercises fail?
• How should we deal with AUPs that do not get read?
• Is cyber resiliency an overused term?
• How valuable are visual detection techniques?

All links and images for this episode can be found on CISO Series

Yikes, this security hole one concerned student found in the school's network is going to require one heck of a pep rally to fix.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dave Stirling, CISO, Zions Bancorporation.

Thanks to our podcast sponsor, Varonis

On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.

In this episode:

• Should the CISO position be seen as an organization in itself?
• Is the current data loss prevention (DLP) model outdated?
• How can an MSSP show its value?
• What should a high school student do if they see that their school has horrible security practices?

All links and images for this episode can be found on CISO Series

If we had such a great conversation at the conference, why don't you want to respond to my emails?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Julie Tsai (@446688), cybersecurity leader.

Thanks to our podcast sponsor, Varonis

What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment.

In this episode:

• Is there a "right" management structure for cybersecurity?
• Are there tools you can put in place to keep your DevOps program in check?
• What are the questions to ask during an interview that reveal how a company handles and prioritizes cybersecurity?
• How can we improve CISO / vendor relations?

All links and images for this episode can be found on CISO Series

Winning at vulnerability management is not a numbers game. It's a tactical exercise of what matters most in your environment. Surprisingly, experts tell us close to two thirds of your vulnerabilities can and should be ignored. Why and which ones are those?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ed Bellis (@ebellis), co-founder and CTO, Kenna Security (now a part of Cisco).

Thanks to our podcast sponsor, Kenna Security

Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most.

 In this episode:

• What type of risk or compliance data should CISA collect for its proposed metrics?
• Which metrics are most valuable to determine the health of a company?
• Why the constant frustration with patch management?
• How often should you be conducting vulnerability scans?

 All links and images for this episode can be found on CISO Series

If you're asking what certification you should go after to get the perfect cybersecurity job, you're asking the wrong question. Most hiring managers are inundated with resumes so they're looking for ways to get rid of yours. Don't be fooled thinking you're going to be seen because you have the "perfect" resume.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mike Hanley (@_mp4h), CSO, GitHub.

Thanks to our podcast sponsor, BitSight

These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com

In this episode:

• What's the formula (experience vs testimonials) for hiring managers' attention?
• What are the most effective techniques to building a resilient security team?
• What are security vendors NOT doing now that would greatly improve their visibility?
• Have you had to make any security exceptions just because an executive needed something?

All links and images for this episode can be found on CISO Series

CISOs agree that multi-factor authentication is the one security control that once deployed has the greatest impact to reduce security issues. Yet with all that agreement, it’s still so darn hard to get users to actually use it.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Arvind Raman (@arvind78), CISO, Mitel.

Huge thanks to our sponsor, Horizon3.ai

See your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. More from Horizon3.ai.

In this episode:

• If MFA is so great, why is it not more widespread?
• Are high valuations for cloud security startups a vote against cloud providers doing cloud security well?
• What is the biggest challenge in deploying zero trust on existing infrastructure?
• Are there universal security red flags?

All links and images for this episode can be found on CISO Series

It's all risk, all show, for the entire show. It's just the kind of risk we like to take.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Derek Vadala (@derekvadala), chief risk officer, BitSight.

Thanks to our podcast sponsor, BitSight

These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com

In this episode:

• What cybersecurity risk is currently the most severe?
• What's important about of evaluating a startup's security protocols?
• What about third party risk management?
• Do you and your board know how resilient you are to a cyber attack?

All links and images for this episode can be found on CISO Series

What do you give to the person who wants to learn how to steal everything?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Jim Wachhaus (@imanapt), risk intelligence evangelist, CyCognito.

Thanks to our podcast sponsor, CyCognito

By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network.

In this episode:

• How can we shore up our cybersecurity hygiene?
• What have we heard enough about with risk intelligence ?
• Gifts to buy someone who is looking into red teaming/vulnerability