All links and images for this episode can be found on CISO Series

CISOs say stress and burnout are their top personal risks. Breaches, increased regulations, and the tech talent shortage are all contributors to the stress. Sure would be nice for the CISO and the rest of the team to look at a chart that showed the CISO's stress level in real time.

This week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Meredith Harper (@mrhciso), svp, CISO, Synchrony.

This episode was recorded in front of a live audience in Chicago at The City Hall nightclub for the opening night of Evanta's Global CISO Executive Summit.

Thanks to our podcast sponsor, Cisco

Cisco Secure delivers a streamlined, customer-centric approach to security that ensures it’s easy to deploy, manage, and use. We help 100 percent of the Fortune 100 companies secure work – wherever it happens – with the broadest, most integrated platform. Learn more at cisco.com/go/secure.

In this episode:

• What do you think companies can do to alleviate this pressure and help a CISO better succeed?
• Why is there such a significant disconnect between companies’ increased commitment to diversity and inclusion and the day-to-day experiences of women of color?
• How can enterprise security maintain visibility into, and control over who and what is accessing their data?

All links and images for this episode can be found on CISO Series

For some reason, the ABCs of sales ("Always Be Closing") in the world of cybersecurity sales has translated into "Always Be Creepy." Eagerness to make just a connection, forget closing, has turned into extremely forward approaches that would make anyone feel uncomfortable.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and my guests will be Steve Tran, CSO, Democratic National Committee and Matt Crouse, CISO, Taco Bell. It was recorded in front of a live audience in Santa Monica as part of the ISSA-LA Information Security Summit XII.

Thanks to our podcast sponsor, Ostrich Cyber-Risk

Ostrich Cyber-Risk “Birdseye” is a unified qualitative and quantitative cyber risk management application that allows you to quickly assess, prioritize and quantify your organization’s financial and operational risks in real-time, in one place. Benchmarked against industry-standards (NIST, CIS, ISO), Birdseye simulates risk scenarios, continuously tracks roadmap progress, and creates shareable reports.

In this episode:

• What do security leaders do when they can't push through security initiatives they know should be done?
  
• Is this a real concern for CISOs, and if so, how does a CISO handle their staff when best efforts get thwarted?
  
• What's your advice for new CISOs when dealing with unsolicited sales emails from security vendors? Do they just ignore it all? Should they filter it out?

All links and images for this episode can be found on CISO Series

After every breach, you hear the same mantra from the attacked company: "We take security and privacy seriously." It's lost all its meaning. But what if you truly ARE serious about how you handle security and privacy? Should you say "seriously" twice?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Geoff Belknap (@geoffbelknap), CISO, LinkedIn and co-host of Defense in Depth. It was recorded in front of a live audience at Microsoft's Silicon Valley Campus in Mountain View, California as part of a regular ISSA-SV and ISSA-SF meeting.

Check out all the fantastic photos from the event here.

Thanks to our podcast sponsor, SafeBreach and Noname Security

SafeBreach provides continuous security control validation powered by our breach and attack simulation (BAS) platform.
We enable security leaders to proactively prioritize remediation efforts and drive ROI quickly by consolidating technology costs around what truly enhances your security posture.
Real-world attacks. Real-time results.

Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection

In this episode:

• If you truly ARE serious about how you handle security and privacy, should you say "seriously" twice?
  
• Given the immense complexity not just on integration but also training, are we going to see more consolidation of point solutions into suites?
  
• When would it make sense for a company to completely dump their security team and completely outsource it? And if you were to outsource it, what the heck would that look like?

All links and images for this episode can be found on CISO Series

There are vendors that CISOs can't look away from. Who are they and what did they do to get so much attention from CISOs?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Saša Zdjelar, svp, security assurance, Salesforce.

Thanks to our podcast sponsor, Sysdig

Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.

In this episode:

• What’s a great approach from a security vendor?
  
• What techniques do CISOs deploy to cut through the marketing noise?
  
• Can you think of vendors that were so good that you couldn't ignore them. What made them achieve that status?