All links and images for this episode can be found on CISO Series.

That headline is not a joke. An actual job listing on LinkedIn requested just that. We're all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs. 

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• Why do some job listing seem to have unrealistic requirements for entry level job-seekers? Who needs 15+ years experience in practically anything?
  
• What is the value of security operations if you’re not detecting and dealing with incidents?
  
• What do you think cybersecurity awareness month should accomplish?

All links and images for this episode can be found on CISO Series.

CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO's stress seem that much more powerful? Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• Why does a CISO's stress seem that much more powerful?
  
• Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?
  
• What part of the supply chain security effort is truly building trust in your supplier and having ongoing reassurances that that trust is being maintained?

All links and images for this episode can be found on CISO Series.

"The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software," said Robert Slaughter of Defense Unicorns on LinkedIn. That's at the core of the third-party security issue.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard.

Thanks to our podcast sponsor, AuditBoard

CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.

In this episode:

• How big of a problem is outdated software in our industry? Is insecurity just the result of a lack of efficient process?
  
• How much does a company’s transparency before, during, and after a breach tell us about their corporate character?
  
• What's the behavior after a breach you want to see that reaffirms your commitment to doing business with a vendor?

All links and images for this episode can be found on CISO Series

Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They're looking not necessarily for a specific answer, but rather a kind of answer and they're also looking to make sure you don't answer the question a specific way. Don't get caught in the trap.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis.

Thanks to our podcast sponsor, Okta

Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.

In this episode:

• What parts of cybersecurity can you comfortably outsource? What parts of cybersecurity do you want to outsource, but can't?
  
• One of the major arguments for outsourcing is "Finding cyber talent is really tough." Do you agree with that rationale to outsource?
  
• When building a security program for a startup, how do you establish scope and requirements?

All links and images for this episode can be found on CISO Series

If you know a difficult concept very well and you're incapable of explaining it simply to others who don't understand it, it's known as the "curse of knowledge." It is for this reason far too many talented cybersecurity professionals struggle to educate others.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Okey Obudulu (@okeyobudulu), CISO, Skillsoft.

Thanks to our podcast sponsor, Trend Micro

Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!

In this episode:

• How important is knowing the crown jewels in your security program? Wouldn't a "crown jewel"-focused security program be myopic?
  
• Have you been guilty of "curse of knowledge" when you tried to explain something and what did you do to improve?
  
• How often does a security leader come into a program and have the sense they're starting out at square one?