All links and images for this episode can be found on CISO Series.

Tabletop exercises are critical procedures to learn how everyone will react during an actual attack. Panic is usually the first response, so why don't we do that when we're playing our pretend game of getting our business compromised by a nefarious hacker?

This week's episode of CISO Series Podcast was recorded in front of a live audience in Clearwater, Florida for the Convene conference produced by the National Cybersecurity Alliance (AKA StaySafeOnline.org). Joining me on stage for the recording was my guest co-host, Hadas Cassorla, CISO, M1 and our guest, Kathleen Mullin (@kate944032), CISO, Cancer Treatment Centers of America.

Thanks to our podcast sponsors, Cofense, KnowBe4 & Terranova

Cofense is the only company to combine a global network of 32 million people reporting phish with advanced AI-based automation to stop phishing attacks. Our global phishing defense centers work 24/7 to support more than 2,000 enterprise customers, providing the technology and insights needed to identify & block threats.

KnowBe4 is the world’s largest integrated Security Awareness Training and Simulated Phishing platform. KnowBe4 helps organizations manage the ongoing problem of social engineering through a comprehensive new-school awareness training approach. Tens of thousands of organizations worldwide use KnowBe4’s platform to mobilize their end users as a last line of defense.

Get free phishing benchmarking data to drive effective behavior change and grow your organization's security-aware culture with the latest edition of the Phishing Benchmark Global Report! Taken from this year's Gone Phishing Tournament, this report gives security and risk management leaders the insight they need to strengthen data protection. More at terranovasecurity.com.

In this episode:

• Where do you see tabletops coming apart and being ineffective and what are the core elements that truly make them succeed?
  
• Have you ever seen a real incident play out where you can point to the tabletop as the reason you were able to handle the incident?
  
• Are people the safety net for your security controls OR should security controls the safety net for your people?

All links and images for this episode can be found on CISO Series.

Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International.

Thanks to our podcast sponsor, SlashNext

With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.

In this episode:

• Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea?
• How do we make our security teams more productive?
• The cost of getting and paying for cybersecurity insurance is so darn high. Would it be worth it to just self-insure?

All links and images for this episode can be found on CISO Series.

What happens when you want to adhere to more secure behavior, but the tool you're using forces you to be less secure, solely because they didn't architect in more stringent security when they created the program.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Terrance Cooley, CISO, Air Force JADC2 R&D Center.

Thanks to our podcast sponsor, Varonis

Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries.

In this episode:

• What is the worst security behavior you've seen from an IT vendor?
• Are you applying talent-to-value recruiting techniques to reduce corporate risk?
• What are your predictions for the evolution of cyber threats?

All links and images for this episode can be found on CISO Series.

There is a lot unknown before, during, and after a merger and that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure.

What does a proposed merger do to a security program?"

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nicole Ford (@nicoledgray), global vp and CISO, Rockwell Automation.

Thanks to our podcast sponsor, Pentera

Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale.

In this episode:

• As a security leader, how does your security posture change when you know given your assets you are a specific target vs. just an opportunity?
• Could similar critical infrastructure agencies be grouped together and therefore share cybersecurity resources?
• What does a proposed merger do to a security program?

All links and images for this episode can be found on CISO Series.

"Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation," asked a redditor on the cybersecurity subreddit who remembers a time when security personnel were seen as highly experienced technologists. But now they believe people view cybersecurity as an easy tech job to break into for easy money.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Stephen Cicirelli, CISO, American Bureau of Shipping.

Thanks to our podcast sponsor, Stairwell

The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond.

Learn about Inception.

In this episode:

• Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation?
  
• Do people view cybersecurity as an easy tech job to break into for easy money?
  
• With all this talk of needing more cyber talent, are we attracting quality or just quantity?