All links and images for this episode can be found on CISO Series.

Troy Hunt's new site, "Dumb Password Rules," demonstrates yet another slice of security theater. Rules designed to make the creator believe they're making the business more secure, but appear to do nothing more than create unnecessary roadblocks and confusion.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our guest is Dave Hannigan (@davidhannigan), CISO, Nubank.

Thanks to our podcast sponsor, Reqfast

Stop treating your various intelligence and security functions as if they are separate, unrelated activities and, instead, bring them together with Reqfast. Identify what’s needed, identify areas for improvement, and make data-driven decisions with confidence.

In this episode:

• Are dumb password rules the result of security theater or limitations of old technology?
• What really causes lack of sleep and burnout among IT and Security leaders?
• Why are we still struggling with cybersecurity hiring?

This week’s episode was recorded in front of a live audience at the Colorado Convention Center in Denver as we kicked off the Rocky Mountain Information Security Conference (RMISC). See the blog post for this episode here.

Joining me, David Spark (@dspark), producer of CISO Series, on stage was my guest co-host, Jay Wilson, CISO for Insurity. Our guest is Michelle Wilson, CISO, Movement Mortgage.

HUGE thanks to our sponsor, Trend Micro

The stakes are high for cybersecurity decision makers as the threat landscape and attack surface continue to evolve. Explore Trend Micro’s CISO Resource Center for research-driven strategic insights and best practices to help leaders better understand, communicate, and minimize cyber risk across the enterprise. Learn more.

All links and images for this episode can be found on CISO Series.

Why does it seem that the only time we hear about a company’s concern about security and privacy is after they’re compromised. It is only at that moment they feel compelled to let us know that they’re taking this situation very seriously because as we’ve ll heard before “security and privacy are very important to us.”

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Andrea Bergamini, CISO, Orbia.

Thanks to our podcast sponsor, Varonis

Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries.

In this episode: 

• Why does it seem that the only time we hear about a company’s concern about security and privacy is after they’re compromised?
• Is it only because at that moment they feel compelled to let us know that they’re taking this situation very seriously?
• How do you get things going before you have a massive breach?

All links and images for this episode can be found on CISO Series.

There is a long history of security professionals complaining about the insecurity of new technologies. When new technologies take off, they rarely have lots of great security built in. The populace never comes around and says, "Security is right. We should stop using this thing we love." The popular technology ALWAYS wins.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Rinki Sethi (@rinkisethi), vp and CISO, BILL.

Thanks to our podcast sponsor, OffSec

With a Learn Enterprise plan, your employees get unlimited access to over 1,500 videos, 2,000 practical exercises, and more than 800 hands-on labs. The library is updated regularly with training content and modules defensive and offensive job role-specific content, from foundational to advanced. Google, Vmware, Microsoft all trust OffSec.

In this episode:

• Is it a coincidence that there is a long history of security professionals complaining about the insecurity of new technologies?
• When new technologies take off, why do they rarely have lots of great security built in?
• How does a cyber aware c-suite/board make better decisions that help a CISO and the business?