All links and images for this episode can be found on CISO Series.

Every company deals with off-boarding employees. Yet it feels like many organizations make basic security mistakes in this process. Is it just a case of HR and IT being out of sync, or is this an inevitably leaky process?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest Lorna Koppel, CISO, Tufts University.

Thanks to our podcast sponsor, LimaCharlie

Whether you’re looking for endpoint security, an observability pipeline, detection and response rules, or other underlying security capabilities, LimaCharlie’s SecOps Cloud Platform helps you build a flexible and scalable security program that can evolve as fast as threat actors. Move your SecOps into the modern era. Learn more at limacharlie.io.

In this episode:

• What can a vendor do that will actually make a CISO want to respond to a message?
• What are we doing right and wrong when it comes to hardening our environments?
• Do you think organizations are still struggling with hardening their environments and if so, why?

All links and images for this episode can be found on CISO Series.

Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, Jeff Hudesman, CISO, Pinwheel.

Thanks to our podcast sponsor, Balbix

Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs.

In this episode:

• What can a vendor do that will actually make a CISO want to respond to a message?
• What are we doing right and wrong when it comes to hardening our environments?
• Do you think organizations are still struggling with hardening their environments and if so, why?

All links and images for this episode can be found on CISO Series.

We're seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience. But how do you create job posts to encourage that? And how do applicants even show that on a resume?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for the episode is our special guest TC Niedzialkowski‌, CISO, Nextdoor.

Thanks to our podcast sponsor, Reqfast

Stop treating your various intelligence and security functions as if they are separate, unrelated activities and, instead, bring them together with Reqfast. Identify what’s needed, identify areas for improvement, and make data-driven decisions with confidence.

In this episode:

• Are we finally seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience?
• How do you create job posts to encourage that?
• How do applicants even show that on a resume?

All links and images for this episode can be found on CISO Series.

For some security problems, it can be tough to know when to try to fix the problem yourself or turn to a vendor. Deciding this shouldn't start with talking to someone that wants to sell you something. But how do you determine when it's time to call in a vendor?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for this episode is our special guest, Katie Ledoux, CISO, Attentive.

Thanks to our podcast sponsor, Palo Alto Networks

As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.

In this episode:

• Why do many organizations have a problem relating quantification to something meaningful to the business?
• Is there a way to understand risks on a continuum that will make relating these to business a little more manageable?
• What are the questions security professionals should be asking themselves?

All links and images for this episode can be found on CISO Series.

Shifting Left is so five years ago. Advice and best practices are great, but context is king. Is there a mixture of best practices AND doing what's right for your business that's actually practical?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us for the episode is our sponsored guest Gaurav Banga, CEO, Balbix.

Thanks to our podcast sponsor, Balbix

Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs.

In this episode:

• What are your most successful tactics when talking to the boardroom?
• Is there a mixture of best practices AND doing what's right for your business that's actually practical?
• What have you heard enough with automation and what would you like to hear a lot more?