CISO/Security Vendor Relationship Podcast
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

Categories

Hacking Media Production Podcast
podcast

Archives

2019
August
July
June
May
April
March
February
January

2018
December
November
October
September
August
July
June

2014
February

2013
June
May
April
March
February
January

August 2019
S M T W T F S
     
        1 2 3
4 5 6 7 8 9 10
11 12 13 14 15 16 17
18 19 20 21 22 23 24
25 26 27 28 29 30 31

Syndication

CISO/Security Vendor Relationship Podcast and series is available at CISOSeries.com.

We're giving away private networks to everybody. Even if you think you don't need one, you want one. It's all on this week's episode of CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week is Francis Dinha, CEO of OpenVPN.

Francis Dinha, CEO, OpenVPN

Thanks to this week's sponsor, OpenVPN

OpenVPN

Create an economical and secure private network for your company with OpenVPN. Used by Fortune 500 companies and IT, Access Server keeps your internal data safe with end-to-end encryption, secure remote access, and extension for your centralized unified threat management. Go to openvpn.net/ciso-series to test drive Access Server for free.

On this episode

What's a CISO to do?

A few years back I interviewed Francis Dinha about hiring talent. Dinha had the fortune to be able to mine his own community of people of open source volunteers. It's become a great resource for hiring talent. Finding those passionate communities are key for finding talent. We discuss other possible resources and why it's critical or maybe not critical to hire people who've contributed to the open source community.

Why is everybody talking about this now?

Given the number of default passwords being used and connected devices with little to no security, does achieving "zero trust" have to be the InfoSec equivalent of climbing Mt. Everest? We discuss simplifying security architecture so achieving "zero trust" isn't a badge of honor but rather something everybody can easily do.

"What's Worse?!"

Another round where we debate an open source conundrum.

Please, enough. No, more.

What have we heard enough with VPNs and what would we like to hear a lot more?

Let's dig a little deeper

John Prokap, CISO of HarperCollins, said on our live NYC recording, "If you patch your systems, you will have less threats that will hurt you." I posted John's basic security advice as a meme, and it got a flurry of response. My favorite came from Greg Van Der Gaast of CMCG who said, "The fact that this is quote/post-worthy in 2019 boggles my mind." The issue of "why aren't you doing this" came up and people discussed integration issues, hard to keep up, and the fact that patches can often break applications. Is this a cycle that's impossible to break?

 

Direct download: CISO_Vendor_2-22-2019_FINAL.mp3
Category:podcast -- posted at: 4:33pm PDT