CISO Series Podcast
Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO/Security Vendor Relationship Podcast and Series has moved to

Tired of deleting pages of vendor pitches? Wouldn't it be more efficient if  you could see them altogether on one screen so you could simply choose which ones to ignore? We're improving vendor non-engagement efficiency in the latest installment of the CISO/Security Vendor Relationship Podcast.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson, CISO of Lyft. Our guest this week is Chris Castaldo (@charcuteriecoma), sr. director of cybersecurity, 2U.

This episode is sponsored by Vulcan Cyber, your automated vulnerability remediation solution. Put an end to manual-only patch management and reduce vulnerability risk with a cloud-based solution that bridges the vulnerability remediation gap. Automate and orchestrate the vulnerability remediation process with Vulcan Cyber.

Got feedback? Join the conversation on LinkedIn.

On this episode:

Why is everybody talking about this now?

Six months ago Mike Johnson proposed the idea of "Demos for charities" and it got mixed results, but some people took on the challenge from both the practitioner and the vendor side. See how our guest offered up 45 minutes of his time in exchange for a donation to his favorite charity.

What's a CISO to do?

In light of the most recent Marriott breach, Brian Krebs wrote a great thought piece about our new acceptance of "security" and that is we can't count on companies security our data. How do security professionals communicate that to their team and users and still maintain trust?

What's worse?!

This week's challenge comes from William Birchett, Sr. Manager IT Security at City of Fort Worth. Both options are annoying and we have a split decision on what's worse.

First 90 days of a CISO

Tony Dunham of the Professional Development Academy asks how can InfoSec professionals develop the soft skills needed for leadership prior to being put in the pilot seat?

Ask a CISO

We talk about user-centric design and my co-host has some not-so-nice-words for vendors selling a "single pane of glass" solution.


Direct download: CISO_Vendor_12-02-2018_FINAL.mp3
Category:podcast -- posted at: 7:15pm PST