Just like so many security products are infused with artificial intelligence, we've also got plenty of meaningless modifiers to describe this podcast.

On this episode we've got:

• First 90 Days of a CISO. How do you assess talent already there, and how do you prioritize the new hires you need?
• Please, Enough! No, More! We delve into the overexposure of AI (artificial intelligence) and machine learning. Are they the same thing? And what do CISOs actually want to hear more about on both of these topics?
• "What's Worse?!" This is a brand new game where I ask the CISOs to determine which of two really bad security practices is worse.
• What Do You Think of This Pitch? We've got another vendor pitch that the CISOs critique.
• Ask a CISO. How are CISOs involved in purchase decisions that are not security related (e.g., cloud, networking, infrastructure).

Special thanks to Signal Sciences for sponsoring this episode. If you're using web application firewalls (WAFs), make sure you read "Three Ways Legacy WAFs Fail" by their head of research, James Wickett.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Dennis Leber (@dennisleber), CISO, Cabinet for Health and Family Services, Commonwealth of Kentucky and the self proclaimed "Most Interesting Man in Information Security."

We Want More of "What's Worse?!"

In this episode, I introduced a new segment, a game called "What's Worse?!" where I introduce two comparably bad security practices and ask the CISOs to debate on which is worse, and why. Fortunately in this episode the CISOs disagreed on both comparisons posed. I'm eager to challenge CISOs with more "What's Worse?!" questions. So if you've got a good one, please contact me here or on LinkedIn.

I'm also interested in:

• “Ask a CISO” questions.
• A vendor pitch you want us to critique.
• A hot security discussion (please provide a link).
• A quick security tip.
• A big industry story and what it means to security professionals.

In all cases, we can mention you and your company name or keep you anonymous. Just let me know which you prefer.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

• iTunes
• Google Play
• Stitcher
• RSS Feed

Sponsor the Podcast

If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

If I knew more about your current security needs, I'd probably be able to tell you what security product to buy. But that would require me to spend time understanding your needs and this podcast is only 30 minutes long. Instead, we decided to uncover the universal truths of what security product you shouldn't buy.

In this episode of the CISO/Security Vendor Relationship podcast, we uncover failed CISO product purchases plus:

• Do temporary dips in hacker attacks change your security posture?
• What CISOs LOVE to see in their inbox. For this week, we're talking about their favorite reports.
• What metrics are CISOs following? And what are the metrics CISOs use to determine those metrics? Oh, and are there any metrics CISOs should ignore?
• Our CISOs digest a vendor pitch.
• And for "Ask a CISO," we question the value of case studies in print or video form.
• And as always, we launch the show with a 10-second security tip!

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Randall (Fritz) Frietzsche (@frietzche), CISO, Denver Health, Denver ISSA distinguished fellow, and teaches at Harvard University.

We Want Your Input and Critiques

For every episode we want input from listeners!

Please contact me here or on LinkedIn and send me the following:

• “Ask a CISO” question.
• A vendor pitch you want us to critique.
• A hot security discussion (please provide a link).
• A quick security tip.
• A big industry story and what it means to security professionals.

In all cases, we can or can’t mention you and your company name or keep you anonymous. Just let me know what you want.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

• iTunes
• Google Play
• Stitcher
• RSS Feed

Sponsor the Podcast

If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

We're fed up with vendors who think they can detect any breach, but we're not fed up with breach detection.

On this week's episode:

• Are millennials excited or not excited about working in security? Supposedly, nine percent of all millennials are interested in a job of security. Is that good news/bad news/misrepresented news? (Read the story)
• Haroon Meer's amazingly open story of the money Thinkst spent at RSA 2018. Was it worth it? Great advice for anyone else sponsoring a big tech conference. (Read the story)
• Are you sponsoring Black Hat or another big tech conference? Pick up my book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows.
• We talk about breach detection and the use of deception devices.
• When a breach happens, should you or shouldn't you blame the victim?
• How should security sales managers pump up their team for sales? Is letting people know that they're the only ones to fix their customers' problems the right tactic?

This episode is sponsored by Thinkst, makers of Canary deception devices. Read how much their customers love their product here.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Haroon Meer (@haroonmeer), founder and researcher of Thinkst.

We Want Your Input and Critiques

For every episode we want input from listeners!

Please contact me here or on LinkedIn and send me the following:

• “Ask a CISO” question.
• A vendor pitch you want us to critique.
• A hot security discussion (please provide a link).
• A quick security tip.
• A big industry story and what it means to security professionals.

In all cases, we can or can’t mention you and your company name or keep you anonymous. Just let me know what you want.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

• iTunes
• Google Play
• Stitcher
• RSS Feed

Sponsor the Podcast

If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

Are you managing your passwords the same today as you did five years ago? On this episode of the CISO/Security Vendor Relationship podcast, we discuss the changing landscape of what we once thought were best practices, but aren't anymore.

On this episode:

• Which CEOs are more fatalistic about inevitability of cyber attacks
• Explaining cyber risks to the board
• Reappropriating the word "hacker." My cartoon that spurned a debate and Rick McElroy of Carbon Black's discussion on LinkedIn.
• What we're no longer advising you do with your passwords.
• Do cold calls and emails ever work?
• What are CISO's biggest organizational roadblocks?
• All that and a ten-second security tip.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Maxime Rousseau (@maxrousseau), CISO, Personal Capital.

We Want Your Input and Critiques

For every episode we want input from listeners!

Please contact me here or on LinkedIn and send me the following:

• “Ask a CISO” question.
• A vendor pitch you want us to critique.
• A hot security discussion (please provide a link).
• A quick security tip.
• A big industry story and what it means to security professionals.

In all cases, we can or can’t mention you and your company name or keep you anonymous. Just let me know what you want.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

• iTunes
• Google Play
• Stitcher
• RSS Feed

Sponsor the Podcast

If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

Want to get under a CISO's skin? Ask them if they have a concern for security in their environment. It's like asking a chef if they're concerned about preparing food. In this week's episode of the CISO/Security Vendor Relationship Podcast we learn how the following:

• Dumbest mistakes you can make as a CISO
• What to do on day 1 when you're a CISO
• Why is everyone talking about this now? Questioning a CISO's job interests.
• Please, Enough. No, More on GDPR.
• We critique a vendor pitch.
• And "Ask a CISO."

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Richard Greenberg (@ragreenberg), CISO, LA County Department of Health Services as well as chapter presidents of ISSA and OWASP in Los Angeles.

This episode is sponsored by Signal Sciences. We thank them for their support.

We Want Your Input and Critiques

For every episode we want input from listeners!

Please contact me here or on LinkedIn and send me the following:

• “Ask a CISO” question.
• A vendor pitch you want us to critique.
• A hot security discussion (please provide a link).
• A quick security tip.
• A big industry story and what it means to security professionals.

In all cases, we can or can’t mention you and your company name or keep you anonymous. Just let me know what you want.

Listen and Subscribe to the CISO/Security Vendor Relationship Podcast

So many ways to connect and listen to the podcast.

• iTunes
• Google Play
• Stitcher
• RSS Feed

Sponsor the Podcast

If your company would like to sponsor this podcast, please contact David Spark at http://www.sparkmediasolutions.com/contact/Spark Media Solutions.