CISO/Security Vendor Relationship Podcast
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

We admit we've posted some rather embarrassing posts on social media. In particular, my co-host, Mike Johnson, talks about a post he initially regretted, but then realized it's what brought all of us together. In fact, it's a post that initiated much of the discussion we're having today about the relationships between CISOs and security vendors.

On this week's episode of the CISO/Security Vendor Relationship Podcast, we discuss:

  • A CISO that eagerly wants to talk to security vendors: CISO of Mitel, and former guest, Allan Alford sent a shock through the industry when he said he was going to reserve time to actually speak with security vendors. Why was this announcement such a big deal?
  • One CISO and one CTO admit to posts they regret: Turns out posts you wish you didn't write actually shake up the pot so much that they form relations, like the two you hear on this show.
  • We play "What's Worse?!" Possibly our toughest round of the game ever. Hint: think security policies.
  • What Do You Think of This Pitch? Mike and our guest dissect a pitch from a listener. They advise what should be taken out, and what should be put in its place.
  • Ask a CISO: Do CISOs need consultative resellers? When are they valuable? If not now, were they valuable?
  • And as always, we've got launch with a great 10-second security tip.

Today's episode is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Mike D. Kail (@mdkail), CTO of

Thinkst - Canary

This episode is sponsored by Thinkst, makers of Canary deception devices. Read how much their customers love their product here. We thank Thinkst for sponsoring this episode of the podcast.

Direct download: CISO_Vendor_09-23-2018_FINAL.mp3
Category:podcast -- posted at: 10:01pm PDT

With absolutely no irony three white men discuss the value of diversity in cybersecurity in the latest episode of CISO/Security Vendor Relationship Podcast. So before you tell me we're three white men talking about diversity, I'm letting you know ahead of time we're three white men talking about diversity. We have no shame!

On this episode of the CISO/Security Vendor Relationship Podcast, we debate the following:

  • Microsoft Office macros still top the malware attack vector charts: After apparently three decades it appears that MS Office macros are still the attack point of choice of malicious hackers. What legacy nonsense are enterprises still holding onto?
  • What's the real value of diversity? As I readily admitted, our all white male panel confesses that lack of diversity results in group think and unconscious bias.
  • We play a round of "What's Worse?!" This one has to do with budget and there's a split decision! Which one do you think is worse?
  • Please, Enough. No, More. (on endpoint security): There is a very long list of stuff Mike and our guest don't want to hear anymore about with regard to endpoint security. And similarly, there's plenty more they do want to hear about. Listen to know what you should be paying attention to regarding endpoint security.
  • Does complicating security infrastructure make us safer? What's the right balance of security complexity and simplicity to make your environment safer? If you've got more systems and more security applications in place that means you've got more vectors to exploit.
  • Ten second security tip: And as always, we've got a quick security tip so you don't have to listen to more than a minute of the show before you get some value of this podcast.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Tomer Weingarten, CEO, SentinelOne.

Special thanks to our sponsor, SentinelOne, for supporting this episode and the podcast. Learn more about their autonomous endpoint protection.

Catch up on past episodes plus read articles and watch the latest videos from the series at

Direct download: CISO_Vendor_09-16-18_FINAL.mp3
Category:podcast -- posted at: 10:00pm PDT

We have an exciting announcement. Our latest version of the podcast is packed with new features and they're riddled with security holes. We know you wanted the features. The security vulnerabilities are just a bonus.

On this episode of the CISO/Security Vendor Relationship Podcast, we discuss:

  • Cybersecurity burnout: How bad is it? What can be done to mitigate it? And what are the warning signs? All tech professionals have burnout issues, but InfoSec has it toughest because it's very hard for them to get a sense of accomplishment for their work.
  • CISO/Security Vendor Relationship Podcast is making an impact in the vendor community: We hear multiple stories from vendors how the advice from Mike and the guests is really changing the way they reach out to security professionals.
  • Are you willing to release a product with known security vulnerabilities? What if the customer really demands the new feature next week and they're expecting it, but remediation may take much longer. Do you give the customer what they want, or are there other solutions?
  • What's Worse?! We play a round of picking the worse of two evils. This one is all about training your staff.
  • We unleash another pitch on the security professionals: Their response will surprise you as will the outcome of this pitch.
  • Dumb CISO mistakes: This one actually may not be so dumb. It could actually be good advice when it comes to product testing.
  • Ten-second security tip: This one offers up a more holistic view of security that you may have not considered, but definitely should.

Special thanks to Signal Sciences for sponsoring this episode. If you’re using WAFs, make sure you read “Three Ways Legacy WAFs Fail,” by their head of research, James Wickett.

As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest is Anne Marie Zettlemoyer, a security strategist and independent researcher who is also on the board of directors for SSH.


Direct download: CISO_Vendor_09-09-18_FINAL.mp3
Category:podcast -- posted at: 3:33pm PDT