All links and images for this episode can be found on CISO Series

We're a brand new consultancy and we promise if you just let us poke around your network, we'll find something wrong. Because everyone has something wrong in their network.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care.

Thanks to our podcast sponsor, VMware

In this episode:

• Prioritizing the security challenges around risk and compliance
• What to consider before starting your own security consulting business
• The most valuable things you should learn from peers in your network or community

All links and images for this episode can be found on CISO Series

If you're happy with your best practice of rotating passwords, that's great for you. Just don't lay your old-timey "rules for better security" on me boomer.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Robb Reck (@robbreck), CISO on sabbatical and co-founder Colorado=Security, a podcast and Slack community.

Thanks to our podcast sponsor, VMware

In this episode:

• Who is supposed to put “security” into the shifted left SDLC?
• What's the scarcest resource to a CISO? Is it headcount or money?
• What's the hardest part about being a CISO?
• How to choose the “best” best practices.

All links and images for this episode can be found on CISO Series

https://cisoseries.com/how-cisos-make-it-worse-for-other-cisos/

Are CISOs inappropriately putting pressure on themselves and is that hurting the rep of all CISOs as a result?

This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Andy Ellis (@csoandy), operating partner, YL Ventures.

Thanks to our podcast sponsor, Orca Security

Orca Security provides instant-on security and compliance for AWS, Azure, and GCP － without the gaps in coverage, alert fatigue, and operational costs of agents or sidecars. Orca detects and prioritizes risk in minutes ﹣ not months ﹣ and is trusted by global innovators, including Databricks, Lemonade, Gannett, and Robinhood.

In this episode:

• Is the hiring process for CISOs broken?
• Why CISOs aren’t willing to share samples of their risk assessments
• Working with a vCISO through an MSSP
• What are the biggest misconceptions cybersecurity people have about CISOs?

All links and images for this episode can be found on CISO Series

https://cisoseries.com/excuse-me-what-bribes-do-you-accept/

The security vendor/practitioner sales cycle would go a lot faster and smoother if CISOs would just take an "incentive" for a meeting. Just tell me what "incentive" you would like. I'm sure it'll cost me a lot less than what I'm spending on marketing and sales.

This episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Allison Miller (@selenakyle), CISO, reddit. Allison is available on reddit at /u/UndrgrndCartographer.

Thanks to our podcast sponsor, Living Security

Why We're Breaking Security Awareness (And You Should Too)
Attend This Free, Virtual Conference From Your Home, Office, Or Even Your Couch. Living Security is breaking the mold of security awareness to wage war on the human risk factor with evolved strategies for the way we live, work, and play today.
Join cybersecurity industry thought leaders for fresh, modern perspectives designed to help you change behaviors and reduce your organization's risk in a world where life happens online.
This year’s sessions will cover:

• Human Risk Management
• Social Engineering
• DEI In Cybersecurity
• Enterprise Security Awareness
• Remote Working Security
• Ransomware

In this episode:

• Relying on the end-user to make an app secure is, in essence, shipping insecure software
• It's official: mandatory password changes are no longer in vogue
• What incentives would you accept to take a meeting with a vendor

All links and images for this episode can be found on CISO Series

https://cisoseries.com/holy-crap-weve-been-doing-this-for-three-years/

On this day three years ago, Mike Johnson and I released the first episode of CISO Series’ CISO/Security Vendor Relationship Podcast.

Our primary goal was to talk about the strained yet much needed relationship between security practitioners and vendors. With the help of our guest Dan Walsh, CISO, VillageMD and plenty of contributors we look back and ask ourselves, “What’s changed and has anything improved?”

If you're interested in hearing the full story of how CISO Series started, listen to this episode of Defense in Depth with Mike Johnson and Allan Alford where we walk through the origins of what has become a rather sizable media network.

Thanks to our podcast sponsor, Sonatype

With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code.

In this episode:

• What listeners get out of the show & what has changed in the industry
• How communication has changed among CISOs in three years
• Is there more compassion for vendors now?
• How is the vendor landscape changing?