Tue, 13 December 2022
All links and images for this episode can be found on CISO Series. It appears our security awareness training is working, up to a point. Most people are well aware of the need for secure passwords, but they don't actually create secure passwords. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext. Thanks to our podcast sponsor, SlashNext With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report. In this episode:
|
Tue, 6 December 2022
All links and images for this episode can be found on CISO Series. It appears we're not providing security awareness training fast enough. That's because hackers are specifically targeting brand new employees who don't yet know the company's procedures. Illicit hackers are discovering they're far easier to phish.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Gene Spafford (@therealspaf), Professor, Purdue University.
Gene's book available for pre-order Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.
Thanks to our podcast sponsor, Lacework Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at lacework.com/cisoseries. In this episode:
|
Tue, 29 November 2022
All links and images for this episode can be found on CISO Series. That headline is not a joke. An actual job listing on LinkedIn requested just that. We're all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark. Thanks to our podcast sponsor, AuditBoard CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization. In this episode:
|
Tue, 22 November 2022
All links and images for this episode can be found on CISO Series. CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO's stress seem that much more powerful? Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai. Thanks to our podcast sponsor, AuditBoard CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization. In this episode:
|
Tue, 15 November 2022
All links and images for this episode can be found on CISO Series. "The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software," said Robert Slaughter of Defense Unicorns on LinkedIn. That's at the core of the third-party security issue. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard. Thanks to our podcast sponsor, AuditBoard CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization. In this episode:
|
Tue, 8 November 2022
All links and images for this episode can be found on CISO Series Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They're looking not necessarily for a specific answer, but rather a kind of answer and they're also looking to make sure you don't answer the question a specific way. Don't get caught in the trap. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode:
|
Tue, 1 November 2022
All links and images for this episode can be found on CISO Series If you know a difficult concept very well and you're incapable of explaining it simply to others who don't understand it, it's known as the "curse of knowledge." It is for this reason far too many talented cybersecurity professionals struggle to educate others. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Okey Obudulu (@okeyobudulu), CISO, Skillsoft. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode:
|
Tue, 25 October 2022
All links and images for this episode can be found on CISO Series CISOs say stress and burnout are their top personal risks. Breaches, increased regulations, and the tech talent shortage are all contributors to the stress. Sure would be nice for the CISO and the rest of the team to look at a chart that showed the CISO's stress level in real time. This week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Meredith Harper (@mrhciso), svp, CISO, Synchrony.
This episode was recorded in front of a live audience in Chicago at The City Hall nightclub for the opening night of Evanta's Global CISO Executive Summit. Thanks to our podcast sponsor, Cisco Cisco Secure delivers a streamlined, customer-centric approach to security that ensures it’s easy to deploy, manage, and use. We help 100 percent of the Fortune 100 companies secure work – wherever it happens – with the broadest, most integrated platform. Learn more at cisco.com/go/secure. In this episode:
|
Tue, 18 October 2022
All links and images for this episode can be found on CISO Series For some reason, the ABCs of sales ("Always Be Closing") in the world of cybersecurity sales has translated into "Always Be Creepy." Eagerness to make just a connection, forget closing, has turned into extremely forward approaches that would make anyone feel uncomfortable. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and my guests will be Steve Tran, CSO, Democratic National Committee and Matt Crouse, CISO, Taco Bell. It was recorded in front of a live audience in Santa Monica as part of the ISSA-LA Information Security Summit XII. Thanks to our podcast sponsor, Ostrich Cyber-Risk Ostrich Cyber-Risk “Birdseye” is a unified qualitative and quantitative cyber risk management application that allows you to quickly assess, prioritize and quantify your organization’s financial and operational risks in real-time, in one place. Benchmarked against industry-standards (NIST, CIS, ISO), Birdseye simulates risk scenarios, continuously tracks roadmap progress, and creates shareable reports. In this episode:
|
Tue, 11 October 2022
All links and images for this episode can be found on CISO Series After every breach, you hear the same mantra from the attacked company: "We take security and privacy seriously." It's lost all its meaning. But what if you truly ARE serious about how you handle security and privacy? Should you say "seriously" twice?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Geoff Belknap (@geoffbelknap), CISO, LinkedIn and co-host of Defense in Depth. It was recorded in front of a live audience at Microsoft's Silicon Valley Campus in Mountain View, California as part of a regular ISSA-SV and ISSA-SF meeting.
Check out all the fantastic photos from the event here.
Thanks to our podcast sponsor, SafeBreach and Noname Security SafeBreach provides continuous security control validation powered by our breach and attack simulation (BAS) platform. Prevent API attacks in real-time with automated AI and ML-based detection from Noname Security. Monitor API traffic for data leakage, data tampering, data policy violations, suspicious behavior, and API security attacks. Integrate with your existing IT workflow management system like Jira, ServiceNow, or Slack for seamless remediation. Learn more at nonamesecurity.com/runtime-protection In this episode:
|
Tue, 4 October 2022
All links and images for this episode can be found on CISO Series There are vendors that CISOs can't look away from. Who are they and what did they do to get so much attention from CISOs? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Saša Zdjelar, svp, security assurance, Salesforce. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode:
|
Tue, 27 September 2022
All links and images for this episode can be found on CISO Series If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It's actually really hard to hire a diverse team because what you want to do is simply hire people who look, talk, and sound like you. People who come from the same background as you. While that may work for building friends, it's not necessarily the best solution when building a team to secure your company. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and "Project Zero Trust." Thanks to our podcast sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Our automated, client-side, data protection capabilities increase web application visibility, facilitate threat analysis, and detect and protect from client-side attacks, such as Magecart, XSS, e-skimming, and other threats focused on front-end web applications. In this episode:
|
Tue, 20 September 2022
All links and images for this episode can be found on CISO Series What are signs your team is getting burnt out? It's not an imbalance of work and family, it's feeling you're having no impact. That you're working your tail off and nothing is getting accomplished. This happens often in cybersecurity. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sara-Michele Lazarus, vp/head of trust and security, Stavvy. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode:
|
Tue, 13 September 2022
All links and images for this episode can be found on CISO Series Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode:
|
Tue, 6 September 2022
All links and images for this episode can be found on CISO Series. You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell's, Coca-Cola, and Time Warner. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode:
|
Tue, 30 August 2022
All links and images for this episode can be found on CISO Series Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode:
|
Tue, 23 August 2022
All links and images for this episode can be found on CISO Series Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode:
|
Tue, 16 August 2022
All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode:
|
Tue, 9 August 2022
All links and images for this episode can be found on CISO Series You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO. In this episode:
|
Tue, 2 August 2022
All links and images for this episode can be found on CISO Series We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Anna Belak (@aabelak), director of thought leadership, Sysdig. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode:
|
Tue, 26 July 2022
All links and images for this episode can be found on CISO Series What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode:
|
Tue, 19 July 2022
All links and images for this episode can be found on CISO Series If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Carla Sweeney, vp information security, Red Ventures. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode:
|
Tue, 12 July 2022
All links and images for this episode can be found on CISO Series Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual. Thanks to our podcast sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. In this episode:
|
Tue, 5 July 2022
All links and images for this episode can be found on CISO Series Should you monitor your staff? I mean reallymonitor them. Some bosses are installing screen grabbing and click tracking software to monitor employees and by most estimates employees hate it so much that half of them would quit if their supervisors installed monitoring software on their computers. But in some cases an employee's behavior may lend themselves to being monitored. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Ian Hassard (@ihassard), director of product management, Okta. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode:
|
Tue, 28 June 2022
All links and images for this episode can be found on CISO Series Next time you're annoyed by a security vendor's pitch, instead of firing back at them at what an idiot they are, or complaining about it on social media, why not see if you can find a friendly manager at the vendor company and explain what happened so they can actually address the problem appropriately? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rob Suarez, CISO, BD. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode:
|
Tue, 21 June 2022
All links and images for this episode can be found on CISO Series I have no idea what I need to spend to demonstrate our security program is working. What's it going to take? Or maybe I need just others on my team to just validate that they truly do care about security. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is John McClure (@johnmcclure00), CISO, Sinclair Broadcast Group. Thanks to our podcast sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how. In this episode:
|
Tue, 14 June 2022
All links and images for this episode can be found on CISO Series How dangerous is it for a cybersecurity professional to pull a G-d complex with the email server just because they didn't like the way one salesperson behaved? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Jadee Hanson (@jadeehanson), CIO/CISO, Code42. Thanks to our podcast sponsor, Code42. As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more. In this episode:
|
Tue, 7 June 2022
All links and images for this episode can be found on CISO Series What if we could convince management that security is not a cost center, but a means to actually make and save money for the business? The concept isn't so completely outrageous. Companies are using privacy and security as differentiators, and certain security tools such as single sign on, password managers, and passwordless reduce operational costs in support tickets. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mary Gardner, CISO, The Greenbrier Companies. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode: What are areas we should focus on improving the security user experience for non-security people? |
Tue, 31 May 2022
To see the blog post and read the transcript, head over to CISO Series. We don't celebrate quitting. Maybe we should. When should you do it when you don't have another offer? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Hadas Cassorla, CISO, M1. On this episode:
HUGE thanks to our sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how. |
Tue, 24 May 2022
All links and images for this episode can be found on CISO Series
I have talked to vendors who get all excited about Gartner opening up a new category for them. All I can think is uggh, something new to confuse the security marketplace. I know there's a need to label products in categories to simplify sales. But the complexity is driving buyers nuts. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is RJ Friedman, CISO, Buchanan Technologies. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode:
|
Tue, 17 May 2022
All links and images for this episode can be found on CISO Series Are bad security policies of yesteryear just because we didn't know any better at the time, or were they some bozos idea of legitimate security yet the rest of us knew it was just security theater? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Dr. Diane M Janosek (@dm_janosek), deputy director of compliance, NSA and senior legal advisor for Women in Cybersecurity. Thanks to our podcast sponsor, Code42 As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more. In this episode:
|
Tue, 10 May 2022
All links and images for this episode can be found on CISO Series Legacy tech can often be the anchor that prevents an organization from growing. Put the issue of dealing with legacy tech long enough and the problem could get bigger than the business itself. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is TJ Mann (@teejaymann), CISO, Children's Mercy Kansas City. Thanks to our podcast sponsor, CYREBRO Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode:
|
Tue, 3 May 2022
All links and images for this episode can be found on CISO Series People violate cybersecurity policies at a rate of one out of every 20 job tasks. It's just a matter of time before all your employees are in violation. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bruce Schneier (@schneierblog), chief of security architecture, Inrupt and fellow and lecturer and Harvard Kennedy School. Thanks to our podcast sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! In this episode:
|
Tue, 26 April 2022
All links and images for this episode can be found on CISO Series A young woman is killing it in her first cybersecurity job out of college. Management is so thrilled with her that they want to give her a promotion. Problem is the promotion reveals a lot of other innerworkings that don't speak well of the company's culture. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Davi Ottenheimer (@daviottenheimer), vp trust and digital ethics, Inrupt. Thanks to our podcast sponsor, Code42 As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more. In this episode:
|
Tue, 19 April 2022
All links and images for this episode can be found on CISO Series First job out of college and you get the cybersecurity job of your dreams... and nightmares. It's just too much, and you definitely don't have the experience to handle it all. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rick Doten (@rick_doten), CISO, Carolina Complete Health. Check out Rick's Youtube channel with the CIS Critical Security Control videos. Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. In this episode:
|
Tue, 12 April 2022
All links and images for this episode can be found on CISO Series
"No business wants more security, they want less risk," said a redditor on the cybersecurity subreddit. Executives seem to not care about cybersecurity because they're not talking in those terms. They talk in terms of managing risk. It's the InfoSec professional's job to do the translation. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Tom Doughty, vp and CISO, Prudential Financial. Thanks to our podcast sponsor, CYREBRO Ninety percnet of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode:
|
Tue, 5 April 2022
All links and images for this episode can be found on CISO Series A CISO hears about your company's product from some other CISOs. Eager to find more information like a video demo they could watch on their own, they visit your site. They can't find anything except a prominently placed "Request a Demo" button. Fearing the marketing and salespeople who will hound them if they fill out the information, they just bail. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jim Routh (@jmrouth1), former CISO for MassMutual and CVS/Aetna. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode:
|
Tue, 29 March 2022
All links and images for this episode can be found on CISO Series The web is awash with sites claiming they know what the security trends will be for 2022. All of them were filled with quotes from security experts at different vendors who "surprise" we're saying the big trend is what their product can fix. One publication, eWEEK, had probably the only logical set of trends and they look a lot like what happened in 2021. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ori Arbel, CTO, CYREBRO. Thanks to our podcast sponsor, CYREBRO Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode:
|
Tue, 22 March 2022
All links and images for this episode can be found on CISO Series Are security conferences really helpful in advising you on making your business more secure, or are they just adding more worries to your plate that aren't actually going to be threats your business is going to have to face? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jason Witty, CSO, USAA. Thanks to our podcast sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode:
|
Tue, 15 March 2022
All links and images for this episode can be found on CISO Series Our entire network launched because of the irritation CISOs had with vendors could have stopped some breach that happened to another company. Then the chest pounding subsided, and we thought we were making an impact, until Log4j appeared... This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Tim Rohrbaugh, CISO, JetBlue. Thanks to our sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode:
|
Tue, 8 March 2022
All links and images for this episode can be found on CISO Series The trick to getting the attention of CISOs is to create an awesome company. Focus on that and the attention will follow. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Katie Stebbins (@ktlgs), board president, Global Epic. Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. In this episode:
|
Tue, 1 March 2022
All links and images for this episode can be found on CISO Series If you're up against Google, Facebook, or Apple for hiring talent, chances are pretty good that your company is not going to match their pay and benefits. So if they're the bar for salary and benefits, your business' offerings will inevitably be subpar. So how do you build your employer brand to contend in areas where you're deficient in areas you can't compete? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Dan DeCloss (@wh33lhouse), CEO, PlexTrac. Thanks to our podcast sponsor, PlexTrac In this episode:
|
Tue, 22 February 2022
All links and images for this episode can be found on CISO Series Every organization has an Acceptable Use Policy (AUP) for their computers and network. Nobody reads it and everybody violates it. How the heck do you enforce or discipline people who violate your company's AUP? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Matt Radolec, senior director, incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode:
|
Tue, 15 February 2022
All links and images for this episode can be found on CISO Series Yikes, this security hole one concerned student found in the school's network is going to require one heck of a pep rally to fix. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dave Stirling, CISO, Zions Bancorporation. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode:
|
Tue, 8 February 2022
All links and images for this episode can be found on CISO Series If we had such a great conversation at the conference, why don't you want to respond to my emails? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Julie Tsai (@446688), cybersecurity leader. Thanks to our podcast sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment. In this episode:
|
Tue, 1 February 2022
All links and images for this episode can be found on CISO Series Winning at vulnerability management is not a numbers game. It's a tactical exercise of what matters most in your environment. Surprisingly, experts tell us close to two thirds of your vulnerabilities can and should be ignored. Why and which ones are those? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ed Bellis (@ebellis), co-founder and CTO, Kenna Security (now a part of Cisco). Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. In this episode:
|
Tue, 25 January 2022
All links and images for this episode can be found on CISO Series If you're asking what certification you should go after to get the perfect cybersecurity job, you're asking the wrong question. Most hiring managers are inundated with resumes so they're looking for ways to get rid of yours. Don't be fooled thinking you're going to be seen because you have the "perfect" resume. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mike Hanley (@_mp4h), CSO, GitHub. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode:
|
Tue, 18 January 2022
All links and images for this episode can be found on CISO Series CISOs agree that multi-factor authentication is the one security control that once deployed has the greatest impact to reduce security issues. Yet with all that agreement, it’s still so darn hard to get users to actually use it. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Arvind Raman (@arvind78), CISO, Mitel. Huge thanks to our sponsor, Horizon3.ai See your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. More from Horizon3.ai. In this episode:
|
Tue, 11 January 2022
All links and images for this episode can be found on CISO Series It's all risk, all show, for the entire show. It's just the kind of risk we like to take. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Derek Vadala (@derekvadala), chief risk officer, BitSight. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode:
|
Tue, 4 January 2022
All links and images for this episode can be found on CISO Series What do you give to the person who wants to learn how to steal everything? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Jim Wachhaus (@imanapt), risk intelligence evangelist, CyCognito. Thanks to our podcast sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode:
|