All links and images for this episode can be found on CISO Series.

When cybersecurity needs to cut budget, first move is to look where you have redundancy. That way you're not actually reducing the security effort. But after that, the CFO needs to know what are the most important areas of the business to protect. Where will they be willing to take on more risk? Because, with less security, the chances of failure increase.

This show was recorded in front of a live audience in New Orleans as part of the BSidesNOLA 2023 reboot conference. The episode features me, David Spark (@dspark), host and producer of CISO Series. My guest co-host is my former co-host, Allan Alford (@allanalfordintx), CISO for Precedent and host of The Cyber Ranch Podcast. Our guest is Mike Woods, corporate CISO for GE.

Thanks to our podcast sponsors: Conveyor, Nightfall AI, Rapid7

Love security questionnaires? Then you’re going to hate Conveyor: the end-to-end trust platform built to eliminate questionnaires.
Infosec teams reduce the volume of questionnaires with a customer-facing trust portal and for any remaining questionnaires, our GPT-Questionnaire Eliminator response tool or white-glove questionnaire completion service will knock them off your to-do list. www.conveyor.com

Nightfall is the leader in cloud data leak prevention. Integrate in minutes with cloud apps such as Slack and Jira to instantly protect data (PII, PHI, Secrets and Keys, PCI) and prevent breaches. Stay compliant with frameworks such as ISO 27001 and more — all powered by Nightfall's industry-leading ML detection.

Rapid7 is the only connected, cloud to on-prem cybersecurity partner with unlimited incident response, unlimited automated workflows, unlimited vulnerability management, unlimited app security, you get the idea. Add it up – with Rapid7’s decades of practitioner-first problem solving – and there’s unlimited opportunity for you. See for yourself at Rapid7.com/ciso-series.

In this episode: 

• We always say, “trust but verify,” but how do you actually verify?
• When it comes to cut budget, make sure you’re already in the mind of the CFO.
• What’s the difference between a good cybersecurity professional and a great one?

All links and images for this episode can be found on CISO Series.

As children, we don't dream of becoming a CISO, but yet we still have them. What is it a security professional can learn or even show, to demonstrate that they're getting ready for the position of a CISO?

This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, operating partner, YL Ventures. Our guest is Paul Connelly, former CISO, HCA Healthcare.

Thanks to our podcast sponsor, Nightfall

Nightfall is the leader in cloud data leak prevention. Integrate in minutes with cloud apps such as Slack and Jira to instantly protect data (PII, PHI, Secrets and Keys, PCI) and prevent breaches. Stay compliant with frameworks such as ISO 27001 and more — all powered by Nightfall's industry-leading ML detection.

In this episode:

• What is it a security professional can learn or even show, to demonstrate that they're getting ready for the position of a CISO?
• How to tell that you are NOT CISO material?
• What don't CISOs know about physical security that they should know before they get into big trouble?

All links and images for this episode can be found on CISO Series.

It seems anything that's added to a business, like a new app or a third party vendor, just adds more risk. Risk definitely piles up faster than CISOs can reduce it.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Kurt Sauer (@kurtsauer), CISO, DocuSign (when we recorded the show, Kurt was the vp of security for Workday).

Thanks to our podcast sponsor, Stairwell

The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond.
Learn about Inception.

In this episode: 

• Does it seem like anything that's added to a business, like a new app or a third party vendor, just adds more risk?
• Does risk pile up faster than CISOs can reduce it?
• How do you avoid creating new risks when you add new applications, or even just update applications?

All links and images for this episode can be found on CISO Series.

This show was recorded in front of a live audience in New York City!

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series, and a special guest host, Aaron Zollman, CISO & vp, platform engineering, Cedar. Our guest is Colin Ahern, chief cyber officer for the State of New York.

Thanks to our podcast sponsor, OpenVPN, SlashNext & Votiro

Take the cost and complexity out of secure networking with OpenVPN. Whether you choose our cloud-delivered or self-hosted solution, subscriptions are based on concurrent connections, so you pay for what you actually use. Start today with free connections, no credit card required, and scale to paid when you’re ready.

SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today.

No matter what technology or training you provide, humans are still the greatest risk to your security. Votiro’s API-centric product sanitizes every file before it hits the endpoint, so the files that your employees open are safe. This happens in milliseconds, so the business stays safe and never slows down.

In this episode:

• If you hired someone today, how would you know in 3 months time that they were the right fit?
• Do you have any other questions you've heard from candidates that you think are better?
• What doesn't the government currently know about cloud providers that they should know?

All links and images for this episode can be found on CISO Series.

Turns out cybersecurity professionals lie on their resumes. They add degrees and certifications they don't have. They omit degrees for fear of looking overqualified. And sometimes, they flat out invent jobs. But given the responses as to why people do it, it's because they're trying to get by the unnecessary barriers of cybersecurity hiring. Does that make the lying justified?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is David Nolan, vp, enterprise risk & CISO, Aaron's.

Thanks to our podcast sponsor, Varonis

Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries.

In this episode: 

• Do some cybersecurity professionals really lie on their resumes?
• Is this because they're trying to get by the unnecessary barriers of cybersecurity hiring?
• Does that make the lying justified?