CISO Series Podcast

Ransomware? Why’d It Have to Be Ransomware? (Live in San Francisco)

May 28, 2024

Guest Steve Zalewski discusses topics such as open source challenges, cybersecurity hiring, and sales knowledge. They debate on privacy invasion vs. embarrassment, cybersecurity quiz, and mastering interviews. The podcast also explores company security, risk management, and mentorship in cybersecurity.

44:03

Creator website

Episode guests

Steve Zalewski

AI Summary

AI Chapters

Episode notes

Podcast summary created with Snipd AI

Quick takeaways

CISOs should focus on protecting people from social engineering attacks and align security measures with business success.

CISOs may utilize point solutions for emerging technologies lacking comprehensive security solutions or specialized skills.

The operationalization of software bill of materials (SBOM) faces challenges in supply chain complexities, requiring wider collaboration and industry standards implementation.

Deep dives

Demonstrating Value to the Business

Demonstrating value to the business as a CISO involves focusing on protecting people from social engineering attacks and ensuring security measures do not hinder productivity. By aligning security efforts to protecting the brand, employees, and supply chain, CISOs can articulate how security safeguards contribute to the company's success.

Introduction

2min

Navigating Changes in Open-Source Licensing and Cybersecurity Challenges

10min

Supply Chain Security Sponsorship and 'What's Worse' Scenario Discussion

2min

Debate on Privacy Invasion vs. Embarrassment in Data Sharing

6min

Cybersecurity Quiz and Hiring Practices

5min

Mastering Interviews and Cybersecurity Knowledge in Sales

8min

Exploring Company Security, Business Alignment, and Sponsor Mention

3min

Navigating Security Challenges and Risk Management

5min

Reflections on Mentorship and Community Building in Cybersecurity

3min

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF.

In this episode:

Are companies taking the air out of the open source balloon?
What’s broken about cybersecurity hiring?
Do we need minimum requirements for cybersecurity knowledge in sales?

Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI

Devo replaces traditional SIEMs with a real-time security data platform.

Devo’s integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time.

Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.

NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.

Remember Everything You Learn from Podcasts

Save insights instantly, chat with episodes, and build lasting knowledge - all powered by AI.

CISO Series Podcast

Ransomware? Why’d It Have to Be Ransomware? (Live in San Francisco)

Episode guests

Podcast summary created with Snipd AI

Quick takeaways

Deep dives

Demonstrating Value to the Business

Considerations for Point Solutions

Software Bill of Materials (SBOM) Efficacy

Jealousy Among CISOs

Preference in Cyber Attacks: APT vs. NSA

Remember Everything You Learn from Podcasts