CISO Series Podcast

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series, and Andy Ellis, partner, YL Ventures. Joining us is Mandy Huth, svp, CISO, Ultra Clean Technology. In this episode: Start with good defaults Building talent bridges Don’t forget the humans Differentiating with privacy Automate, centralize, & scale your GRC program with Vanta Vanta’s Trust Management Platform automates key areas of your GRC program—including compliance, internal and third-party risk, and customer trust—and streamlines the way you gather and manage information. And the impact is real: A recent IDC analysis found that compliance teams using Vanta are 129% more productive. Get started at Vanta.com/ciso.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Mike D’Arezzo, executive director of infosec and GRC, Wellstar Health Systems. In this episode: The shift left myth Reconsidering CISO evaluations The power of “how” Building bridges Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Nathan Hunstad, Director of Security at Vanta, shares insights on navigating the complex landscape of AI and security. He emphasizes the need to rethink adversaries, including everyday users, to enhance AI deployment. Discussions delve into the importance of SOC 2 compliance for startups while treating generative AI like any other application. Hunstad also highlights building a robust security foundation beyond mere certifications and the necessity of strong leadership and teamwork in tackling vulnerability management.

Christina Shannon, CIO of KIK Consumer Products, and Jim Bowie, CISO of Tampa General Hospital, discuss vital cybersecurity strategies. They highlight the need for continuous security awareness training over traditional compliance sessions. The duo explores the balance between high-pressure environments and team well-being. As they dissect the vulnerabilities of weak passwords versus phishing, they also share humorous incidents from training, emphasizing a collaborative and engaging approach to fostering a strong security culture.

Rob Allen, Chief Product Officer at ThreatLocker, dives into the complexities of cybersecurity in a lively discussion. He emphasizes the importance of kindness and effective communication during incident responses. Discover how to assess security incident severity and the challenges of aligning security policies with developer needs. Allen also explores the nuances of the Zero Trust model and its impact on balancing security with business operations. Expect engaging stories from the event and insights on transforming security incidents into learning opportunities.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark, producer of CISO Series and Andy Ellis, partner, YL Ventures. Joining us is Edward Contreras, senior evp and CISO, Frost Bank.  In this episode: A gradual language shift Don’t reflexively rise and grind Lean into focus Gauging the unmeasurable  Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Mike Wilkes, former CISO of Major League Soccer and board member at the National Jazz Museum, dives into the evolving role of vCISOs and the unique cybersecurity challenges faced by the maritime industry. He discusses the forgotten need for succession planning for CISOs and the implications of AI and quantum computing on cybersecurity. With a blend of humor and insight, the conversation also touches on pressing regulatory changes and the interplay between community engagement and security strategies.

All links and images for this episode can be found on CISO Series.   This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), partner, YL Ventures. Joining us is Adam Holland, former CISO, the Wendy’s Company, now CISO of Ascension Healthcare.   In this episode: The long road to influence The effort to build a bridge Living within limits Motivation for security awareness  Thanks to our podcast sponsor, Vanta! Say goodbye to spreadsheets and screenshots. Vanta automates evidence collection needed for audits with over  350 integrations—giving you continuous visibility into your compliance status. And with cross-mapped controls across over 35 frameworks, you’ll streamline compliance— and never duplicate your efforts.

Shaun Marion, VP and CSO at Xcel Energy, brings over a decade of cybersecurity expertise to the discussion. He addresses the crucial balance between effective policy implementation and the challenges of change management. Marion emphasizes the art of storytelling in bridging technical cybersecurity details with business relevance. The conversation also explores the value of crisis experience for CISOs and reflects on the limitations of Data Loss Prevention solutions, while highlighting optimism in future data security innovations.

Danny Jenkins, CEO of ThreatLocker, dives into the complexities of cybersecurity, focusing on a zero-trust approach to endpoint security. He discusses the challenges of managing zero-day vulnerabilities and the necessity of phasing out outdated hardware. The conversation highlights the need for clear communication during security tests and explores human psychology's role in effective security measures. Jenkins also debates the importance of tailored user training and the impact of data breaches on organizations.