CISO Series Podcast

David Spark, Mike Johnson, and Andy Ellis
undefined
May 9, 2023 • 46min

What Kind of Challenges Do You Foresee In Firing Me?

All links and images for this episode can be found on CISO Series. This show was recorded in front of a live audience in New York City! This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series, and a special guest host, Aaron Zollman, CISO & vp, platform engineering, Cedar. Our guest is Colin Ahern, chief cyber officer for the State of New York. Thanks to our podcast sponsor, OpenVPN, SlashNext & Votiro Take the cost and complexity out of secure networking with OpenVPN. Whether you choose our cloud-delivered or self-hosted solution, subscriptions are based on concurrent connections, so you pay for what you actually use. Start today with free connections, no credit card required, and scale to paid when you’re ready. SlashNext, a leader in SaaS-based Integrated Cloud Messaging Security across email, web, and mobile has the industry’s first artificial intelligence solution, HumanAI, that uses generative AI to defend against advanced business email compromise (BEC), supply chain attacks, executive impersonation, and financial fraud. Request a demo today. No matter what technology or training you provide, humans are still the greatest risk to your security. Votiro’s API-centric product sanitizes every file before it hits the endpoint, so the files that your employees open are safe. This happens in milliseconds, so the business stays safe and never slows down. In this episode: If you hired someone today, how would you know in 3 months time that they were the right fit? Do you have any other questions you've heard from candidates that you think are better? What doesn't the government currently know about cloud providers that they should know?
undefined
May 2, 2023 • 38min

I Wouldn’t Trust Everything You Read… On My Resume

All links and images for this episode can be found on CISO Series. Turns out cybersecurity professionals lie on their resumes. They add degrees and certifications they don't have. They omit degrees for fear of looking overqualified. And sometimes, they flat out invent jobs. But given the responses as to why people do it, it's because they're trying to get by the unnecessary barriers of cybersecurity hiring. Does that make the lying justified? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is David Nolan, vp, enterprise risk & CISO, Aaron's. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode:  Do some cybersecurity professionals really lie on their resumes? Is this because they're trying to get by the unnecessary barriers of cybersecurity hiring? Does that make the lying justified?
undefined
Apr 25, 2023 • 38min

Can’t You Just Pop Out of Zeus’ Head a Fully Formed Security Professional?

All links and images for this episode can be found on CISO Series. Companies want to hire security professionals who know everything. Eager professionals who want all those skills are screaming please hire me and train me. But unlike the military which can turn a teenager into a soldier in 16 weeks, corporations in dire of cybersecurity help have little to no means to train. They're just hoping they'll show up perfect and ready to fight in a digital war. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Joe Lowis, CISO, CDC. Thanks to our podcast sponsor, Cyolo Too many critical assets and systems remain exposed because traditional secure access solutions are not able to protect the high-risk access scenarios and legacy applications that keep business operations running. With its trustless zero-trust access solution, Cyolo gives organizations the visibility and access control they need to secure every connection. In this episode: Is it realistic for companies to hire security professionals who know everything? Do companies realize that there are professionals who want all those skills and are eager to learn? Why isn’t there more emphasis on providing training like how the military trains all new recruits?
undefined
Apr 18, 2023 • 37min

We’d Secure Our Data If We Knew Where It Was

All links and images for this episode can be found on CISO Series. Given the ease of sharing data, our sensitive information is going more places that we want it. We have means to secure data, but you really can't do that if you don't know where your data actually is. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Brian Vecci (@BrianTheVecci), field CTO, Varonis. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis.  Discover more at www.varonis.com/cisoseries. In this episode: What exactly is “dark data”? Are we creating more problems for ourselves by holding onto dark data? What is this generated yet unused data? Is this the same as ROT data or redundant, obsolete, trivial data? How can it be discovered and classified?
undefined
Apr 11, 2023 • 35min

Our Security Tool Can Do Everything But Mitigate Risk

All links and images for this episode can be found on CISO Series. No department is immune to budget cuts. When the budget cuts come in, where can security look first to save money? Mike Johnson said, "An expensive tool that doesn't mitigate risk should be at the top of the chopping block." This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Almog Apirion (@almogap), CEO and cofounder, Cyolo. Thanks to our podcast sponsor, Cyolo Too many critical assets and systems remain exposed because traditional secure access solutions are not able to protect the high-risk access scenarios and legacy applications that keep business operations running. With its trustless zero-trust access solution, Cyolo gives organizations the visibility and access control they need to secure every connection. In this episode: When the budget cuts come in, where can security look first to save money?  Where has change management gotten easier and more difficult for you over the years? And how do you engage with your team and affected users about making a change that works best for the business?
undefined
9 snips
Apr 4, 2023 • 39min

No Need for Chaos Engineering Since Our Architecture Is Always Failing

All links and images for this episode can be found on CISO Series. Is chaos engineering the secret sauce to creating a resilient organization? Purposefully disrupt your architecture to allow for early discovery of weak points. Can we take it even further to company environment, beyond even a tabletop exercise? How far can we test our limits while still allowing the business to operate? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Mike Wiacek, CEO, Stairwell. Thanks to our podcast sponsor, Stairwell The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond. Learn about Inception. In this episode: Is chaos engineering the secret sauce to creating a resilient organization?  Purposefully disrupt your architecture to allow for early discovery of weak points. Can we take it even further to company environment, beyond even a tabletop exercise? How far can we test our limits while still allowing the business to operate?
undefined
Mar 28, 2023 • 37min

Why Aren’t You On Slack Where I Can Interrupt You?

All links and images for this episode can be found on CISO Series. In order to get any work done we try to shut out all possible distractions. That includes messaging apps. But those people who want to connect become annoyed that they can't reach you. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Howard Holton, CTO, GigaOm. Thanks to our podcast sponsor, Cyolo Too many critical assets and systems remain exposed because traditional secure access solutions are not able to protect the high-risk access scenarios and legacy applications that keep business operations running. With its trustless zero-trust access solution, Cyolo gives organizations the visibility and access control they need to secure every connection. In this episode: In order to get any work done, why do we try to shut out all possible distractions, including messaging apps?  What happens when those people who want to connect become annoyed that they can't reach you? Who are the true innovators in cybersecurity? Is it the attackers or the defenders?
undefined
Mar 21, 2023 • 34min

Fast Track Burnout for Your Cyber Team with Layoffs

All links and images for this episode can be found on CISO Series. What happens to your team after the layoffs? Your overextended team now realizes they're going to have to pick up the slack for those who left. How do you shift responsibilities in such a situation? Does anything fall away? Because you can't still operate at the same level. How do you adjust while maintaining morale and not burning out those who are there? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Dan Walsh, CISO, VillageMD. Our guest is Nick Vigier, CISO, Talend. Thanks to our podcast sponsor, Sentra Sentra’s Data Security Posture Management Solution not only discovers and classifies cloud data, but ensures it always has the proper security posture. No matter where the data is moved or copied, Sentra can identify the type of data, who has access to it, and how it’s meant to be secured. In this episode:  What happens to your team after the layoffs? Your overextended team now realizes they're going to have to pick up the slack for those who left. How do you shift responsibilities in such a situation? How do you adjust while maintaining morale and not burning out those who are there?
undefined
Mar 14, 2023 • 39min

We Look for Candidates Who Already Know Everything

All links and images for this episode can be found on CISO Series. Future cybersecurity talent is frustrated. The industry demand for cybersecurity professionals is huge, but the openings for green cyber people eager to get into the field are few. They want professional training, and they want the hiring companies to provide the training. Problem is not enough companies have training programs in place and as a result they can only hire experienced cyber talent, shutting out those who want to get in. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Matt Radolec, sr. director incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode:  The industry demand for cybersecurity professionals is huge, so why are the openings for green cyber people eager to get into the field so few? Should more hiring companies provide the training? Is the problem that not enough companies have training programs in place?
undefined
Mar 7, 2023 • 37min

We're Experts At Telling You To Fix Your Problems

Guest John C. Underwood discusses the challenges of fixing security problems. Are vendors moving towards proactive advice and automation? Topics include trust in new products, cybersecurity tools evolution, training new employees, handling security incidents, and the use of Chat GPT in workflows.

The AI-powered Podcast Player

Save insights by tapping your headphones, chat with episodes, discover the best highlights - and more!
App store bannerPlay store banner
Get the app