CISO Series Podcast

All links and images for this episode can be found on CISO Series Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode: Why is the term “zero trust” fraught with so many misnomers? Is there such a thing as privacy anymore? Do you agree with the term “good enough”, and if so what is a "good enough" factor, what does it entail, and what should we expect from that? Where has the United States done the most to improve national cybersecurity?

All links and images for this episode can be found on CISO Series. You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell's, Coca-Cola, and Time Warner. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode: When interviewing, what are the right answers, and which ones are red flags that should cause you to run? Has the cloud just created a bigger security problem that's creeped up on us?  Are legacy systems just a ticking time bomb or have you seen success in managing them?

All links and images for this episode can be found on CISO Series Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode: Are big conferences like RSA worth it? What's the value of the trade show floor at RSA? Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out?

All links and images for this episode can be found on CISO Series Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Is it OK if users see security as heroes but security professionals shouldn't see themselves that way? What have you heard enough about when it comes to data protection, and what would you like to hear a lot more? How can we best create a cyber risk balance sheet?

All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Should certifications be a requirement on your job listings? Are the SIEMs failing or do the users not know how to configure them? Or is it both? Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?

All links and images for this episode can be found on CISO Series You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO. In this episode: We welcome the winner of “Capture The CISO!” How did they prepare in terms of making the demo and for appearing on the show? And what advice would they give for contestants in season 2? What do employers look for or ask in an interview that would lead them to hire and promote someone into a CISO role in their company? How can cybersecurity professionals improve their decision making over time?

All links and images for this episode can be found on CISO Series We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Anna Belak (@aabelak), director of thought leadership, Sysdig. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode: What are the questions a CISO should be able to answer? How much dishonesty do you find in cybersecurity? How does one LEAD a cloud migration? What are some lies about machine learning that everyone needs to be aware of?

All links and images for this episode can be found on CISO Series What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Can the US government, through regulation, shift the tide of never-ending cybersecurity failures? Your network was just hit with ransomware. What do you do in your environment? What should we be discussing more of when it comes to protecting data in the supply chain? What's the biggest security flaw you've seen in every environment you've ever worked?  

All links and images for this episode can be found on CISO Series If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Carla Sweeney, vp information security, Red Ventures. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Is a CISO really an architect of choices, for themselves and the other business leaders? Why and how can controls impose friction or drag on business velocity? What are the types of questions you ask when you're referencing a resume and what are some examples of really impressive responses? What are some things that get a bad rap, but are actually quite secure?

All links and images for this episode can be found on CISO Series Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual. Thanks to our podcast sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! In this episode: What areas should we focus on improving the security user experience for non-security people? Does it get easier at the top? What factors do you think result in the workload being tougher or easier for a CISO? How can radical transparency help and where can it backfire? What can we do to avoid poisoned systems and how can we tell if our systems have been poisoned?