CISO Series Podcast

All links and images for this episode can be found on CISO Series. In order to get any work done we try to shut out all possible distractions. That includes messaging apps. But those people who want to connect become annoyed that they can't reach you. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Howard Holton, CTO, GigaOm. Thanks to our podcast sponsor, Cyolo Too many critical assets and systems remain exposed because traditional secure access solutions are not able to protect the high-risk access scenarios and legacy applications that keep business operations running. With its trustless zero-trust access solution, Cyolo gives organizations the visibility and access control they need to secure every connection. In this episode: In order to get any work done, why do we try to shut out all possible distractions, including messaging apps? What happens when those people who want to connect become annoyed that they can't reach you? Who are the true innovators in cybersecurity? Is it the attackers or the defenders?

All links and images for this episode can be found on CISO Series. What happens to your team after the layoffs? Your overextended team now realizes they're going to have to pick up the slack for those who left. How do you shift responsibilities in such a situation? Does anything fall away? Because you can't still operate at the same level. How do you adjust while maintaining morale and not burning out those who are there? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Dan Walsh, CISO, VillageMD. Our guest is Nick Vigier, CISO, Talend. Thanks to our podcast sponsor, Sentra Sentra's Data Security Posture Management Solution not only discovers and classifies cloud data, but ensures it always has the proper security posture. No matter where the data is moved or copied, Sentra can identify the type of data, who has access to it, and how it's meant to be secured. In this episode: What happens to your team after the layoffs? Your overextended team now realizes they're going to have to pick up the slack for those who left. How do you shift responsibilities in such a situation? How do you adjust while maintaining morale and not burning out those who are there?

All links and images for this episode can be found on CISO Series. Future cybersecurity talent is frustrated. The industry demand for cybersecurity professionals is huge, but the openings for green cyber people eager to get into the field are few. They want professional training, and they want the hiring companies to provide the training. Problem is not enough companies have training programs in place and as a result they can only hire experienced cyber talent, shutting out those who want to get in. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Matt Radolec, sr. director incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode: The industry demand for cybersecurity professionals is huge, so why are the openings for green cyber people eager to get into the field so few? Should more hiring companies provide the training? Is the problem that not enough companies have training programs in place?

Guest John C. Underwood discusses the challenges of fixing security problems. Are vendors moving towards proactive advice and automation? Topics include trust in new products, cybersecurity tools evolution, training new employees, handling security incidents, and the use of Chat GPT in workflows.

All links and images for this episode can be found on CISO Series. It's pretty darn easy to just utter the words "we're 100% secure." Pulling that off seems universally impossible, but some organizations are adamant about certain types of safety so they aim for 100%. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Yoav Regev (@yoav_regev), CEO, Sentra. Thanks to our podcast sponsor, Sentra Sentra's Data Security Posture Management Solution not only discovers and classifies cloud data, but ensures it always has the proper security posture. No matter where the data is moved or copied, Sentra can identify the type of data, who has access to it, and how it's meant to be secured. In this episode: What does it take to have a successful security program? What are the things to focus on when speaking with executives? How do you stay innovative as a security professional and have new fresh perspectives?

All links and images for this episode can be found on CISO Series. A CISO calls on security vendors to stop the spamming and cold calling. Are these annoyances the direct result the way salespeople are measured? Is that what drives the desperation and bad behavior? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dmitriy Sokolovskiy, CISO, Avid. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode: What NEW ways could salespeople be measured that would encourage good behavior with CISOs? There's still this desire to draw a linear path to sales, but how often does it cleanly play out that way? Are integrators, MSSPs, and resellers leveling the playing field for cybersecurity vendors?

All links and images for this episode can be found on CISO Series. We are all very easily distracted, and adversaries know that. So they'll try any little trick to make us not pay attention, look away, or do what we're not supposed to do all in an effort to break our human defenses. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Shaun Marion, CISO, McDonald's. Thanks to our podcast sponsor, Sentra Sentra's Data Security Posture Management Solution not only discovers and classifies cloud data, but ensures it always has the proper security posture. No matter where the data is moved or copied, Sentra can identify the type of data, who has access to it, and how it's meant to be secured. In this episode: Do you have a "security hive" and what does it do for you? What are the active behaviors you're deploying to reduce the stress in your life as a CISO and how are you doing it for your team, and all staff as well? ? Could volunteering help with burnout and recruitment?

All links and images for this episode can be found on CISO Series. For those security practitioners who leave a job to go work for a security vendor, please stop calling it "going to the dark side." This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Jason Mar-Tang, director of sales engineering, Pentera. Thanks to our podcast sponsor, Pentera Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale. In this episode: Why do we call security practitioners who leave a job to go work for a security vendor, "going to the dark side?" Do security professionals say this because once they go work for a vendor their motivation shifts from protecting to sales? Over the years what other small steps have we seen that have made improvements in the vendor/practitioner divide?

All links and images for this episode can be found on CISO Series. Tabletop exercises are critical procedures to learn how everyone will react during an actual attack. Panic is usually the first response, so why don't we do that when we're playing our pretend game of getting our business compromised by a nefarious hacker? This week's episode of CISO Series Podcast was recorded in front of a live audience in Clearwater, Florida for the Convene conference produced by the National Cybersecurity Alliance (AKA StaySafeOnline.org). Joining me on stage for the recording was my guest co-host, Hadas Cassorla, CISO, M1 and our guest, Kathleen Mullin (@kate944032), CISO, Cancer Treatment Centers of America. Thanks to our podcast sponsors, Cofense, KnowBe4 & Terranova Cofense is the only company to combine a global network of 32 million people reporting phish with advanced AI-based automation to stop phishing attacks. Our global phishing defense centers work 24/7 to support more than 2,000 enterprise customers, providing the technology and insights needed to identify & block threats. KnowBe4 is the world's largest integrated Security Awareness Training and Simulated Phishing platform. KnowBe4 helps organizations manage the ongoing problem of social engineering through a comprehensive new-school awareness training approach. Tens of thousands of organizations worldwide use KnowBe4's platform to mobilize their end users as a last line of defense. Get free phishing benchmarking data to drive effective behavior change and grow your organization's security-aware culture with the latest edition of the Phishing Benchmark Global Report! Taken from this year's Gone Phishing Tournament, this report gives security and risk management leaders the insight they need to strengthen data protection. More at terranovasecurity.com. In this episode: Where do you see tabletops coming apart and being ineffective and what are the core elements that truly make them succeed? Have you ever seen a real incident play out where you can point to the tabletop as the reason you were able to handle the incident? Are people the safety net for your security controls OR should security controls the safety net for your people?

All links and images for this episode can be found on CISO Series. Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International. Thanks to our podcast sponsor, SlashNext With today's transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies' most valuable assets. Check out the report. In this episode: Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? How do we make our security teams more productive? The cost of getting and paying for cybersecurity insurance is so darn high. Would it be worth it to just self-insure?