
CISO Series Podcast
Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
Latest episodes

Jul 5, 2022 • 35min
Why Does Your Privacy Matter If I’m Paying You?
All links and images for this episode can be found on CISO Series Should you monitor your staff? I mean reallymonitor them. Some bosses are installing screen grabbing and click tracking software to monitor employees and by most estimates employees hate it so much that half of them would quit if their supervisors installed monitoring software on their computers. But in some cases an employee's behavior may lend themselves to being monitored. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Ian Hassard (@ihassard), director of product management, Okta. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode: What are the real world positive impacts that result on the business in terms of risk reduction, product development, and prevention? What are some alternatives to address the authentication problem? What have you heard enough about with authentication, and what would you like to hear a lot more about? To what level should you and shouldn't you monitor your staff? What cases do you feel you would have to install monitoring software?

Jun 28, 2022 • 35min
It Sure Is Fun to Complain About Security Vendors
All links and images for this episode can be found on CISO Series Next time you're annoyed by a security vendor's pitch, instead of firing back at them at what an idiot they are, or complaining about it on social media, why not see if you can find a friendly manager at the vendor company and explain what happened so they can actually address the problem appropriately? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rob Suarez, CISO, BD. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode: Where could we possibly draw the line of what can be known to the public, but at the same time not offering insight to the attackers? We examine what makes medical establishments an attractive target. Why are medical records valuable and outside of havoc is there any other purpose of tampering with medical devices? How do you use industry-specific threat information to make better security decisions? Why do some cybersecurity companies succeed and others fail?

Jun 21, 2022 • 37min
What Does It Cost to Prove Security Is Working?
All links and images for this episode can be found on CISO Series I have no idea what I need to spend to demonstrate our security program is working. What's it going to take? Or maybe I need just others on my team to just validate that they truly do care about security. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is John McClure (@johnmcclure00), CISO, Sinclair Broadcast Group. Thanks to our podcast sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how. In this episode: What’s your best indicator that your security program is actually improving? We examine certifications and separate myth from reality for those trying to get into cybersecurity and also for more seasoned professionals? What security flaw often gets overlooked? How does one go about asking for a team building budget for a remote team?

Jun 14, 2022 • 40min
I Have So Little. Just Let Me Control Access to the Mail Server.
All links and images for this episode can be found on CISO Series How dangerous is it for a cybersecurity professional to pull a G-d complex with the email server just because they didn't like the way one salesperson behaved? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Jadee Hanson (@jadeehanson), CIO/CISO, Code42. Thanks to our podcast sponsor, Code42. As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more. In this episode: Is it alright to block a vendor because one salesperson is persistent and annoying? How can one go about creating a cybersecurity report card? Is it just inevitable that your staff is going to eventually violate policies? How to determine a delicate balance between a complete non-tolerance policy versus complete tolerance?

Jun 7, 2022 • 35min
Security as a Profit Center? You’re Kidding, Right?
All links and images for this episode can be found on CISO Series What if we could convince management that security is not a cost center, but a means to actually make and save money for the business? The concept isn't so completely outrageous. Companies are using privacy and security as differentiators, and certain security tools such as single sign on, password managers, and passwordless reduce operational costs in support tickets. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mary Gardner, CISO, The Greenbrier Companies. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode: What are areas we should focus on improving the security user experience for non-security people? We ask if CISOs have it easier than their middle managers. We think about the factors that result in the workload being tougher or easier for a CISO. And we examine how we can protect our machine learning algorithms and AI from absorbing poisoned data.

May 31, 2022 • 40min
Finding That Perfect Time to Quit Your Job
To see the blog post and read the transcript, head over to CISO Series. We don't celebrate quitting. Maybe we should. When should you do it when you don't have another offer? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Hadas Cassorla, CISO, M1. On this episode: When a "good" security control is actually bad for business. A "how to" engage with a CISO during a presentation meeting. Losing your passion for cybersecurity. What next? Building a budget for remote team building. HUGE thanks to our sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how.

May 24, 2022 • 33min
Gartner Creates Another Category for Everyone to Ignore
All links and images for this episode can be found on CISO Series I have talked to vendors who get all excited about Gartner opening up a new category for them. All I can think is uggh, something new to confuse the security marketplace. I know there's a need to label products in categories to simplify sales. But the complexity is driving buyers nuts. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is RJ Friedman, CISO, Buchanan Technologies. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode: Do we need another industry-produced acronym? How can a vendor better demonstrate they can become a partner? With the list of security “minimum requirements” constantly growing, do you believe more and more organizations are falling below the security poverty line? And we ask how best to reduce the amount of false positives?

May 17, 2022 • 40min
A Look Back at Foolish Security Policies of Past and Present
All links and images for this episode can be found on CISO Series Are bad security policies of yesteryear just because we didn't know any better at the time, or were they some bozos idea of legitimate security yet the rest of us knew it was just security theater? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Dr. Diane M Janosek (@dm_janosek), deputy director of compliance, NSA and senior legal advisor for Women in Cybersecurity. Thanks to our podcast sponsor, Code42 As the Insider Risk Management leader, Code42 helps security professionals protect corporate data and reduce insider risk while fostering an open and collaborative culture for employees. For security practitioners, it means speed to detection and response. For companies, it means a collaborative workforce that is productive and a business that is secure. Visit http://Code42.com/showme to learn more. In this episode: We highlight obsolete security policies to steer clear of. We examine security in space and how can others who are not directly involved in these industries create some type of positive impact? And we ask how we can improve inclusion by decrypting the lack of diversity in our industry.

May 10, 2022 • 37min
Decommission Our Legacy Tech or Just Shut Down the Business?
All links and images for this episode can be found on CISO Series Legacy tech can often be the anchor that prevents an organization from growing. Put the issue of dealing with legacy tech long enough and the problem could get bigger than the business itself. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is TJ Mann (@teejaymann), CISO, Children's Mercy Kansas City. Thanks to our podcast sponsor, CYREBRO Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode: How legacy technology impedes business agility? Are we doing anything better to deal with legacy technology Is there anything that can be done at the purchase point to understand how you'll sunset equipment and technology And we ask whether or not our industry is willing to take the time and effort to hire and train the talent they so desperately want and need.

May 3, 2022 • 33min
Life’s Certainties: Death, Taxes, and Violating Security Policies
All links and images for this episode can be found on CISO Series People violate cybersecurity policies at a rate of one out of every 20 job tasks. It's just a matter of time before all your employees are in violation. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bruce Schneier (@schneierblog), chief of security architecture, Inrupt and fellow and lecturer and Harvard Kennedy School. Thanks to our podcast sponsor, PlexTrac PlexTrac is a powerful, yet simple, cybersecurity platform that centralizes all security assessments, pentest reports, audit findings, and vulnerabilities. PlexTrac transforms the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize analytics, and collaborate on remediation in real-time. Check out PlexTrac.com/CISOSeries to learn why PlexTrac is the perfect platform for CISOs! In this episode: Special tips for new CISOs just starting out and trying to establish their position. We examine where there are market forces fighting the most against achieving societal values in the digital space? What are signs that we're moving in the right direction of developing a digital social contract? And we ask, is "employees violating security policies" the top issue that needs to be resolved?