CISO Series Podcast

All links and images for this episode can be found on CISO Series First job out of college and you get the cybersecurity job of your dreams... and nightmares. It's just too much, and you definitely don't have the experience to handle it all. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Rick Doten (@rick_doten), CISO, Carolina Complete Health. Check out Rick's Youtube channel with the CIS Critical Security Control videos. Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. In this episode: We look at the #1 job according to a U.S. News & World Report. Hint: It’s Information Security Analyst. We examine the possibility & practicality of running a security program entirely based upon free and open-source software. We break down how to help brand new recruits on the ground as they start their careers in cybersecurity.

All links and images for this episode can be found on CISO Series "No business wants more security, they want less risk," said a redditor on the cybersecurity subreddit. Executives seem to not care about cybersecurity because they're not talking in those terms. They talk in terms of managing risk. It's the InfoSec professional's job to do the translation. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Tom Doughty, vp and CISO, Prudential Financial. Thanks to our podcast sponsor, CYREBRO Ninety percnet of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode: How do you discuss cybersecurity with executives who don’t care about cybersecurity? Does cybersecurity insurance help motivate better cybersecurity awareness? Why are we still struggling with cybersecurity hiring? What does a great day in information security look like?

All links and images for this episode can be found on CISO Series A CISO hears about your company's product from some other CISOs. Eager to find more information like a video demo they could watch on their own, they visit your site. They can't find anything except a prominently placed "Request a Demo" button. Fearing the marketing and salespeople who will hound them if they fill out the information, they just bail. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jim Routh (@jmrouth1), former CISO for MassMutual and CVS/Aetna. Thanks to our podcast sponsor, Buchanan Technologies Short staffed and overworked IT groups can be overwhelmed by the massive scope of a comprehensive cybersecurity program. Buchanan Technologies makes the complex simple with our twenty-four by seven, customized, vetted strategies that identify risks, detect threats, implement security controls, and protect the confidentiality, availability, and integrity of your data. Discover more. In this episode: Why do vendors put the product demo videos behind gated walls? Tips for improving cybersecurity awareness within a large organization. The annoying pains of the vendor ecosystem. What are some really bad cybersecurity practices that need to be corrected right away?

All links and images for this episode can be found on CISO Series The web is awash with sites claiming they know what the security trends will be for 2022. All of them were filled with quotes from security experts at different vendors who "surprise" we're saying the big trend is what their product can fix. One publication, eWEEK, had probably the only logical set of trends and they look a lot like what happened in 2021. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ori Arbel, CTO, CYREBRO. Thanks to our podcast sponsor, CYREBRO Ninety percent of post mortems show that the high cost of damage from a cyberattack was avoidable, but no one knew in time to stop it. CYREBRO's SOC Platform is your cybersecurity central command, integrating all your security events with 24/7 strategic monitoring, proactive threat intelligence, and rapid incident response. More from CYREBRO. In this episode: How should you be handling your security operations center (SOC)? Tips for improving your incident response planning. What are the cloud security trends of 2022?

All links and images for this episode can be found on CISO Series Are security conferences really helpful in advising you on making your business more secure, or are they just adding more worries to your plate that aren't actually going to be threats your business is going to have to face? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Jason Witty, CSO, USAA. Thanks to our podcast sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode: What is the board’s risk appetite? Is attending conferences helpful? What can security vendors do to help with board-level communications?

This episode of the CISO Series Podcast explores topics such as questionable vendor marketing tactics, developing threat intelligence, valuable skills hiring managers look for, the importance of threat-informed defense, disparities in security programs, the significance of MFA coverage vs asset inventory, networking and following instructions for job opportunities, and the importance of sharing threat intelligence in security.

All links and images for this episode can be found on CISO Series The trick to getting the attention of CISOs is to create an awesome company. Focus on that and the attention will follow. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Katie Stebbins (@ktlgs), board president, Global Epic. Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most. In this episode: So, how do you become so awesome that you can't be  ignored? What happens when you expand your view of the purpose of security metrics? Is it possible to have a Digital Geneva Convention?

All links and images for this episode can be found on CISO Series If you're up against Google, Facebook, or Apple for hiring talent, chances are pretty good that your company is not going to match their pay and benefits. So if they're the bar for salary and benefits, your business' offerings will inevitably be subpar. So how do you build your employer brand to contend in areas where you're deficient in areas you can't compete? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Dan DeCloss (@wh33lhouse), CEO, PlexTrac. Thanks to our podcast sponsor, PlexTrac In this episode: When setting up defenses against MITRE ATT&CK mappings, how much is enough? What are you doing to build your employer brand and attract cyber talent to your business? How should you review your pentest results?

All links and images for this episode can be found on CISO Series Every organization has an Acceptable Use Policy (AUP) for their computers and network. Nobody reads it and everybody violates it. How the heck do you enforce or discipline people who violate your company's AUP? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Matt Radolec, senior director, incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: Why do tabletop exercises fail? How should we deal with AUPs that do not get read? Is cyber resiliency an overused term? How valuable are visual detection techniques?

All links and images for this episode can be found on CISO Series Yikes, this security hole one concerned student found in the school's network is going to require one heck of a pep rally to fix. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dave Stirling, CISO, Zions Bancorporation. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: Should the CISO position be seen as an organization in itself? Is the current data loss prevention (DLP) model outdated? How can an MSSP show its value? What should a high school student do if they see that their school has horrible security practices?