CISO Series Podcast

All links and images for this episode can be found on CISO Series Yikes, this security hole one concerned student found in the school's network is going to require one heck of a pep rally to fix. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Dave Stirling, CISO, Zions Bancorporation. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: Should the CISO position be seen as an organization in itself? Is the current data loss prevention (DLP) model outdated? How can an MSSP show its value? What should a high school student do if they see that their school has horrible security practices?

All links and images for this episode can be found on CISO Series If we had such a great conversation at the conference, why don't you want to respond to my emails? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Julie Tsai (@446688), cybersecurity leader. Thanks to our podcast sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment. In this episode: Is there a "right" management structure for cybersecurity? Are there tools you can put in place to keep your DevOps program in check? What are the questions to ask during an interview that reveal how a company handles and prioritizes cybersecurity? How can we improve CISO / vendor relations?

All links and images for this episode can be found on CISO Series Winning at vulnerability management is not a numbers game. It's a tactical exercise of what matters most in your environment. Surprisingly, experts tell us close to two thirds of your vulnerabilities can and should be ignored. Why and which ones are those? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ed Bellis (@ebellis), co-founder and CTO, Kenna Security (now a part of Cisco). Thanks to our podcast sponsor, Kenna Security Kenna Security, now part of Cisco, is the pioneer of risk-based management. The Kenna Security Platform enables organizations to work cross-functionally to determine and remediate cyber risks. It leverages machine learning and data science to track and predict real-world exploitations, empowering security teams to focus on what matters most.  In this episode: What type of risk or compliance data should CISA collect for its proposed metrics? Which metrics are most valuable to determine the health of a company? Why the constant frustration with patch management? How often should you be conducting vulnerability scans?

 All links and images for this episode can be found on CISO Series If you're asking what certification you should go after to get the perfect cybersecurity job, you're asking the wrong question. Most hiring managers are inundated with resumes so they're looking for ways to get rid of yours. Don't be fooled thinking you're going to be seen because you have the "perfect" resume. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Mike Hanley (@_mp4h), CSO, GitHub. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode: What's the formula (experience vs testimonials) for hiring managers' attention? What are the most effective techniques to building a resilient security team? What are security vendors NOT doing now that would greatly improve their visibility? Have you had to make any security exceptions just because an executive needed something?

All links and images for this episode can be found on CISO Series CISOs agree that multi-factor authentication is the one security control that once deployed has the greatest impact to reduce security issues. Yet with all that agreement, it’s still so darn hard to get users to actually use it. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Arvind Raman (@arvind78), CISO, Mitel. Huge thanks to our sponsor, Horizon3.ai See your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. More from Horizon3.ai. In this episode: If MFA is so great, why is it not more widespread? Are high valuations for cloud security startups a vote against cloud providers doing cloud security well? What is the biggest challenge in deploying zero trust on existing infrastructure? Are there universal security red flags?

All links and images for this episode can be found on CISO Series It's all risk, all show, for the entire show. It's just the kind of risk we like to take. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Derek Vadala (@derekvadala), chief risk officer, BitSight. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode: What cybersecurity risk is currently the most severe? What's important about of evaluating a startup's security protocols? What about third party risk management? Do you and your board know how resilient you are to a cyber attack?

All links and images for this episode can be found on CISO Series What do you give to the person who wants to learn how to steal everything? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Jim Wachhaus (@imanapt), risk intelligence evangelist, CyCognito. Thanks to our podcast sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode: How can we shore up our cybersecurity hygiene? What have we heard enough about with risk intelligence ? Gifts to buy someone who is looking into red teaming/vulnerability  

All links and images for this episode can be found on CISO Series What do you do if your boss gave you a corporate laptop and you fear they installed some tracking software? Should you wipe the drive or simply quit? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Purandar Das (@dasgp), co-founder and president, Sotero. Thanks to our podcast sponsor, Sotero Today’s compliance requirements require a security mindset that focuses on the data itself. We can’t truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. In this episode: Did the pandemic lead to innovations in cybersecurity? What should a company do when an employee makes a major mistake like emailing PII? Have we all heard enough about encryption? What do we do when the boss gives us a "new" computer with monitoring tech on board?

All links and images for this episode can be found on CISO Series Risk is scary. Cyber risk is scarier. Not because it's worse, but mostly because we barely understand it. We've gone this long not understanding it. Maybe just ignoring it will allow us to wish it away. On this week's episode of CISO/Security Vendor Relationship Podcast we have our first in-studio guest (since we moved the studio). Joining me, David Spark (@dspark), producer of CISO Series and Mike Johnson is our in-studio guest TJ Lingenfelter (@tj_555), sr. program manager, information security, Taylormade Golf. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody’s, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode: How can competitive companies can help each other be more secure? What to do when you can't get time with your CIO to discuss plans? Are we fooling ourselves to think we can maintain privacy for ourselves and that organizations can do it for us as well? What new cybersecurity buzzwords should be put to rest?  

All links and images for this episode can be found on CISO Series There's no question calculating risk is tricky. Because once you understand your risk then you can assign budget appropriately to reduce your risk. OR, you could just wait until you're breached and you'll know exactly what your risk is and how much it costs. This week's episode of CISO/Security Vendor Relationship Podcast is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Dan Walsh, CISO, VillageMD. Thanks to our podcast sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. In this episode: What can we learn from a 10-year cybersecurity veteran? What can state governments do to 'hire better' in cybersecurity? What can companies do to attract cybersecurity professionals to their location? What are ways to bring a clearer understanding of risk to the business without being alarmist?