CISO Series Podcast

All links and images for this episode can be found on CISO Series Don't look at me to explain zero trust to you, because I'm just as confused. I've heard plenty of definitions, and they all sound good. I just don't know which one is right, or maybe they're all right. This week's episode of CISO/Security Vendor Relationship Podcast was recorded in front of a live audience at KeyConf at the City Winery in New York City. My guest co-host for this special episode is JJ Agha, CISO, Compass. Joining us on stage were a host of guests, Admiral Rogers, former NSA director and Commander US Cyber Command, Oded Hareven, CEO and co-founder, Akeyless, and Dr. Zero Trust, Chase Cunningham (@cynjaChaseC). Thanks to our podcast sponsor, Akeyless As organizations embrace automation, they must control their secrets sprawl. Security teams must enable the transition with centralized access to secrets, and consistent policies to limit risk and maintain compliance. Akeyless provides a unified, SaaS based solution for Secrets Management, Secure Remote Access, and Data Protection. More about Akeyless In this episode: Is zero trust easy for organizations to deploy and control? Are we taking zero trust too far? Does it help to have more eyes on the problem? What are the problems with secure remote access that we're still struggling with?

All links and images for this episode can be found on CISO Series It's extremely easy to say you want to diversify. In fact, I'll do it right now three times. We want diversity. We're very pro diversity and it's our focus for the next year. Diversity is a very important part of our security program. Please don't ask to though look at the lack of diversity on our staff. It doesn't match our rhetoric. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11. Thanks to our podcast sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn’t need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the top of the screen to register for the event. In this episode: How are you overcoming the challenges of diversity hiring? Are robocalls defeating MFA? Are you collaborative in cyber with your direct competitors? Were you sold something differently when you started in cyber?    

All links and images for this episode can be found on CISO Series Do the cybercriminals know my vacation schedule? If they’re already in our network, they probably do. Why don’t they share their vacation schedule with me. That way we can all enjoy our time off. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Patti Titus (@rusecur), CISO, Markel. Thanks to our podcast sponsor, Sotero Today’s compliance requirements require a security mindset that focuses on the data itself. We can’t truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. In this episode: What role is the quickest to a CISO role? How can we best correlate security behavior to business actions? Are attacks more likely on Fridays, just before a long weekend or vacation? Which breaches this year caused a shift in focus of your security program?    

All links and images for this episode can be found on CISO Series At one point a sales representative will get so desperate trying to get a reply from a prospect that they'll resort to some tepid attempt a humor. We've all seen the email that is trying to understand why we're not replying. And the salesperson tries to make it easy for the recipient to respond by just pressing a single digit. 1: You're too busy, 2: You didn't see my email, 3: You really wanted to respond but you're stuck in a well. This week's episode of CISO/Security Vendor Relationship Podcast was recorded in front of a live audience at the SF-ISACA conference in San Francisco. It features me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is my other co-host Andy Ellis (@csoandy), operating partner, YL Ventures. Huge thanks to our podcast sponsors, Code42, Sotero, and Constella Intelligence As organizations gradually and cautiously move out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. Today’s compliance requirements require a security mindset that focuses on the data itself. We can’t truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. Threat actors target key employees due to their privileged access to sensitive data which can lead to credential theft, ATO, & ransomware attacks. Find out if your key employees and company have been exposed – without any obligation. More from Constella Intelligence. In this episode: How do you go about making a business case for further investment in cyber security initiatives? Is it possible to get people to get security people change their behaviors? Using humor in cold sales. Does it ever work? ...and what happens when it backfires?  

All links and images for this episode can be found on CISO Series "Look, you wanna be elite? You have to do a righteous hack." This entire episode we pay tribute to the movie "Hackers" with quotes all throughout the programming. This episode is hosted by me, David Spark (@dspark), producer of CISO Series, and my guest co-host Roland Cloutier (@CSORoland), CISO, TikTok. Joining us in this discussion is Steve Tran (@steveishacking), CISO, MGM Studios. Thanks to our podcast sponsor, Code42 In this episode: Is it time to start thinking about protecting data differently? What is the biggest scam in tech that is deemed acceptable? Why is the convergence of security between physical and digital still not happening? Which part of your role is science vs art?

All links and images for this episode can be found on CISO Series It’s extremely hard to tell if a cybersecurity leader is doing a good job. In fact, it’s tough for even them to know. Our best bet is watching for an improvement in the cybersecurity program over time. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Mark Wojtasiak (@markwojtasiak), vice president, research & strategy, Code42 and co-author of “Inside Jobs.” Thanks to this week’s podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: What is your business's biggest frustration when managing cybersecurity? Aaaand...what is your biggest frustration when managing cybersecurity? How do you know when a Security Leader (including yourself) is doing a good job? Would it help if Security hired a marketing manager?        

Here's an awesome bonus episode of CISO/Security Vendor Relationship Podcast featured as the closing event at Evanta's Global CISO Virtual Executive Summit. Here's what went down. The day before our recording, three representatives presented their unique and innovative security solutions to a panel of CISOs and the virtual audience in attendance. The next day, everyone came back to offer up a quick elevator pitch and to be grilled by the CISOs. That's exactly what you get to hear on this bonus episode of CISO/Security Vendor Relationship Podcast. Thanks to all our sponsors for this bonus episode of the podcast Kasada Axis Security Ordr Ten Eleven Ventures

All links and images for this episode can be found on CISO Series What game should we play where we can trust you to behave fairly, but at the same time see how you could take advantage of us? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Deneen DiFiore (@deneendifiore), CISO, United Airlines. Thanks to our podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: Does becoming a business-minded security person take time? What does a qualified, entry level candidate have to do to get noticed? Without clear ROI, how does a CISO justify their budget? What game taught you the most about thinking like a hacker?    

All links and images for this episode can be found on CISO Series Do you really need hundreds of questions to know if you want to work with a vendor? Won’t just two or three well-pointed questions really give you a good idea? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nick Selby (@fuzztech), CSO, Paxos Trust Company and co-host of Tech Debt Burndown podcast. Thanks to our podcast sponsor, Kenna Security In this episode: How do you suss out security vendors to make sure they're not a risk? How do you battle a typosquatter? What types of preparations do you have in place to know you're well prepared for an incident? How should CISOs and CIOs share cybersecurity ownership?

All links and images for this episode can be found on CISO Series OK, you showed us our vulnerability. But we really don't want to fix it now. Could we just pay you off to keep quiet, and to buy us some more time to deal with this in a "not so timely" manner? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sameer Sait (@sameersait), CISO, Amazon - Whole Foods. Thanks to our podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: What if software developers used academic citations for code acquired from outside sources? What is a reported security vulnerability doesn't get fixed? Where do you go next? What if a 3rd party app developer needs access to a file/print share over the internet? What if you receive a pitch that makes a grandiose statement like "no false positives?" Follow-up or hard pass?