CISO Series Podcast

No, please not another acronym. I can't take another education cycle on another product segment. Oh, I'm sure Gartner is launching it. And I'm sure they'll make yet another Magic Quadrant to tell us which companies are in this new market segment. And we're going to have to buy this report so we understand this new category so we can create yet another line item on our budget sheet. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Ed Bellis (@ebellis), co-founder and CTO, Kenna Security (now a part of Cisco). Thanks to our podcast sponsor, Kenna Security In this episode: How do you develop unbiased knowledge about a new technology? Do you have advice on how to prepare for a SOC interview? Vulnerability management: what have we heard enough of? Do your parents know what you do for a living?  

You don’t want anything to happen, but you also want security to somehow to calculate ROI. Maybe the ROI could be calculated from actual sales that security allowed to actually happen. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ryan Gurney, CISO-in-residence, YL Ventures. Thanks to our sponsor, YL Ventures YL Ventures, a global VC firm, manages over $300 million and exclusively invests in early-stage Israeli cybersecurity startups. YL Ventures accelerates the evolution of its portfolio companies via strategic advice and operational execution, leveraging a network of CISOs and industry veterans from Fortune 100 and high-growth companies. In this episode: What happens when Application Surface Management (ASM) vendors are purchased as Security assets? What do you do when your company wants to use a really insecure SaaS product? Does a startup need a CISO, or just a CISO-in-residence? Is there a better sign other than "nothing happened" that indicates you did a good job in cybersecurity today?"  

All links and images for this episode can be found on CISO Series It’s imperative we speak to him. We want to make sure they landed safely. And if he has some available time, maybe we can show him our slide deck. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts. Thanks to our podcast sponsor, Grip Security Ask yourself – do I know what SaaS my company is using? How do users access them? What data is uploaded and downloaded? Enterprises today are using hundreds and thousands of different SaaS, and have lost control over it. Grip Security sees and secures every SaaS application. With simple deployment, you can have immediate visibility to the entire SaaS portfolio, and automated access and data governance at scale. This is the only way you could fight the SaaS Sprawl. In this episode: How do security vendors communicate their uniqueness and product quality? If you were to start a data security company - what gap would you fill? What's the pushiest sales tactic you've seen in InfoSec? Assessing vendor pitches on email security or human layer security  

All links and images for this episode can be found on CISO Series I know your friends say they use excellent passwords, but they don't take the time and care we put into choosing the right combination of letters, numbers, and special characters that's unique to your personality. Once your friends and the dark web have a chance to see them, they'll want to emulate you by using your password over and over again. This week's CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo. Thanks to our podcast sponsor, HYPR HYPR is the leader in Passwordless Multi-factor Authentication. We protect workforce and customer identities with the highest level of assurance while enhancing the end user’s experience. HYPR shifts the economics of attack to the enterprise’s favor by replacing password-based MFA with Passwordless MFA.  Welcome to The Passwordless Company®. It’s time to reimagine Identity Access Assurance. Learn More » In this episode: Ways to make a good impression about the quality of your security How’s passwordless access working for you? When an EULA says no to reviewing the product What does a good SOC look like to you?

All links and images for this episode can be found on CISO Series We've heard the question "How secure are we?" many times, and we know what it really means. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air. Thanks to our podcast sponsor, Enso Enso, an Application Security Posture Management platform, helps security teams scale and gain control over their AppSec programs. Enso discovers application inventory, ownership and risk to easily build and enforce security policies and transform AppSec into an automated, systematic discipline. In this episode: Red flag-level bad security: run away or offer to help? How necessary is it to know patterns of where and how criminals are going to attack? How to manage the risk of onboarding entry level cybersecurity personnel who lack prior job experience? How do you answer the question, "Are we secure?"    

All links and images for this episode can be found on CISO Series What questions should we be asking of a consultant's referrals to see if they're really worth the money they're trying to overcharge us? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Ira Winkler (@irawinkler), CISO, Skyline Technology Solutions. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform. In this episode: Fujifilm refused to pay ransomware demand, restored from backup. Be like Fujifilm. What to do with people who ask for your password and sign-on – and those who comply Best techniques for interviewing cybersecurity consultant candidates The importance of securing inter-organization Slack and Teams channels

All links and images for this episode can be found on CISO Series You think it's easy carrying around the burden of being so perfect all the time? It's tough to carry that responsibility to tell others what they need to do. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ed Contreras (@cisoedwardc), CISO, Frost Bank. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform. Does a quality tech stack help with recruitment and retention of talent? Should security features be free? And should those who charge be shamed? Failing phishing tests - is there a limit to how many?

All links and images for this episode can be found on CISO Series We know we've got to say something about this breach, but geez, the details are really sordid and it would just be easier if we could just wrap it up with one giant "oops." You cool with that? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Matt Radolec, senior director, incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis’ leading data security platform. In this episode: How have insider threats morphed since the onset of Covid? Should paying ransomware be illegal? What goes into a good post-breach public incident response? Should ransomware focus more on backups?

All links and images for this episode can be found on CISO Series Managing my own risk is tough enough, but now I have to worry about my partners' risk and their partners' risk? I don't even know what's easier to manage: the risk profile of all my third parties or all the exclusions I've got to open up to let third parties into my system. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Bruce Potter (@gdead), CISO, Expel. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. In this episode: What's easier to manage, 3rd party risk profiles or exclusions? Do you need a Git repository to apply for a job? What else? What's in your happy-grab-bag for hybrid work environments? Is there anything new to say about ransomware strategy?  

All links and images for this episode can be found on CISO Series If I'm going to be riding my team really hard, how much charisma will I need to keep the team frightened so they stay motivated, yet don't want to leave? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jason Fruge (@jasonfruge), CISO, Rent-a-Center. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. In this episode CISO's second job: applying lessons learned from the first one Experts weigh in on what to do when a breach drops malware on you How to motivate staff to push themselves beyond initial expectations? What level of autonomy do you give your staff to make purchase decisions?