CISO Series Podcast

All links and images for this episode can be found on CISO Series CISOs agree that multi-factor authentication is the one security control that once deployed has the greatest impact to reduce security issues. Yet with all that agreement, it's still so darn hard to get users to actually use it. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Arvind Raman (@arvind78), CISO, Mitel. Huge thanks to our sponsor, Horizon3.ai See your enterprise through the eyes of the attacker, identify your ineffective security controls, and ensure your limited resources are spent fixing problems that can actually be exploited. More from Horizon3.ai. In this episode: If MFA is so great, why is it not more widespread? Are high valuations for cloud security startups a vote against cloud providers doing cloud security well? What is the biggest challenge in deploying zero trust on existing infrastructure? Are there universal security red flags?

All links and images for this episode can be found on CISO Series It's all risk, all show, for the entire show. It's just the kind of risk we like to take. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Derek Vadala (@derekvadala), chief risk officer, BitSight. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode: What cybersecurity risk is currently the most severe? What's important about of evaluating a startup's security protocols? What about third party risk management? Do you and your board know how resilient you are to a cyber attack?

All links and images for this episode can be found on CISO Series What do you give to the person who wants to learn how to steal everything? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Jim Wachhaus (@imanapt), risk intelligence evangelist, CyCognito. Thanks to our podcast sponsor, CyCognito By understanding risks, attacks, and behaviors from attack surface management data, CyCognito visualizes the pathways attackers will take to exploit your network enabling you the ability to see, understand and eradicate the threat. CyCognito is the only cyber risk intelligence platform that visualizes the attackers paths into your network. In this episode: How can we shore up our cybersecurity hygiene? What have we heard enough about with risk intelligence ? Gifts to buy someone who is looking into red teaming/vulnerability

All links and images for this episode can be found on CISO Series What do you do if your boss gave you a corporate laptop and you fear they installed some tracking software? Should you wipe the drive or simply quit? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Purandar Das (@dasgp), co-founder and president, Sotero. Thanks to our podcast sponsor, Sotero Today's compliance requirements require a security mindset that focuses on the data itself. We can't truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. In this episode: Did the pandemic lead to innovations in cybersecurity? What should a company do when an employee makes a major mistake like emailing PII? Have we all heard enough about encryption? What do we do when the boss gives us a "new" computer with monitoring tech on board?

All links and images for this episode can be found on CISO Series Risk is scary. Cyber risk is scarier. Not because it's worse, but mostly because we barely understand it. We've gone this long not understanding it. Maybe just ignoring it will allow us to wish it away. On this week's episode of CISO/Security Vendor Relationship Podcast we have our first in-studio guest (since we moved the studio). Joining me, David Spark (@dspark), producer of CISO Series and Mike Johnson is our in-studio guest TJ Lingenfelter (@tj_555), sr. program manager, information security, Taylormade Golf. Thanks to our podcast sponsor, BitSight These are challenging times for security professionals. From managing third party supply chain risk, to quantifying financial exposure, to reducing the likelihood of ransomware, BitSight helps security and risk professionals create more effective cybersecurity programs with cybersecurity ratings and analytics. Learn why Moody's, the Department of Defense, and other leading institutions partner with BitSight at www.bitsight.com In this episode: How can competitive companies can help each other be more secure? What to do when you can't get time with your CIO to discuss plans? Are we fooling ourselves to think we can maintain privacy for ourselves and that organizations can do it for us as well? What new cybersecurity buzzwords should be put to rest?

All links and images for this episode can be found on CISO Series There's no question calculating risk is tricky. Because once you understand your risk then you can assign budget appropriately to reduce your risk. OR, you could just wait until you're breached and you'll know exactly what your risk is and how much it costs. This week's episode of CISO/Security Vendor Relationship Podcast is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Dan Walsh, CISO, VillageMD. Thanks to our podcast sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. In this episode: What can we learn from a 10-year cybersecurity veteran? What can state governments do to 'hire better' in cybersecurity? What can companies do to attract cybersecurity professionals to their location? What are ways to bring a clearer understanding of risk to the business without being alarmist?

All links and images for this episode can be found on CISO Series Don't look at me to explain zero trust to you, because I'm just as confused. I've heard plenty of definitions, and they all sound good. I just don't know which one is right, or maybe they're all right. This week's episode of CISO/Security Vendor Relationship Podcast was recorded in front of a live audience at KeyConf at the City Winery in New York City. My guest co-host for this special episode is JJ Agha, CISO, Compass. Joining us on stage were a host of guests, Admiral Rogers, former NSA director and Commander US Cyber Command, Oded Hareven, CEO and co-founder, Akeyless, and Dr. Zero Trust, Chase Cunningham (@cynjaChaseC). Thanks to our podcast sponsor, Akeyless As organizations embrace automation, they must control their secrets sprawl. Security teams must enable the transition with centralized access to secrets, and consistent policies to limit risk and maintain compliance. Akeyless provides a unified, SaaS based solution for Secrets Management, Secure Remote Access, and Data Protection. More about Akeyless In this episode: Is zero trust easy for organizations to deploy and control? Are we taking zero trust too far? Does it help to have more eyes on the problem? What are the problems with secure remote access that we're still struggling with?

All links and images for this episode can be found on CISO Series It's extremely easy to say you want to diversify. In fact, I'll do it right now three times. We want diversity. We're very pro diversity and it's our focus for the next year. Diversity is a very important part of our security program. Please don't ask to though look at the lack of diversity on our staff. It doesn't match our rhetoric. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11. Thanks to our podcast sponsor, Vulcan Cyber Vulnerability scanners are commoditized. Cloud service providers provide free scanners. Open source scanners are plentiful. Your team doesn't need another scanner, but they need to get better at identifying and prioritizing the risk that is buried in that scan data. Attend the Vulcan Cyber virtual user conference and learn how to assess and mitigate risk across all of your surfaces. Go to vulcan.io and click the button at the top of the screen to register for the event. In this episode: How are you overcoming the challenges of diversity hiring? Are robocalls defeating MFA? Are you collaborative in cyber with your direct competitors? Were you sold something differently when you started in cyber?

All links and images for this episode can be found on CISO Series Do the cybercriminals know my vacation schedule? If they're already in our network, they probably do. Why don't they share their vacation schedule with me. That way we can all enjoy our time off. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Patti Titus (@rusecur), CISO, Markel. Thanks to our podcast sponsor, Sotero Today's compliance requirements require a security mindset that focuses on the data itself. We can't truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. In this episode: What role is the quickest to a CISO role? How can we best correlate security behavior to business actions? Are attacks more likely on Fridays, just before a long weekend or vacation? Which breaches this year caused a shift in focus of your security program?

All links and images for this episode can be found on CISO Series At one point a sales representative will get so desperate trying to get a reply from a prospect that they'll resort to some tepid attempt a humor. We've all seen the email that is trying to understand why we're not replying. And the salesperson tries to make it easy for the recipient to respond by just pressing a single digit. 1: You're too busy, 2: You didn't see my email, 3: You really wanted to respond but you're stuck in a well. This week's episode of CISO/Security Vendor Relationship Podcast was recorded in front of a live audience at the SF-ISACA conference in San Francisco. It features me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is my other co-host Andy Ellis (@csoandy), operating partner, YL Ventures. Huge thanks to our podcast sponsors, Code42, Sotero, and Constella Intelligence As organizations gradually and cautiously move out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. Today's compliance requirements require a security mindset that focuses on the data itself. We can't truly protect sensitive data when our solutions only provide protection at the network, application or database level. The good news is that you can now protect the actual data itself. Click to learn how. Threat actors target key employees due to their privileged access to sensitive data which can lead to credential theft, ATO, & ransomware attacks. Find out if your key employees and company have been exposed – without any obligation. More from Constella Intelligence. In this episode: How do you go about making a business case for further investment in cyber security initiatives? Is it possible to get people to get security people change their behaviors? Using humor in cold sales. Does it ever work? ...and what happens when it backfires?