CISO Series Podcast

All links and images for this episode can be found on CISO Series "Look, you wanna be elite? You have to do a righteous hack." This entire episode we pay tribute to the movie "Hackers" with quotes all throughout the programming. This episode is hosted by me, David Spark (@dspark), producer of CISO Series, and my guest co-host Roland Cloutier (@CSORoland), CISO, TikTok. Joining us in this discussion is Steve Tran (@steveishacking), CISO, MGM Studios. Thanks to our podcast sponsor, Code42 In this episode: Is it time to start thinking about protecting data differently? What is the biggest scam in tech that is deemed acceptable? Why is the convergence of security between physical and digital still not happening? Which part of your role is science vs art?

All links and images for this episode can be found on CISO Series It's extremely hard to tell if a cybersecurity leader is doing a good job. In fact, it's tough for even them to know. Our best bet is watching for an improvement in the cybersecurity program over time. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Mark Wojtasiak (@markwojtasiak), vice president, research & strategy, Code42 and co-author of "Inside Jobs." Thanks to this week's podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: What is your business's biggest frustration when managing cybersecurity? Aaaand...what is your biggest frustration when managing cybersecurity? How do you know when a Security Leader (including yourself) is doing a good job? Would it help if Security hired a marketing manager?

Here's an awesome bonus episode of CISO/Security Vendor Relationship Podcast featured as the closing event at Evanta's Global CISO Virtual Executive Summit. Here's what went down. The day before our recording, three representatives presented their unique and innovative security solutions to a panel of CISOs and the virtual audience in attendance. The next day, everyone came back to offer up a quick elevator pitch and to be grilled by the CISOs. That's exactly what you get to hear on this bonus episode of CISO/Security Vendor Relationship Podcast. Thanks to all our sponsors for this bonus episode of the podcast Kasada Axis Security Ordr Ten Eleven Ventures

All links and images for this episode can be found on CISO Series What game should we play where we can trust you to behave fairly, but at the same time see how you could take advantage of us? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Deneen DiFiore (@deneendifiore), CISO, United Airlines. Thanks to our podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: Does becoming a business-minded security person take time? What does a qualified, entry level candidate have to do to get noticed? Without clear ROI, how does a CISO justify their budget? What game taught you the most about thinking like a hacker?

All links and images for this episode can be found on CISO Series Do you really need hundreds of questions to know if you want to work with a vendor? Won't just two or three well-pointed questions really give you a good idea? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nick Selby (@fuzztech), CSO, Paxos Trust Company and co-host of Tech Debt Burndown podcast. Thanks to our podcast sponsor, Kenna Security In this episode: How do you suss out security vendors to make sure they're not a risk? How do you battle a typosquatter? What types of preparations do you have in place to know you're well prepared for an incident? How should CISOs and CIOs share cybersecurity ownership?

All links and images for this episode can be found on CISO Series OK, you showed us our vulnerability. But we really don't want to fix it now. Could we just pay you off to keep quiet, and to buy us some more time to deal with this in a "not so timely" manner? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sameer Sait (@sameersait), CISO, Amazon - Whole Foods. Thanks to our podcast sponsor, Code42 As organizations gradually and cautiously move out of adapt out of adapt-or-die mode into the post-pandemic era, we can expect a second phase of digital transformation: resilience building. This presents an opportunity for security teams. An opportunity to re-imagine data security. More from Code42. In this episode: What if software developers used academic citations for code acquired from outside sources? What is a reported security vulnerability doesn't get fixed? Where do you go next? What if a 3rd party app developer needs access to a file/print share over the internet? What if you receive a pitch that makes a grandiose statement like "no false positives?" Follow-up or hard pass?

No, please not another acronym. I can't take another education cycle on another product segment. Oh, I'm sure Gartner is launching it. And I'm sure they'll make yet another Magic Quadrant to tell us which companies are in this new market segment. And we're going to have to buy this report so we understand this new category so we can create yet another line item on our budget sheet. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Ed Bellis (@ebellis), co-founder and CTO, Kenna Security (now a part of Cisco). Thanks to our podcast sponsor, Kenna Security In this episode: How do you develop unbiased knowledge about a new technology? Do you have advice on how to prepare for a SOC interview? Vulnerability management: what have we heard enough of? Do your parents know what you do for a living?

You don't want anything to happen, but you also want security to somehow to calculate ROI. Maybe the ROI could be calculated from actual sales that security allowed to actually happen. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Ryan Gurney, CISO-in-residence, YL Ventures. Thanks to our sponsor, YL Ventures YL Ventures, a global VC firm, manages over $300 million and exclusively invests in early-stage Israeli cybersecurity startups. YL Ventures accelerates the evolution of its portfolio companies via strategic advice and operational execution, leveraging a network of CISOs and industry veterans from Fortune 100 and high-growth companies. In this episode: What happens when Application Surface Management (ASM) vendors are purchased as Security assets? What do you do when your company wants to use a really insecure SaaS product? Does a startup need a CISO, or just a CISO-in-residence? Is there a better sign other than "nothing happened" that indicates you did a good job in cybersecurity today?"

All links and images for this episode can be found on CISO Series It's imperative we speak to him. We want to make sure they landed safely. And if he has some available time, maybe we can show him our slide deck. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts. Thanks to our podcast sponsor, Grip Security Ask yourself – do I know what SaaS my company is using? How do users access them? What data is uploaded and downloaded? Enterprises today are using hundreds and thousands of different SaaS, and have lost control over it. Grip Security sees and secures every SaaS application. With simple deployment, you can have immediate visibility to the entire SaaS portfolio, and automated access and data governance at scale. This is the only way you could fight the SaaS Sprawl. In this episode: How do security vendors communicate their uniqueness and product quality? If you were to start a data security company - what gap would you fill? What's the pushiest sales tactic you've seen in InfoSec? Assessing vendor pitches on email security or human layer security

All links and images for this episode can be found on CISO Series I know your friends say they use excellent passwords, but they don't take the time and care we put into choosing the right combination of letters, numbers, and special characters that's unique to your personality. Once your friends and the dark web have a chance to see them, they'll want to emulate you by using your password over and over again. This week's CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo. Thanks to our podcast sponsor, HYPR HYPR is the leader in Passwordless Multi-factor Authentication. We protect workforce and customer identities with the highest level of assurance while enhancing the end user's experience. HYPR shifts the economics of attack to the enterprise's favor by replacing password-based MFA with Passwordless MFA. Welcome to The Passwordless Company®. It's time to reimagine Identity Access Assurance. Learn More » In this episode: Ways to make a good impression about the quality of your security How's passwordless access working for you? When an EULA says no to reviewing the product What does a good SOC look like to you?