CISO Series Podcast

All links and images for this episode can be found on CISO Series We've heard the question "How secure are we?" many times, and we know what it really means. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air. Thanks to our podcast sponsor, Enso Enso, an Application Security Posture Management platform, helps security teams scale and gain control over their AppSec programs. Enso discovers application inventory, ownership and risk to easily build and enforce security policies and transform AppSec into an automated, systematic discipline. In this episode: Red flag-level bad security: run away or offer to help? How necessary is it to know patterns of where and how criminals are going to attack? How to manage the risk of onboarding entry level cybersecurity personnel who lack prior job experience? How do you answer the question, "Are we secure?"

All links and images for this episode can be found on CISO Series What questions should we be asking of a consultant's referrals to see if they're really worth the money they're trying to overcharge us? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Ira Winkler (@irawinkler), CISO, Skyline Technology Solutions. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform. In this episode: Fujifilm refused to pay ransomware demand, restored from backup. Be like Fujifilm. What to do with people who ask for your password and sign-on – and those who comply Best techniques for interviewing cybersecurity consultant candidates The importance of securing inter-organization Slack and Teams channels

All links and images for this episode can be found on CISO Series You think it's easy carrying around the burden of being so perfect all the time? It's tough to carry that responsibility to tell others what they need to do. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ed Contreras (@cisoedwardc), CISO, Frost Bank. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform. Does a quality tech stack help with recruitment and retention of talent? Should security features be free? And should those who charge be shamed? Failing phishing tests - is there a limit to how many?

All links and images for this episode can be found on CISO Series We know we've got to say something about this breach, but geez, the details are really sordid and it would just be easier if we could just wrap it up with one giant "oops." You cool with that? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Matt Radolec, senior director, incident response and cloud operations, Varonis. Thanks to our podcast sponsor, Varonis Varonis will help you get meaningful data security results faster than you thought possible. Protect sensitive data, detect sophisticated threats and streamline privacy and compliance. Visit varonis.com/risk for a demo of Varonis' leading data security platform. In this episode: How have insider threats morphed since the onset of Covid? Should paying ransomware be illegal? What goes into a good post-breach public incident response? Should ransomware focus more on backups?

All links and images for this episode can be found on CISO Series Managing my own risk is tough enough, but now I have to worry about my partners' risk and their partners' risk? I don't even know what's easier to manage: the risk profile of all my third parties or all the exclusions I've got to open up to let third parties into my system. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Bruce Potter (@gdead), CISO, Expel. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. In this episode: What's easier to manage, 3rd party risk profiles or exclusions? Do you need a Git repository to apply for a job? What else? What's in your happy-grab-bag for hybrid work environments? Is there anything new to say about ransomware strategy?

All links and images for this episode can be found on CISO Series If I'm going to be riding my team really hard, how much charisma will I need to keep the team frightened so they stay motivated, yet don't want to leave? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jason Fruge (@jasonfruge), CISO, Rent-a-Center. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. In this episode CISO's second job: applying lessons learned from the first one Experts weigh in on what to do when a breach drops malware on you How to motivate staff to push themselves beyond initial expectations? What level of autonomy do you give your staff to make purchase decisions?

All links and images for this episode can be found on CISO Series Great, you just purchased the cloud. Are you a little confused as to what you're going to do with it? Not a problem. Let's get you set up right with a world class misconfiguration. That should leave you open to all kinds of breaches. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Johnathan Keith, CISO, Viacom/CBS Streaming. Thanks to our podcast sponsor, AppOmni AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they're fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data. Why do we hear so many stories about poor & misconfigured cloud services? The benefits of Infrastructure as Code (IaC) What makes a vendor meeting worth your time? What's the best way to learn about a company's culture in a job interview?

All links and images for this episode can be found on CISO Series We're trying really hard to keep our customers' data safe, but we all know given the number of attacks happening, our number will eventually come up, and we'll lose your data just like every other organization you trusted. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sandy Dunn (@sub0girl), CISO, Blue Cross of Idaho. Thanks to our podcast sponsor, Expel Expel offers companies of all shapes and sizes the capabilities of a modern Security Operations Center without the cost and headache of managing one. Dissecting Allen Gwynn's "one strike" opinion piece Transitioning cybersec into a mindset for all employees Shifting the risk: buying cyberinsurance instead of tools What's the proper way to behave during a breach?

All links and images for this episode can be found on CISO Series As good as our virtual bouncers are, they often let in people with what seems to be a valid ID, and then once they're in our nightclub they cause a disruption and we have to kick them out. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Sandy Wenzel (@malwaremama), cybersecurity transformation engineer, VMware. Sandy also recommends participating in Pro's vs. Joe's CTF. Thanks to our podcast sponsor, VMware In this episode: How we have become more agile (and how we define agile) Five skills every SOC analyst needs (and how to build them) Lateral movement by threat actors (what have we heard enough of) What are some good assignments to give a cybersecurity intern (and are there better ones?)

All links and images for this episode can be found on CISO Series We're a brand new consultancy and we promise if you just let us poke around your network, we'll find something wrong. Because everyone has something wrong in their network. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care. Thanks to our podcast sponsor, VMware In this episode: Prioritizing the security challenges around risk and compliance What to consider before starting your own security consulting business The most valuable things you should learn from peers in your network or community