CISO Series Podcast

If I knew more about your current security needs, I'd probably be able to tell you what security product to buy. But that would require me to spend time understanding your needs and this podcast is only 30 minutes long. Instead, we decided to uncover the universal truths of what security product you shouldn't buy. In this episode of the CISO/Security Vendor Relationship podcast, we uncover failed CISO product purchases plus: Do temporary dips in hacker attacks change your security posture? What CISOs LOVE to see in their inbox. For this week, we're talking about their favorite reports. What metrics are CISOs following? And what are the metrics CISOs use to determine those metrics? Oh, and are there any metrics CISOs should ignore? Our CISOs digest a vendor pitch. And for "Ask a CISO," we question the value of case studies in print or video form. And as always, we launch the show with a 10-second security tip! As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Randall (Fritz) Frietzsche (@frietzche), CISO, Denver Health, Denver ISSA distinguished fellow, and teaches at Harvard University. We Want Your Input and Critiques For every episode we want input from listeners! Please contact me here or on LinkedIn and send me the following: "Ask a CISO" question. A vendor pitch you want us to critique. A hot security discussion (please provide a link). A quick security tip. A big industry story and what it means to security professionals. In all cases, we can or can't mention you and your company name or keep you anonymous. Just let me know what you want. Listen and Subscribe to the CISO/Security Vendor Relationship Podcast So many ways to connect and listen to the podcast. iTunes Google Play Stitcher RSS Feed Sponsor the Podcast If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

We're fed up with vendors who think they can detect any breach, but we're not fed up with breach detection. On this week's episode: Are millennials excited or not excited about working in security? Supposedly, nine percent of all millennials are interested in a job of security. Is that good news/bad news/misrepresented news? (Read the story) Haroon Meer's amazingly open story of the money Thinkst spent at RSA 2018. Was it worth it? Great advice for anyone else sponsoring a big tech conference. (Read the story) Are you sponsoring Black Hat or another big tech conference? Pick up my book, Three Feet from Seven Figures: One-on-One Engagement Techniques to Qualify More Leads at Trade Shows. We talk about breach detection and the use of deception devices. When a breach happens, should you or shouldn't you blame the victim? How should security sales managers pump up their team for sales? Is letting people know that they're the only ones to fix their customers' problems the right tactic? This episode is sponsored by Thinkst, makers of Canary deception devices. Read how much their customers love their product here. As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Haroon Meer (@haroonmeer), founder and researcher of Thinkst. We Want Your Input and Critiques For every episode we want input from listeners! Please contact me here or on LinkedIn and send me the following: "Ask a CISO" question. A vendor pitch you want us to critique. A hot security discussion (please provide a link). A quick security tip. A big industry story and what it means to security professionals. In all cases, we can or can't mention you and your company name or keep you anonymous. Just let me know what you want. Listen and Subscribe to the CISO/Security Vendor Relationship Podcast So many ways to connect and listen to the podcast. iTunes Google Play Stitcher RSS Feed Sponsor the Podcast If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

Are you managing your passwords the same today as you did five years ago? On this episode of the CISO/Security Vendor Relationship podcast, we discuss the changing landscape of what we once thought were best practices, but aren't anymore. On this episode: Which CEOs are more fatalistic about inevitability of cyber attacks Explaining cyber risks to the board Reappropriating the word "hacker." My cartoon that spurned a debate and Rick McElroy of Carbon Black's discussion on LinkedIn. What we're no longer advising you do with your passwords. Do cold calls and emails ever work? What are CISO's biggest organizational roadblocks? All that and a ten-second security tip. As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Maxime Rousseau (@maxrousseau), CISO, Personal Capital. We Want Your Input and Critiques For every episode we want input from listeners! Please contact me here or on LinkedIn and send me the following: "Ask a CISO" question. A vendor pitch you want us to critique. A hot security discussion (please provide a link). A quick security tip. A big industry story and what it means to security professionals. In all cases, we can or can't mention you and your company name or keep you anonymous. Just let me know what you want. Listen and Subscribe to the CISO/Security Vendor Relationship Podcast So many ways to connect and listen to the podcast. iTunes Google Play Stitcher RSS Feed Sponsor the Podcast If your company would like to sponsor this podcast, please contact David Spark at Spark Media Solutions.

Want to get under a CISO's skin? Ask them if they have a concern for security in their environment. It's like asking a chef if they're concerned about preparing food. In this week's episode of the CISO/Security Vendor Relationship Podcast we learn how the following: Dumbest mistakes you can make as a CISO What to do on day 1 when you're a CISO Why is everyone talking about this now? Questioning a CISO's job interests. Please, Enough. No, More on GDPR. We critique a vendor pitch. And "Ask a CISO." As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Richard Greenberg (@ragreenberg), CISO, LA County Department of Health Services as well as chapter presidents of ISSA and OWASP in Los Angeles. This episode is sponsored by Signal Sciences. We thank them for their support. We Want Your Input and Critiques For every episode we want input from listeners! Please contact me here or on LinkedIn and send me the following: "Ask a CISO" question. A vendor pitch you want us to critique. A hot security discussion (please provide a link). A quick security tip. A big industry story and what it means to security professionals. In all cases, we can or can't mention you and your company name or keep you anonymous. Just let me know what you want. Listen and Subscribe to the CISO/Security Vendor Relationship Podcast So many ways to connect and listen to the podcast. iTunes Google Play Stitcher RSS Feed Sponsor the Podcast If your company would like to sponsor this podcast, please contact David Spark at http://www.sparkmediasolutions.com/contact/Spark Media Solutions.

Did Katy Perry provide sound security advice, or didn't she? You'll have to listen to the latest episode of the CISO/Security Vendor Relationship Podcast to find out. In this episode: A Third of UK Organizations Have Sacked Employees for Data Breach Negligence Younger Employees Identified as 'Main Culprits' of Security Breaches Who has your CEO's credentials? – by Robert Herjavec, one of the sharks on "Shark Tank" NEW Segment: Please, Enough. No, More. This week we talk about identity management What do you think of this pitch? A pitch from Cobalt Ask a CISO. How many tools in your suite? Are you worried about integration? As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Richard Rushing (@secrich), CISO, Motorola Mobility. The written content for this podcast was first published on Security Boulevard.

On this week's episode of the CISO/Security Vendor Relationship podcast we ask, "What good is a security alert if there's no actionable item?" As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Wendy Nather (@wendynather), director, advisory CISOs, Duo Security. On this episode, you'll learn: Flex your incident response muscles. Does your cybersecurity policy change around high-profile events? What's the definition of cybersecurity and why do so many people care? How a security vendor helped me a long time ago, but Mike thought about them this week. A couple of vendors submit their pitches for a critique. One is confusing and one is almost perfect. And a couple of "Ask a CISO" questions. The written content for this podcast was first published on Security Boulevard.

Don't bother trying to craft a potentially clever, funny and adorable email that you hope will tickle a security practitioner; it's simply not going to work. When it comes to security pitches, practitioners just want the facts. While humor is appreciated, a cold email pitch is not the time to showcase your creative writing skills. As always, the show is hosted by me, David Spark (@dspark), founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. Our guest this week is Jeremiah Grossman (@jeremiahg), CEO, Bit Discovery. On this week's CISO/Security Vendor Relationship podcast, You'll discover that InfoSec truism and: 10-second security tip (do you have these security controls in place?). The correct pronunciation of CISO (and whether anyone cares). Consumers and activists issuing lawsuits in the name of GDPR and why that's a good thing for the future of GDPR. The increasing cost of breaches. A new method to get a security practitioner's time (Is the idea so crazy it will work? Or do we just need more crazy ideas?). How a security vendor helped me this week. The written content for this podcast was first published on Security Boulevard.

After tackling some dodgy audio issues, we have released the second episode of the CISO/Security Vendor Relationship podcast with our guest Kip Boyle (@KipBoyle), CEO of Cyber Risk Opportunities. Subscribe to Kip's podcast. As always, the show is hosted by myself, David Spark (@dspark), Founder, Spark Media Solutions and Mike Johnson, CISO, Lyft. In this episode, "Security Vendors Buy Their First Pack of Condoms": 10-second security tip. Amazon Alexa hacked or just a failure of the technology? Does rebooting your router help or is it just security theater? Will automation replace entry-level SOC jobs and if so, how do we bring in new security talent? How security vendors helped me this week. Security vendors padding their pitches. Mitigating new risks or getting back to security basics? The written content for this podcast was first published on Security Boulevard. Creative Commons photo attribution to Peter Rivera.

I'm proud and excited to announce the launch of the CISO/Security Vendor Relationship Podcast based on the series of articles and videos I produced that examine the relationship between security buyers and sellers. That series was heavily inspired by the writings, posts and insane engagement that Mike Johnson, CISO of Lyft, continues to drive on LinkedIn. And what's even more awesome, Mike agreed to be my co-host! For our first episode, Mike and I invite Dwayne Melançon (@ThatDwayne), CTO, Innovyze. In this episode we have: 10-second security tips. Tidal claims "breach" when they're accused of faking streaming numbers Google Chrome switches its "secured" website alert to one of "not secured" Juro introduces a privacy policy that anyone can read. How security vendors helped me this week How to improve your pitch And ASK a CISO The written content for this podcast was first published on Security Boulevard.