CISO Series Podcast

Kush Sharma, Director of Municipal Modernization & Partnerships at MISA Ontario, dives into the challenges municipalities face in cybersecurity. He discusses the critical first security hire and the importance of a strategic mindset beyond basic measures. The conversation highlights the unique hurdles of limited resources and regulatory pressures, advocating for simple yet effective cybersecurity practices. Sharma also emphasizes the necessity of diversifying security vendors to mitigate risks, promoting stakeholder engagement for essential funding and resilience.

Bethany De Lude, the CISO at the Carlyle Group, shares insights on the evolving landscape of cybersecurity leadership. She emphasizes the importance of storytelling for CISOs in communicating risks to board members, particularly with new SEC regulations. The discussion also covers the need for equal standing with CIOs, the challenges of credential sharing, and building trust with vendors. With a focus on enhancing corporate security culture and adapting to rapid tech changes, De Lude provides a captivating perspective on modern cybersecurity challenges.

In a lively conversation, Ty Sbano, the CISO at Vercel, shares his journey in cybersecurity and how taking on the CIO role helped improve relationships within the organization. He emphasizes the significance of employee well-being in managing insider threats and suggests coaching instead of shaming to foster a positive workplace culture. The discussion includes the value of phishing simulations and the evolving dynamics between CISOs and CIOs, alongside a cultural shift needed for integrating security practices into DevOps.

Fredrick Lee, the Chief Information Security Officer at Reddit, shares his insights on the evolving role of CISOs in tech-lead organizations. He discusses the importance of technical proficiency for effective communication and risk management. The conversation highlights challenges in cybersecurity hiring and the necessity for clear job descriptions. Lee also emphasizes using open source solutions to enhance organizational capabilities and navigating cybersecurity hurdles in municipal settings.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Justin Somaini, partner, YL Ventures. In this episode: The startup balancing act Giving back is its own reward When to pen test Getting ahead with generative AI policy Thanks to our podcast sponsor, Vanta! Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Patti Titus, the CISO of Booking Holdings, shares her expertise in resilience and communication within cybersecurity. She emphasizes the shift from traditional defense to embracing cyber resilience, focusing on recovery post-incident. Patti discusses the essential role of effective communication and cross-department cooperation in incident response planning. The conversation also dives into the implications of quantum computing for cybersecurity, advocating for diverse teams to foster innovation and address systemic issues in the field.

Amir Khayat, CEO and co-founder of Vorlon Security, dives into the critical landscape of incident response. He discusses the complexities and evolving challenges organizations face, emphasizing the importance of human intervention alongside automation. The conversation touches on insider threats versus data leaks, advocating for better employee communication during phishing incidents. Khayat also highlights the significance of managing third-party API security to maintain data integrity and proactive risk management in a rapidly shifting cybersecurity environment.

Danny Jenkins, CEO of ThreatLocker, shares his insights on Zero Trust endpoint security, emphasizing its importance in combatting cyber threats. He discusses the challenges of implementing a Zero Trust model within legacy systems and the need for effective penetration testing strategies. Jenkins highlights the balance between strong security measures and business functionality, particularly for remote logins. Finally, he underscores the vital skills for cybersecurity professionals, stressing the significance of authentic communication in fostering trust.

Abhishek Agrawal, CEO and co-founder of Material Security, dives into the complexities of cybersecurity in cloud environments. He discusses the shift from traditional Defense in Depth to Zero Trust principles, emphasizing the need for collaboration with HR to manage insider risks. The conversation touches on email security, particularly as both a target and vector for attacks. Agrawal also explores the heightened security challenges that arise when companies go public, highlighting the importance of governance and risk management in a rapidly evolving threat landscape.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron. In this episode: SEC disclosure rules require cyber readiness Breaking up the “boys club” Building a threat intelligence ecosystem Blending InfoSec communities and careers Thanks to our podcast sponsor, Vanta! Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.