CISO Series Podcast

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Justin Somaini, partner, YL Ventures. In this episode: The startup balancing act Giving back is its own reward When to pen test Getting ahead with generative AI policy Thanks to our podcast sponsor, Vanta! Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Patti Titus, the CISO of Booking Holdings, shares her expertise in resilience and communication within cybersecurity. She emphasizes the shift from traditional defense to embracing cyber resilience, focusing on recovery post-incident. Patti discusses the essential role of effective communication and cross-department cooperation in incident response planning. The conversation also dives into the implications of quantum computing for cybersecurity, advocating for diverse teams to foster innovation and address systemic issues in the field.

Amir Khayat, CEO and co-founder of Vorlon Security, dives into the critical landscape of incident response. He discusses the complexities and evolving challenges organizations face, emphasizing the importance of human intervention alongside automation. The conversation touches on insider threats versus data leaks, advocating for better employee communication during phishing incidents. Khayat also highlights the significance of managing third-party API security to maintain data integrity and proactive risk management in a rapidly shifting cybersecurity environment.

Danny Jenkins, CEO of ThreatLocker, shares his insights on Zero Trust endpoint security, emphasizing its importance in combatting cyber threats. He discusses the challenges of implementing a Zero Trust model within legacy systems and the need for effective penetration testing strategies. Jenkins highlights the balance between strong security measures and business functionality, particularly for remote logins. Finally, he underscores the vital skills for cybersecurity professionals, stressing the significance of authentic communication in fostering trust.

Abhishek Agrawal, CEO and co-founder of Material Security, dives into the complexities of cybersecurity in cloud environments. He discusses the shift from traditional Defense in Depth to Zero Trust principles, emphasizing the need for collaboration with HR to manage insider risks. The conversation touches on email security, particularly as both a target and vector for attacks. Agrawal also explores the heightened security challenges that arise when companies go public, highlighting the importance of governance and risk management in a rapidly evolving threat landscape.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron. In this episode: SEC disclosure rules require cyber readiness Breaking up the "boys club" Building a threat intelligence ecosystem Blending InfoSec communities and careers Thanks to our podcast sponsor, Vanta! Whether you're starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

Jason Clark, the Chief Strategy Officer at Cyera, dives into the hot topic of AI risk management. He discusses whether AI demands new security protocols and how organizations can meet emerging SEC requirements. The conversation includes the importance of data security for empowerment and the need for upskilling through generative AI. Clark emphasizes the complexities around cybersecurity regulations and the vital role of effective data classification in safeguarding sensitive information.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: The Gordian knot of EDR Can we keep up with patching? Making AI practical Standardization or granularity? Thanks to our podcast sponsor, ThreatLocker! ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Allan Alford, CISO, Eclypsium. In this episode: Evolving public-private partnerships New technology, but not a new challenge Securing the hidden layers of the supply chain Balancing usability and control Thanks to our podcast sponsor, Eclypsium Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.

Ryan Bachman, EVP and global CISO at GM Financial, discusses executive changes in cybersecurity, cyber insurance collaboration, leadership expectations from CISOs, and the importance of general counsel in incident response. Debates on telemetry usage, vulnerability assessments, physical vs digital social engineering risks, and communication with executives are also highlighted.