CISO Series Podcast

Aamir Niazi, CISO at SMBC Capital Markets, discusses communicating security wins, red flags in interviews, offensive security trends, and the role of AI in cybersecurity on the podcast.

Guest Steve Zalewski discusses topics such as open source challenges, cybersecurity hiring, and sales knowledge. They debate on privacy invasion vs. embarrassment, cybersecurity quiz, and mastering interviews. The podcast also explores company security, risk management, and mentorship in cybersecurity.

Jeremiah Roe, Advisory CISO at OffSec, discusses data minimization as a regulatory imperative in the US and its impact on the industry. The podcast highlights challenges for CISOs in preparing for compliance and explores the importance of upskilling cybersecurity talent through training programs like red team and blue team training offered by OffSec.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Martin Mazor, vp and CISO, onsemi. In this episode: Has the shine worn off the cybersecurity promise of MFA? Why are threat actors increasingly finding ways to get around it? Given the high profile attacks we've seen getting around MFA, how much security stock should we put into it going forward? Thanks to our podcast sponsor, Material Security Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor. In this episode: Has the line between work and personal devices blurred? Why are we seeing signs that that line no longer exists for employees? What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices? Thanks to our podcast sponsors, Eclypsium and Normalyze Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark Where is my data? Is it sensitive? Who has access to the data? What are the risks? What is the cost of exposure? Am I compliant now? Enter Normalyze. Normalyze's agentless, machine-learning scanning platform continuously discovers sensitive data, resources, and access paths in all cloud environments. Learn more.

Guest Aaron Shaha, CISO at CyberMaxx, discusses paying down technical debt and systematic refresh decisions. Topics include transparency in security vendors, Genitive AI threats, communication in cybersecurity, extreme computer access scenarios for employees, and navigating cybersecurity challenges.

Thom Langford, CISO at Velonetic, discusses businesses pledging not to pay ransom demands but changing priorities post-attack. The importance of infrastructure and organizational commitment is highlighted. The podcast also explores ransomware resistance strategies, data security, communication styles, and cybersecurity talent shortage.

Matt Radolec, senior director at Varonis, discusses retaining cyber talent, prioritizing factors to keep key employees, and reducing risk with data assessments. The podcast explores scaling security programs, red team testing, ethical dilemmas in tech companies, and embracing an engineering automation culture in security.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Joshua Brown, vp and global CISO, H&R Block. In this episode: Why is retaining cyber talent so hard? How can organizations keep an employee from going elsewhere? Why do organizations often not prioritize the factors to keep key employees? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Alex Green, CISO, Delta Dental. In this episode: Is it true that employees cause as many significant cybersecurity incidents as outside threat actors? Does this come down to a lack of awareness or poorly designed security implementation? And what can we do to improve this situation? Thanks to our podcast sponsor, Silk Security Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.