CISO Series Podcast

This podcast explores the regulatory requirements of a cyberattack and the role of the FBI in responding to such incidents. The hosts discuss the importance of personal development in cybersecurity careers and analyze cyber threat trends. They also compare the consequences of a loss of satellite networks and a global financial meltdown. The speaker shares their experience working with the FBI on an espionage case and recommends building relationships with them as a CISO.

This podcast discusses the ongoing security mistakes organizations make with online collaboration apps, the risks and advancements of AI, the benefits of collaboration apps in eliminating shadow IT, and the challenges of information overload.

Guest Lorna Koppel, CISO at Tufts University, discusses the challenges of off-boarding employees. They also explore the dilemma of sharing hacking details, hiring practices, and the risks of sharing work computers. The importance of cross-training, mental health, and self-care is emphasized.

The podcast discusses tactics that security vendors should avoid when engaging with CISOs, the struggles organizations face in hardening their environments, and advice for early-stage CISO professionals. It also covers cybersecurity breaches, including the severity of ransomware vs internal security breaches.

Cybersecurity jobs should focus on competency rather than years of experience. Creating job posts to encourage competency. How applicants show competency on a resume. Importance of judgment in job descriptions. Prompt injection and the need for security measures. The trade-off of vendor selection in a crowded market. Overwhelming number of security vendors in the market and future outlook of the industry.

All links and images for this episode can be found on CISO Series. For some security problems, it can be tough to know when to try to fix the problem yourself or turn to a vendor. Deciding this shouldn't start with talking to someone that wants to sell you something. But how do you determine when it's time to call in a vendor? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for this episode is our special guest, Katie Ledoux, CISO, Attentive. Thanks to our podcast sponsor, Palo Alto Networks As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program. In this episode: Why do many organizations have a problem relating quantification to something meaningful to the business? Is there a way to understand risks on a continuum that will make relating these to business a little more manageable? What are the questions security professionals should be asking themselves?

All links and images for this episode can be found on CISO Series. Shifting Left is so five years ago. Advice and best practices are great, but context is king. Is there a mixture of best practices AND doing what's right for your business that's actually practical? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us for the episode is our sponsored guest Gaurav Banga, CEO, Balbix. Thanks to our podcast sponsor, Balbix Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs. In this episode: What are your most successful tactics when talking to the boardroom? Is there a mixture of best practices AND doing what's right for your business that's actually practical? What have you heard enough with automation and what would you like to hear a lot more?

All links and images for this episode can be found on CISO Series. There are so many third party vendors we want to work with, but uggh, their security and privacy is so troublesome. Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our guest is Phil Beyer, former head of security, Etsy. Thanks to our podcast sponsor, Balbix Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs. In this episode: There are many third party vendors that CISOs & practitioners want to work with, but why is their security and privacy so troublesome? Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security? What can frontline employees do to manage third-party risk?

All links and images for this episode can be found on CISO Series. Do you know what security categories were created this year? I have no idea. Do you know which ones were deleted? I don't think any. Is category growth designed to make more money for the industry? Does it help customers build a better security strategy? It seems like a necessary evil that just confuses customers. The number of categories never decreases or replaces old categories. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our sponsored guest is Maxime Lamothe-Brassard (@_maximelb), CEO and co-founder at LimaCharlie. Thanks to our podcast sponsor, LimaCharlie LimaCharlie is inviting you for the unveiling of the SecOps Cloud Platform during a two-hour LinkedIn Live event on Wednesday, July 19th, starting at 10:00am PST.  For every registrant, LimaCharlie will be donating $5 to the Internet Archive. Register for the event at limacharlie.io or on the LimaCharlie LinkedIn page. In this episode:  Do you know what security categories were created this year? Do you know which ones were deleted? Is category growth designed to make more money for the industry? Does it help customers build a better security strategy?

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Jesse Whaley, CISO, Amtrak. Our guest was Paul Branley, CISO, TSB Bank. We recorded this episode in front of a live audience in Tel Aviv as part of Team8’s CISO Summit 2023. CISO Series is honored to have been invited to record our show at the event. Thanks to our podcast sponsor, Team8 Team8 is a global venture group that builds and invests in early stage companies focused on digital transformation: cybersecurity, data, fintech and digital health. Its strong expertise in cyber is the backbone of Team8’s CISO Village - a community of hundreds of CISOs who enjoy access to thought leadership, networking events, and partner with Team8 to support its company building process. In this episode: Why should you NEVER boast about how good your security is? When upskilling your staff, how do you identify the knowledge that must be learned? Who will learn it? Who will provide it? What does this do to your current security if people are spending time teaching and learning?