CISO Stories Podcast (Audio)

Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Jack_Jones_Article.pdf   Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp56 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin describes how to leverage the current environment to “find” new sources of budget to fund the right cybersecurity investments.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_KevinRichards_Article.pdf   Richards, K. 2019. Creating Budget Where There Is No Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 482. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp55 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf   Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp54 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact that IT governance is eroding as easily and quickly should tell IT and infosec teams that they need to ditch their legacy models of service delivery and adopt an approach that addresses the current business needs and digital transformations many companies are undertaking. The security implications of this are significant in that security programs are not typically sized nor funded to deal with one technology approach yet alone two. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change.   Show Notes: https://securityweekly.com/csp53 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security concerns. Steve discusses approaches to remaining compliant with the various laws (i.e., restricting where the data may reside) when moving to the cloud.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Steve_Orrin_Article.pdf   Orrin, S. 2019. Why Hardware Matters in Moving Securely to The Cloud. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 122. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp52 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if there are 90 of these organizations? Join this podcast to learn from a healthcare CISO who tackled this dilemma and subsequently changed a government law!   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Samantha_Thomas_Article.pdf   Thomas, S. 2019. Privacy Hunger Games: Change the Rules. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 344. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp51 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Listen to Dawn-Marie, who has navigated organizations as a CISO during crisis and consultant to “play like you practice.”   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Dawn-Marie_Hutchinson_Article.pdf   Hutchinson, D. 2019. Server Room to War Room…Enterprise Incident Response. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 214-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp50 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

As if CISOs don’t have enough to focus on, here’s a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest “fads” like CASB, ZTNA, SASE and more…   Show Notes: https://securityweekly.com/csp49 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, and we need to find a better way. This session explores the experience of creating over 300 models using data science, machine learning, and automated incident response to increase the security posture for a major organization.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Jim_Routh_Article.pdf   Routh, J. 2019. Model-Driven Security is Making Fundamental Changes to Security Posture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 163-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp48 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? Join this podcast to learn from the multiple term-elected ISSA International President.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Candy_Alexander_Article.pdf   Alexander, C. 2019. CISO approach to Training. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 478. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/