Defense in Depth

Rob Allen, Chief Product Officer at ThreatLocker, discusses the challenges of implementing Zero Trust security. He highlights how legacy infrastructure hinders progress and the complexity of shifting to new security models. The conversation also touches on the human factors involved, underscoring the need for user-friendly security to address resistance. Allen emphasizes that Zero Trust isn't a one-time fix but a transformative mindset that balances protection with organizational needs.

Terry O'Daniel, former CISO at Amplitude, shares insights on the crucial topic of cybersecurity prioritization. He emphasizes the need to align security strategies with actual business risks, advocating for better stakeholder engagement. O'Daniel discusses the difference between metrics and actionable measurements, stressing the importance of a proactive approach in security culture. He also highlights the need for effective communication and context in identifying critical assets, while encouraging the development of mature roles within security leadership.

Matt Eberhart, CEO of Query AI, leads a Federated Search and Analytics platform that optimizes security data management. He discusses the crucial importance of data quality over sheer volume in AI-driven decision-making. The conversation touches on the connectivity challenges faced by security teams and highlights how graph-based models can enhance AI applications. Eberhart emphasizes the transformative potential of AI in reducing burdensome workflows, enabling analysts to focus on strategic insights instead of repetitive tasks.

Join Jason Thomas, Senior Director of Technology, Security, Governance, and Risk at the Cystic Fibrosis Foundation, as he dives into the crucial intersection of sales and cybersecurity. He discusses the 'trust deficit' in client relationships and the business accountability gap that plagues the industry. Jason emphasizes the need for sales professionals to enhance their technical knowledge and communication skills to build lasting trust. He critiques ineffective sales tactics and advocates for a more strategic approach to cybersecurity sales.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode, co-hosted by me, David Spark, the producer of CISO Series, and Dan Walsh, CISO, Datavant. Joining them is Sneha Parmar, former information security officer, Lufthansa Group Digital. In this episode: Shifting left, broadening out The insurance wake-up call Building trust into the system Security’s identity crisis A huge thanks to our sponsor, Doppel Doppel is the first social engineering defense platform built to dismantle deception at the source. It uses AI and infrastructure correlation to detect, link, and disrupt impersonation campaigns before they spread - protecting brands, executives, and employees while turning every threat into action that strengthens defenses across a shared intelligence network. Learn more at https://www.doppel.com/platform

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is David Cross, CISO, Atlassian. In this episode: The experience prerequisite The bootcamp reality check The compensation conundrum The domain expertise imperative A huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

Steve Knight, former CISO at Hyundai Capital America and a seasoned expert in third-party risk management, dives into the art of evaluating vendors. He emphasizes the importance of tailored assessments and moving past mere compliance metrics. The conversation highlights the balance needed between trust and rigorous vetting, and how interpersonal relationships can enhance vendor evaluations. Knight also champions the integration of Third Party Risk Management as a vital element of an organization's digital immune system, making it more than just a box-checking exercise.

All links and images can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by David Spark, the producer of CISO Series, and Mike Johnson, CISO, Rivian. Joining is Hanan Szwarcbord, vp, CSO and head of infrastructure, Micron Technology. In this episode Embracing growth An urgent need for creativity Get the business context Embrace your inner theater kid Huge thanks to our sponsor, Query.ai Query is a Federated Search and Analytics platform that builds a security data mesh, giving security teams real-time context from all connected sources. Analysts move faster and make better decisions with AI agents and copilots that handle the grunt work and guide each step. Learn more at query.ai

All links and images can be found on CISO Series. Check out this post by Justin Pagano at Klaviyo for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Jesse Webb, CISO and svp information systems, Avalon Healthcare Solutions. In this episode: Align the incentives The feature and enforcement disconnect Putting the right people in the right place A need for transparency   Huge thanks to our sponsor, ThreatLocker ThreatLocker® is a global leader in Zero Trust endpoint security, offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

In this discussion, Jason Steer, CISO at Recorded Future, dives into the intricacies of threat intelligence and cybersecurity. He highlights the overwhelming challenge security teams face in sifting through vast amounts of threat data. Key topics include the necessity of actionable data, the balance between efficiency and effectiveness in identifying threats, and the pivotal role of AI in providing contextual insights. Steer emphasizes the importance of aligning threat intelligence efforts with business needs to strengthen security posture.