Defense in Depth

All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: There are millions of cybersecurity jobs open. What's it going to take to fill all these jobs quickly? Are job description requirements partially to blame for holding back the industry from tapping into greater diversity of expertise? Is it better off if you hire, train, culturally integrate, and reward that person? Does burn out and a steep learning curve keep adding to the problem?

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

This podcast explores the challenges of trusting entry-level security professionals and how they can build trust and take on more responsibilities. It emphasizes the importance of mentorship, training, and institutionalized processes. The speakers also discuss the significance of self-thinking and problem-solving skills, as well as embracing imperfection and the value of entry-level employees.

The podcast discusses the need to fix processes to reduce risk and vulnerabilities. They focus on communication, collaboration, and motivation within a company. They highlight the importance of treating security as part of the enterprise risk program. They explore strategies for driving behavior change and motivating individuals. They also discuss different types of people in solving security problems and prioritizing vulnerabilities. The hosts share their favorite quotes and emphasize the importance of collaboration and addressing technical debt.

The podcast discusses the reality and impact of reputational damage caused by breaches, including the relationship between data breaches and stock prices. It highlights the importance of experience in handling breaches and explores the financial impact on small and medium-sized businesses. The episode delves into the significance of brand loyalty and customer trust, as well as the inevitability of breaches and the need for proper handling.

The podcast discusses the flaws of RFPs, including favoritism and wasted time. Alternative approaches and building relationships are suggested. The importance of understanding buyer's criteria and evaluating RFPs is explored. Two-way communication and building relationships before the RFI and RFP process is emphasized.

All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security. In this episode: What does successful cloud security look like? What are the moves we should be making in the cloud to improve our security? What constitutes a good cloud security posture? What should we be measuring when it comes to cloud security?

The podcast discusses the frustrations of a CISO bombarded with marketing emails and sales calls. It explores strategies for vendors to effectively engage with overwhelmed CISOs and the need for changes in targeted marketing. The chapter also emphasizes the benefits of sponsoring security conferences and the role of CISOs in evaluating new products. Efficient ways to gather information on valuable companies are highlighted, along with the hosts' interest in meeting industry professionals and their search for new talent.

This podcast discusses the increasing number of security product categories and their impact on the industry. Topics covered include the benefits and drawbacks of new categories, challenges in keeping up with new products, the role of CISOs in startups, the importance of ecosystem integration, and tensions in the security industry.

All links and images for this episode can be found on CISO Series. How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar (@sravish), founder and CEO, TrustCloud. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools. In this episode: How can security leaders best make a case for security? How do you go about matching business cases to every security action you want to take? Is this the right way to sell security to the board? How do you show that security can be aligned to business objectives?