Defense in Depth

All links and images for this episode can be found on CISO Series. When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? What's the overall theme you lead with when you're building a security program? Why is it an important question to answer before you build your program? How greatly can it vary?

All links and images for this episode can be found on CISO Series Why do strongly supported security frameworks have such severe limitations when building a security program? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode: Why do strongly supported security frameworks have such severe limitations when building a security program? Is it because the product security landscape updates with such speed and ferocity that these frameworks can't keep up? Are most regulatory and third-party compliance "programs" simply non-prescriptive? Is the intention to achieve compliance with every single control?

All links and images for this episode can be found on CISO Series. Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are ton of people getting training and trying to get into the industry, but we still have this problem. Why? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome Edwin Covert (@ebcovert3), head of cyber risk engineering, Bowhead Specialty. Thanks to our podcast sponsor, Orca Security In this episode: Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are tons of people getting training and trying to get into the industry, but we still have this problem. Why? Is there a problem with the system of hiring junior people, training, and preventing burnout? Is the problem gatekeepers who don't do anything to mentor or groom the next wave?

All links and images for this episode can be found on CISO Series. Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jason Kikta (@kikta), CISO, Automox. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? How can we give them guidance towards working on priorities in cybersecurity? How are the Vendors handling this? Can we create an "Adopt a Highway" program for cybersecurity?

All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, “You can’t protect what you don’t know.” Everyone agreed with that. Problem is, “what you don’t know” has grown… a lot." Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Everyone agrees that, “You can’t protect what you don’t know”, but what do you do when, “what you don’t know” has grown…a lot? With all our efforts to know our assets, are we doing any better understanding? How do we decide what we should really be measuring? How do we determine what’s most important in terms of asset management?

All links and images for this episode can be found on CISO Series A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Angela Williams, CISO, UL. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Is tying your product to a high profile event a good sales tactic for vendors? How can vendors best help cybersecurity professionals during emergency situations? Is there a correct way for vendors to capitalize on a high profile event?

All links and images for this episode can be found on CISO Series Why do CISOs seem more stressed out than other C-level executives? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Jared Mendenhall, Head of information security, Impossible Foods. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode: Do CISOs undergo more stress than other C-Suite jobs? Why do CISOs seem more stressed out than other C-level executives? Is it because the role is not fully formed and that CISOs don't get enough resources? Do the blurred lines of the CISO job increase the stress? Even more so that the CEO?

All links and images for this episode can be found on CISO Series How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Lee Parrish (@leeparrish), CISO, Newell Brands. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? To what level does the C-Suite need to be cyber savvy? How essential is it for senior leaders to know more?

All links and images for this episode can be found on CISO Series Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Steve Tran, CSO, DNC. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? If the person has the requisite background, why does it matter what the title they had before is?

All links and images for this episode can be found on CISO Series As an outside observer, how can you tell if a company is staying cyber healthy? While there is no financial statement equivalency to let you know the strength of a company's security profile, there are signals that'll give you a pretty good idea. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Matt Honea, CISO, SmartNews. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: As an outside observer, how can you tell if a company is staying cyber healthy? What are the signals to let you know the strength of a company's security profile? How do we go about trying to determine a company's cyber health? Why is it important to know about another company's cyber health?