Defense in Depth

Guests: David Spark, producer of CISO Series, and Geoff Belknap, CISO, LinkedIn. The podcast explores who is at fault when breaches occur, the tool or the administrators who configure it. It discusses the relationship between complexity and security breaches, the value of specialization in building point solutions, the impact of misconfiguration in data breaches, misaligned expectations in cybersecurity products, reasons for breaches, and the importance of implementing security measures.

In this podcast, cybersecurity professionals discuss what they love about their job, including the ability to influence organizations, helping people and businesses, and the cool factor of the field. They also highlight the importance of diversity and military training in cybersecurity, collaboration and teamwork, and personal growth and transformation in the field.

This podcast discusses the need to build security programs that account for human fallibility and why users should be educated instead of managed. It also highlights the importance of creating a culture of psychological safety, protecting employees, and understanding normal behavior for identifying security risks. Additionally, the speakers emphasize the responsibility of users to handle data securely and the significance of user experience and easy security processes.

All links and images for this episode can be found on CISO Series. How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Radley Meyers (@radleymeyers), Partner, SPMB Executive Search. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies. In this episode:  How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Do you have a sound understanding of the WHY behind the organization's existence and how value is added or taken away? How do you lay out a plan to win in whatever industry you are in because of security NOT despite it?

All links and images for this episode can be found on CISO Series. How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies. In this episode: How do you become a CISO? Why doesn't it follow a linear pattern as many other professions? Why are there so many different paths and entry points? Why is it valuable to know how others did it and how you can glean that knowledge and apply it to your situation?

All links and images for this episode can be found on CISO Series. What would it take to build your entire security program on open source software, tools, and intelligence? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome guest DJ Schleen (@djschleen), distinguished security architect, Yahoo Paranoids. Thanks to our podcast sponsor, SPMB SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies. In this episode: What would it take to build your entire security program on open source software, tools, and intelligence? Is it possible/feasible/practical to run a security program entirely based upon free and open source software, open source tools, and open source intelligence? Is it true that the more open source you use the more people you need? Do commercial software systems, tools, and intelligence have value above what can be found in open source?

All links and images for this episode can be found on CISO Series. Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, Dolby. Yaron and I welcome Dan Walsh, CISO, VillageMD. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools. In this episode:  When it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Should we have a “glass half empty” or a “glass half full” attitude towards third party risk? Wouldn't it be better to measure the level of how much we can TRUST the 3rd party? Is it vitally important to assess how resilient the organization is to failure caused by each third party?

The podcast discusses the inefficiency of the cybersecurity sales process and explores ways to improve it. Topics include building relationships and trust in the sales cycle, the importance of relevant and professional interactions, working with value-added resellers, and building strong relationships with vendors.

All links and images for this episode can be found on CISO Series. When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss. Thanks to our podcast sponsor, runZero runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com. In this episode: When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? What's the overall theme you lead with when you're building a security program? Why is it an important question to answer before you build your program? How greatly can it vary?

All links and images for this episode can be found on CISO Series Why do strongly supported security frameworks have such severe limitations when building a security program? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Stas Bojoukha, CEO, Compyl. Thanks to our podcast sponsor, Compyl GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted. In this episode: Why do strongly supported security frameworks have such severe limitations when building a security program? Is it because the product security landscape updates with such speed and ferocity that these frameworks can't keep up? Are most regulatory and third-party compliance "programs" simply non-prescriptive? Is the intention to achieve compliance with every single control?