Defense in Depth

All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, BCD Travel. Thanks to our podcast sponsor, Votiro Can you trust that the files entering your organization are free of hidden threats like malware & ransomware? With Votiro you can. Votiro removes evasive and unknown malware from files in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with email, cloud apps & storage, and content collaboration platforms like Microsoft 365 - wherever files need to flow. Learn more at Votiro.com. In this episode: Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? How can you learn and grow as a company if everyone fits into one box? Is reaching diversity an overnight achievement, or a longer journey?

All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jack Kufahl, CISO, Michigan Medicine. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: What is the right way to follow up with a CISO? How to prevent the difficulty of sales from clouding your good judgement? What are some ideas on how best to reach out to CISOs and other potential customers?

All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: What path should I take if I want to be a CISO? What security jobs/roles best prepare you to become a CISO? In what ways does the CISO role require totally different skills than the technical roles?

All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Dave Klein (@cybercaffeinate), director, cyber evangelist, Cymulate. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here. In this episode: What can we do to reduce the damage of a breach and the duration of detection and remediation? How do we determine what’s most important and how to best reduce risk? How can teams best reduce the impact of the "boom" you feel during a breach?

All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode: Where do we go to learn at every stage of our professional careers? We discuss how the learning process never really stops, but is on-going with cyber professionals continuing to learn throughout their careers. Why is the “know-it-all” leader a red flag to avoid?

All links and images for this episode can be found on CISO Series You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is sponsored guest Scott McCrady (@scottsman3), CEO, SolCyber. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: How do you communicate about cyber with the IT department? What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice?

All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: How do we secure data today, to be ready for whatever comes next in computing? How do we go about building a data transformation program that's platform agnostic? Why has this simple concept turned into a monumental task?

All links and images for this episode can be found on CISO Series Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Shevelyov, former CSO, Silicon Valley Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Is attack surface profiling the same as a pen test? What unique insight can attack surface profiling deliver? Is “Attack Surface Profiling” more like a natural evolution from traditional vulnerability management?

All links and images for this episode can be found on CISO Series What’s your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Simon Goldsmith (@cybergoldsmith), director of information security, OVO Energy. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. In this episode: What's the best indicator that your security program is actually improving? Does anyone care that you're actually improving your security posture? What should we be measuring to prove a security program is working and getting better?

All links and images for this episode can be found on CISO Series Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Ty Sbano (@tysbano), CISO, Vercel. Thanks to our podcast sponsor, Thinkst Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this. Deploy Canaries in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents. In this episode: What can be done to improve CISO recruiting? Is there a disconnect between HR and what the company actually needs regarding a position? How long should the interview process take?