Defense in Depth

All links and images for this episode can be found on CISO Series How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Mike Hanley (@_mph4), CSO, GitHub. Thanks to our podcast sponsor, Anjuna Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource anywhere. In this episode: When building a cybersecurity culture, where is the most important place to start? How can we avoid it just becoming "lip service"? How can we blend cybersecurity culture into the main corporate culture?

All links and images for this episode can be found on CISO Series You're a security vendor and you've got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Ed Amoroso (@hashtag_cyber), founder and CEO, Tag Cyber. Huge thanks to our sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here. In this episode: What are the right questions to ask? How can we better understand each other? What to NOT do in an analyst conversation    

Michael Johnson, CISO of Novi, discusses the safety of sensitive data in the public cloud vs on-prem. Topics include the advantages of the public cloud, debunking cloud security myths, pros and cons of on-prem and public cloud solutions, leveraging unique talents in the cloud, transitioning to the cloud and benefits of confidential computing.

All links and images for this episode can be found on CISO Series Security professionals are drowning in activities. Not all of them can be valuable. What should security professionals stop doing be to get back some time? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jim Rutt, CISO, Dana Foundation. Thanks to our podcast sponsor, Thinkst Most companies discover they’ve been breached way too late. Thinkst Canary fixes this: just 3 minutes of setup; no ongoing overhead; nearly 0 false positives, and you can detect attackers long before they dig in. Check out why our Hardware, VM and Cloud-based Canaries are deployed and loved on all 7 continents. In this episode: What tool or process should we stop doing to stop wasting time? Are "third-party risk reviews" useful at all? Can we smooth out the sales cycle? Are users to blame, or are they the victims?

How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Alastair Cooke (@demitasenz), analyst, GigaOm. Huge thanks to our podcast sponsor, MazeBolt In this episode: Where should a DDoS solution reside? What vital elements should go into a DDoS solution? Do we need more automation and intelligence in these solutions? How involved should the customer be with their DDoS solution? 

All links and images for this episode can be found on CISO Series Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants. In this episode: What can we do as a pragmatic first step to make our cybersecurity teams quicker and more responsive? Would continuous authorization and real time emergency messaging help? Should we improve test automation? What about people - better teaching & work conditions?  

All links and images for this episode can be found on CISO Series Automation was supposed to make cybersecurity professionals’ lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Lozada (@brianl1775), CISO, HBOMax. Thanks to our podcast sponsor, deepwatch Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together. In this episode: Should we be disappointed with what automation has actually delivered? Is it a tools vs people thing? Should we be better at assessing the impact of automation? Should we change the way we hire to help with automation?

All links and images for this episode can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian. Thanks to our podcast sponsor, Tessian 95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data. In this episode: What do you do for the attacks your rule sets can't catch? Would it help if we eliminated email systems as the standard b2b toolset for communications? Are there any better ways to handle spearphishing? Are you ready to add BCC - Business communications compromise to your threat list?

All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants. In this episode: Is cybersecurity becoming too complex? Should we change the way we talk about security to management? Maybe it's time to reframe the argument?              

All links and images for this episode can be found on CISO Series Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard. Thanks to our podcast sponsor, Tessian 95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data. Why are we still holding back on security convergence? Is it a matter of "if" or "when"? What happens when physical and info security are run by different departments? How can we measure the risks?