Defense in Depth

All links and images for this episode can be found on CISO Series What are you doing to prepare for the next cyber disaster? You must train for it, because when it happens, and it will happen, everyone should know what they need to do. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Roland Cloutier (@CSORoland), CISO, TikTok. Thanks to our podcast sponsor, Keyavi Data that protects itself? Now it does! We made data so smart it can think for itself. Secure itself. Stay continually aware of its surroundings. Control where, when and who is allowed access. And automatically report back to its owner. This changes the entire cybersecurity paradigm. Learn how. In this episode: What is the importance of cyber crisis management and training? What are the best ways to prepare for a cyber disaster? How to build exercises and training into a successful cybersecurity culture?

All links and images for this episode can be found on CISO Series What if you didn't spend all your time patching vulnerabilities but instead created a security policy that prevented known vulnerabilities from being exploited. How doable is this solution of virtual patching? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ody Lupescu, CISO, Ethos Life. Thanks to our podcast sponsor, Araali Networks Managing vulnerabilities at the speed and scale of the cloud is challenging, especially when the implications of a single mistake gives attackers an asymmetric advantage over defenders. Araali allows your security teams to resilient patch and monitor the most valuable apps and services so they cannot be exploited even if they are vulnerable.  To learn more, visit araali. In this episode: What is virtual patching really? Is it a misnomer? What gets missed when it comes to virtual patching? Looking at a comprehensive approach to virtual patching.

All links and images for this episode can be found on CISO Series A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rishi Tripathi (@ris12hi), CISO, Mount Sinai Health System. Thanks to our podcast sponsor, Tines Tines was founded by experienced security practitioners who cared about their teams. When they couldn’t find an automation platform that delivered, they founded a company and built their own. A few years later, customers like Coinbase, McKesson, and GitLab run their most important security workflows on Tines – everything from phishing response to employee onboarding. To learn more, visit tines.com. In this episode: How to go about measuring risk? Leveraging compliance to get the point across. What needs to be considered to make a program uniquely geared to your company's needs?

All links and images for this episode can be found on CISO Series "If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Brushwood (@shwood), creator of Scam School and World's Greatest Con. Plus he's launched multiple channels with millions of subscribers and multiple number one comedy albums. Plus, he's a touring magician. He's our first non-cyber professional guest, but he is so perfect for this episode. Thanks to our sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: How much does actively thinking like a crook help build your cyber defenses? How do you actually go about thinking like a cybercriminal How do you break down their process?

All links and images for this episode can be found on CISO Series Could you build a data-first security program? What would you do if you focused your security program on just the asset? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Brian Vecci (@brianthevecci), field CTO, Varonis. Thanks to our sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: Do I know where my sensitive data lives? How can I tell? Why do all the tools that try to classify data fail miserably? How much should we teach the data owners about risks in collecting and storing the information?  

All links and images for this episode can be found on CISO Series Offensive security or "hacking back" has always been seen as either unethical or illegal. But now, we're seeing a resurgence in offensive security solutions. Are we redefining the term, or are companies now "hacking back?" Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Eric Hussey, CISO, Aptiv. Thanks to our podcast sponsor, Varonis On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries. In this episode: Has the definition of offensive security changed? Can we truly fight back without legal repercussions? How does it apply when hackers hide behind proxies? Is hacking back even worth it?

All links and images for this episode can be found on CISO Series A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Yaron Levi (@0xL3v1), CISO, Dolby. In this episode: Is the pouncing on new CISOs actually a successful sales technique? Should vendors refine their relationship, and focus on "pull" rather than "push"? What about focusing on content marketing and thought leadership? Should vendors shift from "marketplace" to "metricplace?"  

All links and images for this episode can be found on CISO Series How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Mike Hanley (@_mph4), CSO, GitHub. Thanks to our podcast sponsor, Anjuna Anjuna Confidential Cloud software effortlessly enables enterprises to safely run even their most sensitive workloads in the public cloud. Unlike complex perimeter security solutions easily breached by insiders and malicious code, Anjuna leverages the strongest secure computing technologies available to make the public cloud the most secure computing resource anywhere. In this episode: When building a cybersecurity culture, where is the most important place to start? How can we avoid it just becoming "lip service"? How can we blend cybersecurity culture into the main corporate culture?

All links and images for this episode can be found on CISO Series You're a security vendor and you've got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Ed Amoroso (@hashtag_cyber), founder and CEO, Tag Cyber. Huge thanks to our sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise’s security posture. Download the playbook here. In this episode: What are the right questions to ask? How can we better understand each other? What to NOT do in an analyst conversation    

Michael Johnson, CISO of Novi, discusses the safety of sensitive data in the public cloud vs on-prem. Topics include the advantages of the public cloud, debunking cloud security myths, pros and cons of on-prem and public cloud solutions, leveraging unique talents in the cloud, transitioning to the cloud and benefits of confidential computing.