Defense in Depth

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Adam Keown, director, information security, Eastman. Thanks to our podcast sponsor, VMware In this episode: What's more valuable to get hired: degrees or experience? What's better: narrow focus or broad skill range? What's more attractive: knowledge or drive? What's the deal: is there even such a thing as "entry level"?    

All links and images for this episode can be found on CISO Series What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Rebecca Harness (@rebeccaharness), CISO, St. Louis University. Thanks to our podcast sponsor, VMware In this episode: What is the one critical step to preventing ransomware? The importance of leadership and employee buy-in How to make training and education actually work Should backups be included on this list? What about the supply chain?

All links and images for this episode can be found on CISO Series For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Sandy Wenzel (@malwaremama), cybersecurity transformation engineer, VMware. Thanks to our podcast sponsor, VMware In this episode:  Why are bad people getting inside our networks? Can machine learning help find them? How can we separate lateral movement from credential stuffing? Would using threat modeling and going passwordless help?  

All links and images for this episode can be found on CISO Series You've just joined a company as CISO, what's the very first step you would take to improve the security posture of your new company? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Olivia Rose, vp of IT and security, Amplitude. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report. In this episode: How can new CISOs fast-track their learning process to make better decisions sooner? How much does the CISO need to know about the environment before they start pentesting? Using a " Power Interest Matrix" to help manage the people who influence your work Why aligning with HR is a key move  

All links and images for this episode can be found on CISO Series How is ransomware getting into your network? Is the path direct, like via email, or does it take a more circuitous route? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Ryan Kalember (@rkalember), evp, cybersecurity strategy, Proofpoint. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report. In this episode: What role do email and phishing actually play? Has working from home really increased the threat? How dwell time has changed things Getting up to speed on sufficient backups  

All links and images for this episode can be found on CISO Series Why should security professionals get certifications? Do they actually teach you what you need to know to solve cybersecurity challenges? OR do they act as gateways or approval checks to be admitted into the field of cybersecurity? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Will Gregorian (@willgregorian), head of IT and security, Rhino and our guest Shawn M. Bowen (@smbowen), CISO, World Fuel Services. Thanks to our podcast sponsor, Palo Alto Networks First, every company became a software company. Now, every company needs to be a cybersecurity company too. Prisma Cloud from Palo Alto Networks a single security platform that delivers comprehensive protection from code through app, so your company can keep doing what it's supposed to do. Learn more at paloaltonetworks.com/prisma/cloud. In this episode: Are certifications like the CISSP necessary? Even if they are necessary to get hired, are they relevant? Let's say something good about certs.  Who benefits most from certs? The candidate or the hiring manager?      

All links and images for this episode can be found on CISO Series How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest Matthew Chiodi (@mattchiodi), CSO, public cloud, Palo Alto Networks. Thanks to our podcast sponsor, Palo Alto Networks If you're doing cloud security right, no one knows if you've done anything. When you do it wrong, well, you end up on Cybersecurity Headlines. Prisma Cloud from Palo Alto Networks helps ensure your security stays in the quietly appreciated group. It's a single security platform that delivers comprehensive protection from code to cloud. Learn more at paloaltonetworks.com/prisma/cloud. In this episode What requirements need to be measured? Measuring against compliance Building a company-specific guardrails framework Measuring team performance by number of opened and closed issues

All links and images for this episode can be found on CISO Series What does a young person, eager to get into cybersecurity, have to show or prove to land their first help desk, tech support role? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Bryan Zimmer (@bryanzimmer), head of security, Humu. Thanks to our podcast sponsor, Palo Alto Networks In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud paloaltonetworks.com/Prisma/cloud. In this episode Balancing out certifications and experience If we train you, will you stay, or will you leave? What's your compelling story that shows what you can do? Researching the competition: what are other candidates doing?  

All links and images for this episode can be found on CISO Series What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care. Thanks to our podcast sponsor, Proofpoint Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report. In this episode What the Board needs to know to make the CISO’s job more effective It’s not about the Board understanding cyber – but it is about mitigating risk Security is a shared responsibility: Board & CISOs Using other companies’ breaches as Board learning opportunities

All links and images for this episode can be found on CISO Series The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses. In this episode: Why a CISO's tenure is so short and why they leave The value of keeping risk management in the CISO’s sights The need to clarify the CISO role in the mind of the executive The need to clarify the CISO role in the mind of the CISO