Defense in Depth

All links and images for this episode can be found on CISO Series How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: How do we turn the tide from reactive to proactive patch management? Do cultural differences make a difference? Do we need a new framework or template?      

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security.  Thanks to our podcast sponsor, Qualys In this episode: What role should HR play in the hiring process of cybersecurity candidates? What happens when HR's algorithms don't see the right keywords? What are some better ways to get noticed by a human decision maker?  

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Andy Ellis (@csoandy), operating partner, YL Ventures. Thanks to our podcast sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment. In this episode: What are some "positive vendor engagement" characteristics? What tips can we share with vendors who want to build a lasting good impression? How can a vendor go about building trust?    

All links and images for this episode can be found on CISO Series When a senior person at your company asks you, "Are we secure?" how should you respond? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Paul Truitt, principal US cyber practice leader, Mazars. Thanks to our podcast sponsor, Varonis Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Learn more about how to prevent ransomware. In this episode: When a senior, non-technical person asks, "Are we secure?" how do you respond?" What does this question say about an executive's engagement level? Why are they asking this now? How relevant/accurate is this question anyway?  

What are the tell tale signs you've got ransomware before you receive the actual ransomware threat? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Brian Vecci (@BrianTheVecci), field CTO, Varonis. Thanks to our podcast sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment. In this episode: How to catch the ransomware threat earlier The individual capabilities needed in a full anti-ransomware stack Honeypots and anomalous behavior Back to basics: look at how ransomware works

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Robert Wood (@holycyberbatman), CISO at Centers for Medicare & Medicaid Services. Thanks to our podcast sponsor, Living Security Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers. In this episode: Will there be a day that phishing can be solved by technology? Does more training lower risk? Is it enough just to protect "inside" the environment? What can we do to change the culture?

All links and images for this episode can be found on CISO Series SIEM tools that ingest and analyze data are ubiquitous in security operations centers. But just knowing what's happening in your environment is not enough. For competitive reasons, must SIEM tools expand and offer more automation, intelligence, and the ability to act on that intelligence? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Chris Grundemann (@ChrisGrundemann), category lead, security, GigaOm. Thanks to our podcast sponsor, Keyavi Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more. In this episode: Will products from these two categories just merge as one product? Or will they NEED to merge? Are there advantages for them to stay separate? Where does “trust” fit into this merger?    

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Adam Keown, director, information security, Eastman. Thanks to our podcast sponsor, VMware In this episode: What's more valuable to get hired: degrees or experience? What's better: narrow focus or broad skill range? What's more attractive: knowledge or drive? What's the deal: is there even such a thing as "entry level"?    

All links and images for this episode can be found on CISO Series What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Rebecca Harness (@rebeccaharness), CISO, St. Louis University. Thanks to our podcast sponsor, VMware In this episode: What is the one critical step to preventing ransomware? The importance of leadership and employee buy-in How to make training and education actually work Should backups be included on this list? What about the supply chain?

All links and images for this episode can be found on CISO Series For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Sandy Wenzel (@malwaremama), cybersecurity transformation engineer, VMware. Thanks to our podcast sponsor, VMware In this episode:  Why are bad people getting inside our networks? Can machine learning help find them? How can we separate lateral movement from credential stuffing? Would using threat modeling and going passwordless help?