Defense in Depth

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/ Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience? Check out this post and this Twitter discussion for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Dev Akhawe (@frgx), CISO, Figma. Thanks to our podcast sponsor, Sonatype With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company's Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code. Is there a cyber talent shortage? If so, does the shortage come from the hiring side? The dangers of leaving positions open too long The dangers of focusing on checklists vs. candidate potential

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/ How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and sponsored guest Wayne Jackson, CEO, Sonatype. Thanks to our podcast sponsor, Sonatype In this episode: Are we working too fast and under too much pressure to be secure? What types of scanning should we do, and how often? What about open source/third party software in the pipeline? What are the dangers inherent in purchasing "secure software"?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/ Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our sponsored guest, Aidan Simister (@aidansimister), CEO, Lepide. Thanks to our podcast sponsor, Lepide Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide's unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast. In this episode: How much do you know about the data you are being asked to protect? Equating the value of the data to be protected with the cost of protection How to find out how data is being used Moving beyond the bare minimum of protection

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/ Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head of cybersecurity for Netflix DVD and our guest is Bryan Zimmer (@bryanzimmer), head of security for Humu. Thanks to our podcast sponsor, Lepide Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide's unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast. In this episode: Should a company get a CISO right away, or wait until the security program matures? If they get a CISO should they go for "on-prem" or on-demand? Or.... should they just go and seek CISO-level advice from the security community?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-insider-risk/ By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Zalewski, CISO, Levis, and our sponsored guest Mark Wojtasiak (@markwojtasiak), vp, portfolio strategy & product marketing, Code42 and author of Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can't Ignore. Thanks to our podcast sponsor, Code42 Redefine data security standards for the hybrid workforce. Check out Code42. In this episode: Distractions and fatigue causing split-second mistakes The need for tailored education and training Making it easier for people to make the right choice Identify ways damage could happen, in order to mitigate

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/ Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, Melody Hildebrandt (@mhil1), evp, product & engineering and CISO, Fox. Thanks to our podcast sponsor, Code42 Redefine data security standards for the hybrid workforce. Check out Code42. In this episode Does Zero Trust obscure the core principles it's supposed to serve? How does Zero Trust affect the assumptions around cybersecurity's control and ownership of a network What are the real Zero Trust best practices?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-mentoring/ Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and our guest Sean Catlett, CSO, Slack. In this episode The mutual value of being a mentor What obligations does a mentee have? Mentorship: large-scale concepts or day-to-day or both?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/ How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tomás Maldonado (@tomas_mald), CISO, NFL Thanks to our podcast sponsor, Lepide Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide's unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats - fast. In this episode Protecting large events starts long before, like years before How threat actors targeting events differ from than those targeting companies It's not just the target - there's also public safety When it goes live, it GOES LIVE

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/ What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix Thanks to our podcast sponsor, Trend Micro as bold Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. In this episode What infosec was like "back in the day" What's out of alignment: the technology or the culture? Can we really stand on the shoulders of giants amid so much change? Where is individual cyberhygiene in all of this?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-security-myths/ The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our sponsored guest Mark Nunnikhoven (@markna), vp, cloud research, Trend Micro. Thanks to our podcast sponsor, Trend Micro Threat actors want what you're storing in the cloud. Trend Micro's Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud. In this episode How many cloud myths from years back still endure? Is cloud less secure or more secure now? Who has the responsibility for security? Just because you're in the cloud, does that mean you're protected?