Defense in Depth

Nick Muy, the Chief Information Security Officer at Scrut Automation, dives into the complexities of third-party risk management. He emphasizes the importance of measuring vendor risk while considering potential failures that could impact customer service. Nick advocates for a holistic approach to risk management, integrating governance and compliance for better resilience. He also discusses the significance of stakeholder collaboration and tailored risk assessments, ensuring businesses maintain operational integrity and trust with their vendors.

Sherron Burgess, CISO at BCD Travel, shares her insights on the evolving challenges CISOs face in the cybersecurity landscape. She candidly discusses the frustrations with vendor interactions and the pressure of disingenuous claims in sales. Sherron emphasizes the importance of culture shifts within organizations to recognize security as a shared responsibility. She also highlights the necessity for clear boundaries and effective communication in navigating the complex dynamics of risk and security while advocating for diversity in the workforce.

Mike Lockhart, Chief Information Security Officer at EagleView, delves into the nuances of information security versus cybersecurity. He explains how terminology shapes public perception and emphasizes the importance of effective communication in aligning security strategies with client understanding. The conversation also highlights the diverse career paths in the security field, including red teaming and penetration testing. Lockhart discusses the crucial role of security leadership in fostering collaboration and managing stakeholder expectations to enhance organizational security.

Rob Allen, the chief product officer at ThreatLocker, dives into the crucial 'deny by default' principle in zero trust security. He discusses whether zero trust can be retrofitted and the business case behind this approach. The conversation highlights the balance between enhancing cybersecurity and maintaining operational productivity. They tackle the complexities organizations face when transitioning to zero trust and stress the importance of contextual security measures tailored to each organization's needs.

Bil Harmer, an operating partner and CISO at Craft Ventures, dives into the intriguing concept of Field CISOs, shedding light on their evolving responsibilities. He clarifies the distinction between traditional and field CISOs and discusses the importance of genuine cybersecurity expertise in these roles. The conversation touches on the legal responsibilities and credibility concerns that come with the position, emphasizing the need for established credentials. Harmer also highlights the collaborative nature of the Field CISO role in enhancing organizational security.

Jim Bowie, CISO at Tampa General Hospital, discusses the importance of connecting cybersecurity to business goals, balancing technical and soft skills, and evolving risk management strategies. The podcast emphasizes effective communication, empathy, and understanding in cybersecurity leadership.

Andrew Cannata, CISO at Primo Water, joins the discussion on M&A cybersecurity risks. Topics include IPO vulnerability, context changes in M&A, and ambiguity's impact on risk. The importance of cybersecurity diligence and employee awareness during mergers highlighted. Emphasizes security controls, challenges in merging cultures, and data protection. Explores post-merger changes in security programs, privacy, and attacker tactics. The significance of maintaining strong cybersecurity measures during organizational changes like mergers to avoid cyber threats.

CEO Shirley Salzman from SeeMetrics discusses the purpose of metrics in storytelling, answering business questions, and effective communication. Experts touch on efficiency, challenges in security metrics, contrasting security mindsets, and tackling ransomware attacks. The importance of continuous monitoring, dynamic dashboards, and risk tolerance in security metrics are highlighted, along with a promotion for cybersecurity templates and metrics solutions by Cmetrix.

CEO of Push Security, Adam Bateman, discusses securing identities in the cloud. Topics include common security mistakes, importance of understanding identities and single sign-on, challenges in identity implementations, monitoring unused permissions, and building tools for flagging risky behavior.

Lamont Orange, CISO at Cyera, discusses the importance of data security within the Defense in Depth strategy, emphasizing automation and knowing what to protect. They explore how Cyera's AI-powered platform provides visibility, risk context, and actionable guidance for data security in various environments.