All links and images for this episode can be found on CISO Series. What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Do these completely unrealistic job descriptions hurt the entire industry? What is it we need to put in a cyber job description, and what do we need to leave out? Who’s losing out here?

All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: What's your experience talking about security policy and procedures with business and application owners? How do security professionals engage with business and application owners? How do they have a conversation about security policy and procedures? Is there anything you learned that you didn't realize before?

All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: There are millions of cybersecurity jobs open. What's it going to take to fill all these jobs quickly? Are job description requirements partially to blame for holding back the industry from tapping into greater diversity of expertise? Is it better off if you hire, train, culturally integrate, and reward that person? Does burn out and a steep learning curve keep adding to the problem?

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

This podcast explores the challenges of trusting entry-level security professionals and how they can build trust and take on more responsibilities. It emphasizes the importance of mentorship, training, and institutionalized processes. The speakers also discuss the significance of self-thinking and problem-solving skills, as well as embracing imperfection and the value of entry-level employees.

The podcast discusses the need to fix processes to reduce risk and vulnerabilities. They focus on communication, collaboration, and motivation within a company. They highlight the importance of treating security as part of the enterprise risk program. They explore strategies for driving behavior change and motivating individuals. They also discuss different types of people in solving security problems and prioritizing vulnerabilities. The hosts share their favorite quotes and emphasize the importance of collaboration and addressing technical debt.

The podcast discusses the reality and impact of reputational damage caused by breaches, including the relationship between data breaches and stock prices. It highlights the importance of experience in handling breaches and explores the financial impact on small and medium-sized businesses. The episode delves into the significance of brand loyalty and customer trust, as well as the inevitability of breaches and the need for proper handling.

The podcast discusses the flaws of RFPs, including favoritism and wasted time. Alternative approaches and building relationships are suggested. The importance of understanding buyer's criteria and evaluating RFPs is explored. Two-way communication and building relationships before the RFI and RFP process is emphasized.

All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security. In this episode: What does successful cloud security look like? What are the moves we should be making in the cloud to improve our security? What constitutes a good cloud security posture? What should we be measuring when it comes to cloud security?

The podcast discusses the frustrations of a CISO bombarded with marketing emails and sales calls. It explores strategies for vendors to effectively engage with overwhelmed CISOs and the need for changes in targeted marketing. The chapter also emphasizes the benefits of sponsoring security conferences and the role of CISOs in evaluating new products. Efficient ways to gather information on valuable companies are highlighted, along with the hosts' interest in meeting industry professionals and their search for new talent.