Defense in Depth

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace. In this episode: Why do mergers and acquisitions always present challenges to an organization? When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition? Can cybersecurity considerations make or break a deal? What skills did you find yourself flexing with your first M&A experience? Thanks to our podcast sponsor, Aphinia! Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys' team because the only way to succeed is together: https://aphinia.com/#signup_form

Guest Richard Ford, CTO of Praetorian, challenges the misconception of red teaming as mere validation, emphasizing its value in strengthening organizations. They discuss conducting red teaming early in the project lifecycle, explore different perspectives and value of red teaming, and redefine it as a proactive tool. The chapter also highlights the importance of aligning definitions and repositioning red teams under the SOC for better defense posture.

Adam Glick, CISO, PSG, discusses successful vendor outreach to CISOs, the negative impact of spamming, building trust in vendor relationships, understanding the role of a CISO, and emphasizing the importance of forming connections and building trust in the cybersecurity industry.

In this podcast, Erik Decker, CISO of Intermountain Health, joins the hosts to discuss the struggles faced in managing third-party risk. They explore the ineffectiveness of questionnaires and debate the right approach. They also touch on the future of supply chain risk, the benefits of a centralized platform for risk information, and the importance of communication and building relationships with vendors.

Learn about indicators and signals of cyber attacks, prevalence of phishing attacks, understanding targeted attacks in the help desk, correlation between infostealers and ransomware, trust in cyberattacks, discussion on attack indicators and the need for innovation.

David Christensen, VP, CISO, PlanSource, joins the hosts to discuss the challenge of focusing patching efforts on the most critical vulnerabilities. They emphasize the need for prioritization based on business impact, discuss different types of vulnerabilities, and highlight the challenges faced by organizations. The importance of learning vulnerability management basics is also emphasized.

Guest Jerich Beason, CISO, WM, discusses the risks of generative AI and the need for understanding, prioritizing safety, and adapting to its transformative nature. The chapter also explores building a trusted security framework and the challenges and evolution of AI.

Guest Himaja Motheram from Censys discusses building a security program around unknown unknowns. The podcast explores strategies for anticipating, detecting, and responding to unknown unknowns. It emphasizes the importance of executive buy-in, resources, and individual involvement in creating a security culture. The distinction between known unknowns and unknown unknowns is explored, along with the role of technology and human creativity. The shift of security responsibility to the user is discussed, as well as the value of worst-case scenario simulations and relationship-building in cybersecurity.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Are businesses walking a tightrope with generative AI? How can organizations implement generative AI responsibly? What can we learn from previous transitions that can help us responsibly bring generative AI into the workplace milieu? What else are we missing? Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.

In this podcast, cybersecurity expert guest_name discusses the role of humans in cybersecurity and whether they are the weakest link. The conversation explores understanding human behavior, security awareness training, weaknesses in top management, and the shift to focusing on human risk. It also highlights the importance of involving developers in the security team, implementing security measures like multi-factor authentication, and educating employees on security vulnerabilities.