Winamp Logo
CISO Stories Podcast Cover
CISO Stories Podcast Profile

CISO Stories Podcast

English, News, 1 season, 199 episodes, 3 days, 20 hours, 25 minutes
About
The Cybersecurity Collaborative is proud to present CISO Stories. Each week CISO Stories takes a deep dive on security leadership with one of the contributors to my latest book, the best-selling CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. The Cybersecurity Collaborative is a unique membership community enabling cybersecurity leaders to work together in a trusted environment. To learn more, visit: https://www.securityweekly.com/csc.
Episode Artwork

What level of tool rationalization does your company do and why? - LaLisha Hurt - CSP #197

Let's talk to cybersecurity expert, Lalisha Hurt, about her approach to selecting the right tools for your organization by using proven methods such as referencing the Gartner Magic Quadrant, thinking about the entire IT portfolio as part of your selection process, and what a successful 'Vendor Day' can do! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-197
10/22/202430 minutes, 36 seconds
Episode Artwork

Have you consider your team’s cognitive biases when selecting tools? - Dustin Sachs - CSP #196

What if there was more to making those impactful decisions that you haven’t considered? Let’s talk about how being open minded can directly impact the success of tool selection and optimization in your company. Is a SOC report enough or are there other criteria needed to make that risk based decision? Let’s discuss cognitive biases in tool selection with researcher Dr. Dustin about why it benefits your organization to be eyes open. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-196
10/15/202437 minutes, 26 seconds
Episode Artwork

Tokyo DriftSec: Who is going First? Who is going Smooth? - Lisa Landau - CSP #195

Let’s talk to our favorite Tokyo security leader about how she has experienced tool selection across the world. To be risk adverse or not to be risk adverse. What a question! Segment Resources: https://www.youtube.com/watch?v=BdFzJxSemKo Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-195
10/8/202429 minutes, 22 seconds
Episode Artwork

What are your pet peeves when it comes to tool selection? - Timothy Ball - CSP #194

Hear from expert TimBall, CISO for NGO-ISAC, on his experiences in the industry and how he advises his members on finding the right tool. Especially when it comes to making sure the tool isn’t a ‘shiny object’ purchase but actually addressing your organizations underlying issues and bringing value! Bonus, let’s talk about election security! Segment Resources: https://www.ngoisac.org/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-194
10/1/202439 minutes, 58 seconds
Episode Artwork

Tried and True. Going back to basics with Incident Response - Levone Campbell - CSP #193

Let’s talk about how regardless of your organizations data footprint being in the cloud or on prem, or if you’re a billion dollar organization or smaller, if the adversaries want in, they will find a way. Don’t fall victim because of bad cyber hygiene but instead work your experiences, your leadership, and train your people to limit exposure. Hear from Incident Response expert, Levone Campbell, on the lessons he learned in being proactive and reactive to some of the largest incidents in history. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-193
9/24/202436 minutes, 13 seconds
Episode Artwork

The vCISO’s role in Incident Response Accountability - William Klusovsky - CSP #192

Let’s talk about the vCISO’s approach to Incident Response advisory with clients; particularly small and medium sized businesses (SMB). How can your cyber liability insurance support your organization outside of when an incident occurs? We will discuss strategies SMBs can take to strengthen their IR plans while keeping in mind their business needs and contingency plans. Segment Resources: https://www.linkedin.com/in/wilklu/ This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-192
9/17/202426 minutes, 2 seconds
Episode Artwork

CISO & Legal: Partnerships Needed - Joe Sullivan - CSP #191

Listen to the importance of legal relationships and interaction with the CISO and security program. Jess and Joe talk about the need for legal to understand the security team's day to day and also what incident response means to your organization. Bringing your legal reps into the folds when a breach happens is too late! Work as a team early to make sure all parties are knowledgeable and ready to act without time wasted. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-191
9/10/202430 minutes, 57 seconds
Episode Artwork

Todd’s Moving On after 185+ Episodes - Future CISO Vision - Todd Fitzgerald - CSP #190

Todd Fitzgerald will be moving on from the CISO STORIES podcast after 185+ episodes, which was initiated almost 4 years ago following the publication of the #1 Best-Selling CISO COMPASS book, which has guided 1000’s of emerging, current, experienced, and new CISOs and their teams in their journey to protect our organizations’ and nation’s information assets through a structured, business-oriented roadmap. Over 75 CISO and industry leader contributors to the book had their ‘grey boxes’ come to life in their own voice through this podcast. Since then, many esteemed CISOs have been on the invitation-only podcast to share practical, pragmatic experiences on timely, relevant issues. We learn from each other, and it is an honor to interview such top-notch CISOs. Join us as Todd shares his view of the evolution of the CISO role and where it is going. Todd will also share some of the memorable moments and messages from producing the podcast. This segment is sponsored by Semperis. To combat today's cyber attacks, enterprises like yours need a way to see the whole picture beyond silos and secure their entire hybrid AD environment. Now you can — with Semperis. Visit https://cisostoriespodcast.com/semperis Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-190
9/3/202432 minutes, 48 seconds
Episode Artwork

Vulnerability Management: Tips and Techniques - John Kellerhals - CSP #189

Vulnerabilities are the ‘front doors’ for attackers to infiltrate our systems and a key process organizations must get right into order to protect our systems and information assets. Join us as we discuss vulnerability management, identification of assets, prioritization, threat intelligence, leveraging tools, desired vulnerability product features, business impact and vulnerability measurement timing. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-189
8/27/202425 minutes, 6 seconds
Episode Artwork

Are You Vulnerable to Deep Fakes? Controlling the Risk - Paul Neff - CSP #188

Rapid advancement in the sophistication and availability of "deepfake" technology enabled by generative AI - the ability to generate convincing multimedia and interactive representations indistinguishable from the real thing - presents new and growing challenges for CISOs seeking to combat fraud, intrusion, disinformation, and other adverse consequences of social engineering. CISOs will need to maintain enhanced understanding of deepfake technology to craft and manage effective controls - yet some of the most effective controls may be surprisingly low-cost and low-tech. This podcast will examine the state of practice for deepfake generation and distribution and discuss effective countermeasures and controls for common threat typologies. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-188
8/20/202441 minutes, 3 seconds
Episode Artwork

Focus, Breadth, or Depth: Reduce Vulnerabilities with Less $ - Julian Mihai - CSP #187

Managing vulnerabilities is a large, complex problem that can't be completely fixed. And still, many cybersecurity organizations continue with a traditional approach that attempts to address all vulnerabilities, spreading staff too thin and increasing exploitation windows. With a small set of vulnerabilities being the cause of most of the breaching, taking a focused approach can have a significant impact on reducing the risk of successful cyber attacks. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-187
8/13/202426 minutes
Episode Artwork

No One Succeeds Alone! Why You Must Have an Informal Network - Gene Scriven - CSP #186

Join us as we discuss how critically important it is for a CISO to establish, maintain, and frequently leverage in informal network. With almost daily changes in the threat landscape across all industries, it's critical to have informal but trusted resources to rely on for advice, information, and just overall "sounding board" opportunities. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-186
8/6/202426 minutes, 56 seconds
Episode Artwork

Driving the Business of Infosec Through the GRC Program - Greg Bee - CSP #185

Join us as we discuss the organization’s GRC program and how GRC helps drive the business of information security from internal and external perspectives to integrate security into the culture, while maintaining compliance with regulations imposed for insurance and public companies. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-185
7/30/202428 minutes, 20 seconds
Episode Artwork

Evolving from Security to Trust, more than Just Compliance - Mike Towers - CSP #184

CISOs need to enhance their strategic influence and operational impact within their organizations. This calls for a departure from traditional, insular security approaches towards a partnership model that aligns security initiatives with business growth and value. By adopting an attitude of listening, humility, and interdisciplinary collaboration, CISOs can transcend fear-based justifications for investment and instead, demonstrate how robust cyber security measures contribute to the overall health and success of the business. Such an evolution in the CISO role is essential for building resilient, forward-looking organizations that view security as a cornerstone of their strategic endeavors. In the combined context of Resilience and Reputation and Trust, CISOs must orchestrate a delicate balance between robust defensive measures and the cultivation of a strong, trustworthy brand. At this juncture, resilience becomes more than just a technical safeguard; it is about ensuring the continuity and reliability that stakeholders have come to expect. This reliability directly feeds into the organization's reputation, setting the stage for trust to be the cornerstone of all engagements—internal and external. The journey from a reactive security posture to one that is proactive and business-aligned requires that CISOs embed security consciousness into the corporate DNA. As they reach these advanced stages, CISOs transform their roles from protectors to strategic enablers, guiding their organizations through the digital landscape with a clear vision for safeguarding and enhancing both operational fortitude and brand integrity. Security thus becomes an integral part of the value proposition, fostering trust and loyalty among customers, and cementing the organization's reputation as a leader in responsible business practices in the digital age. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-184
7/23/202430 minutes, 45 seconds
Episode Artwork

CISO Risk Reduction: Adopting Emerging Technologies - Timothy McKnight - CSP #183

With the vast number of cybersecurity solutions in the marketplace, how do you identify what fits with your company’s strategic goals, then deploy and scale in a reasonable timeframe? Hear a CISO who has built a methodology for assessing and implementing new security technologies and successfully used it at several large global enterprises. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-183
7/16/202433 minutes, 3 seconds
Episode Artwork

Deep Dive in GRC: Know Your Sources - Jonathan Ruf - CSP #182

As organizations grow, there comes a time when managing by excel spreadsheets is not longer feasible and accurate data sources, regulations, and risk need to be accurately reflected within Governance, Risk and Compliance (GRC) tools. Reporting to the board must be based upon accurate information. Join us as we discuss the important aspects of forming a GRC program. Segment Resources: Webcast: https://www.scmagazine.com/cybercast/the-regulatory-landscape-in-2030-what-you-need-to-know Podcast (Enterprise Security Weekly): https://www.scmagazine.com/podcast-segment/11416-the-rise-of-regops-the-need-for-compliance-automation-travis-howerton-esw-313 News/interview: https://www.scmagazine.com/news/generative-ai-not-just-revolutionary-but-evolutionary This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-182
7/9/202430 minutes, 46 seconds
Episode Artwork

Governing Cyber Humanely: Leveraging Wellness Techniques - Jothi Dugar - CSP #181

We discuss the topic of Human Centric Cybersecurity and the importance of empowering the 'people' aspect of the People, Process, Tech framework. In this conversation we raise the importance of well-being amongst Tech and Cyber leaders and how to keep calm through the chaos to lead our teams well. Also important is diversity in this field and the Holistic approach to cyber, starting with the people/human first aspect. This segment is sponsored by RegScale. Visit https://cisostoriespodcast.com/regscale to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-181
7/2/202431 minutes, 24 seconds
Episode Artwork

CISOs Advising Cybersecurity Companies, Get on Board! - Bob West - CSP #180

Advisory Boards - helping cybersecurity companies grow is foundational to helping enterprises select best in class tools to protect their environments. If done properly, scaling cybersecurity companies can have a positive global impact on how information is protected and minimizing business disruption. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-180
6/25/202428 minutes, 16 seconds
Episode Artwork

As We Implement Zero Trust, Let's Not Forget About Metrics - George Finney - CSP #179

Many organizations are starting today down the Zero Trust path. Zero Trust is a strategy (vs an architecture) and to prove the value of this investment, we need to start thinking about metrics to demonstrate value. Join us as we discuss some of the metric directions to consider when moving our organizations towards Zero Trust. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-179
6/18/202429 minutes, 10 seconds
Episode Artwork

CISO and the Board: Demonstrating value and relevant metrics - Max Shier - CSP #178

The importance of CISO skills/metrics for the board, demonstrating the business value and necessity of good cybersecurity posture, as capabilities the CISO must master to be effective in securing the appropriate investment level. Join us as we discuss interactions with the board and leveraging metrics to show business value. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-178
6/11/202430 minutes, 34 seconds
Episode Artwork

Point Vs. Platform: Improving TCO Cost/Benefit - Patrick Benoit - CSP #177

CISOs must prioritize the intelligent selection of cybersecurity products by considering the total cost of ownership (TCO) and whether point products or platforms are best suited. This includes the costs of deployment and operations for people, processes, and technology, as well as the ongoing maintenance and support of a product. By considering the TCO of various products, CISOs can make more informed decisions and choose the products that will provide the best value for the organization. Choosing a more expensive product with a lower TCO can be a more cost-effective option overall, as these products often require less maintenance and provide better protection against cyber threats. In a market where capital efficiency is a key concern, this is an essential consideration for CISOs. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-177
6/4/202428 minutes, 38 seconds
Episode Artwork

Data Governance is Critical to Info Security and Privacy - Michael Redmond - CSP #176

Data Governance is a key component in protecting the data from different points of view including information security confidentiality, integrity, and availability. There are several standards that have control requirements for Data Governance relating to PCI, HIPAA, and PII, data security and more. Two of the Internal Standards having Data Governance requirements are: GDPR, ISO/IEC 27001:2022 The internal policies pertaining to gathering data, processing data, storing date, and disposal of data storing data, and disposal of data are a concern of information security. These polices also affect but also asset management, It governs who can access what kinds of data and what kinds of data are under governance. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-176
5/28/202428 minutes, 44 seconds
Episode Artwork

The Riddle of Data Governance - Steven Fox - CSP #175

Data is the fuel of modern organizations. Data governance ensures the quality of that fuel, as well as ensure its optimal utilization. It ensures that people use and access data appropriately. This value is timely in the face of artificial intelligence offerings whose utility relies on quality data. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-175
5/21/202430 minutes, 17 seconds
Episode Artwork

That Data Sprawl is Here! What Should We Do About it? - Nick Ritter - CSP #174

As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting essential information. Good data governance processes are essential for effective security. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-174
5/14/202429 minutes, 50 seconds
Episode Artwork

Why CISO’s Fail: Some Practical Lessons for the Future - Barak Engel - CSP #173

Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-173
5/7/202425 minutes, 33 seconds
Episode Artwork

Air Gapped! The Myth of Securing OT - Thomas Johnson - CSP #172

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what needs to be done to secure OT. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-172
4/30/202428 minutes, 50 seconds
Episode Artwork

The Challenges of Managing Security in an IT/OT Environment - John Germain - CSP #171

For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar of traditional IT processes. For critical infrastructure, we are hooking up legacy systems to larger networks. Industrial control systems, that were never designed to be attached to the Internet, are now exposed to a wide array of new threats and attacks. Aside from those risks, digital sensors can be attached to almost anything these days, making everything "smart". And with the ability for sensors to also be controllers the risks levels are rising quickly. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-171
4/23/202428 minutes, 5 seconds
Episode Artwork

The Importance of OT Security: The Evolving Threat Landscape - Ken Townsend - CSP #170

Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intellectual property theft: • Financial losses: Ransomware attacks can cripple operations and demand hefty payments. Manufacturing is a lucrative target for Ransomware. • There is little tolerance for downtime. • Difficulty in managing OT environments (different skillsets) • Increasing connectivity between IT and OT due to digital transformation Incidents such as the well documented Colonial Pipeline attack along with other manufacturing companies like Dole, and Brunswick continue to highlight the growing threat landscape for OT security in manufacturing. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-170
4/16/202430 minutes
Episode Artwork

Tips for a Successful Cyber Resilience Program - Olusegun Opeyemi-Ajayi - CSP #169

The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either continue functioning or can recover quickly when faced with cybersecurity attack. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-169
4/9/202431 minutes, 15 seconds
Episode Artwork

Operational Technology (OT) and the Art of War - Glenn Kapetansky - CSP #168

Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard “adjacent” buzzwords like Internet of Things (IOT) and Fog (like “cloud” but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack vectors. This session will explore the threats, and ability to manage them, using war stories. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-168
4/2/202432 minutes, 30 seconds
Episode Artwork

Third-Party Risk Management - BEC Compromises and the Cloud - Michael Swinarski - CSP #167

Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and address risks created by our vendors and strategic partners, to now having to understand the entire supply chain, and how interruptions can affect your business. Even more recently, with the rise of Business Email Compromise (BEC), risks may also come from organizations you have no previous relationship or agreements with. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-167
3/26/202423 minutes
Episode Artwork

52,000 Suppliers:Third-Party Supply Chain CyberRisk Approach - Cassie Crossley - CSP #166

Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations, continuously evolving to improve our maturity. On the Third-party Cyber posture level, Schneider Electric partners across the industry to raise cybersecurity maturity, with the World Economic Forum (WEF), ISA Global Cybersecurity Alliance (ISAGCA), and Cyber Tech Accord. We specifically have a tiered third-party risk management program which evaluates suppliers through evidenced-based reviews of their secure development processes and cybersecurity posture. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-166
3/19/202430 minutes, 13 seconds
Episode Artwork

Securing Connections: 3rd Party Risk Mgmt Expert Insights - Charles Spence - CSP #165

Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency. This segment is sponsored by VISO TRUST. Visit https://cisostoriespodcast.com/visotrust to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-165
3/12/202430 minutes, 49 seconds
Episode Artwork

A Printout on Secure by Design When Utilizing 3rd Parties - Bryan Willett - CSP #164

With CISA just putting out new “secure by design” guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the steps his company has taken to secure its products, monitor suppliers, and push updates; and his thoughts on the CISA guidance. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-164
3/5/202424 minutes, 14 seconds
Episode Artwork

Intelligent Generative AI Handling - Aaron Weismann - CSP #163

Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to expose significant care gaps. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-163
2/27/202426 minutes, 1 second
Episode Artwork

Responsible Use and Vetting of AI Solutions - Jon Washburn - CSP #162

Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-162
2/20/202432 minutes, 58 seconds
Episode Artwork

The Business Side of AI - Edward Contreras - CSP #161

Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corporate success. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-161
2/13/202423 minutes, 58 seconds
Episode Artwork

Generative AI and Corporate Security – Getting it Right - Bill Franks - CSP #160

Generative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. You can learn more at http://www.bill-franks.com. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-160
2/6/202432 minutes, 22 seconds
Episode Artwork

Better CISO Health in the New Year: From Burnout to Balance - Steve Shelton - CSP #159

Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing both their jobs and personal lives. Join us as we discuss this critical issue as we navigate 2024 for better CISO and team health. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit Steve’s Website: www.greenshoeconsulting.com for more information. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-159
1/30/202429 minutes, 5 seconds
Episode Artwork

Cloud Security Staffing in a Hybrid World – It Can Be Done! - Larry Lidz - CSP #158

Over the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion in our teams? Fitzgerald, T. 2019. Chapter 4 Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-158
1/23/202430 minutes, 41 seconds
Episode Artwork

You want the CISO Title & Pay? Responsibility Comes Also! - Malcolm Harkins - CSP #157

Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-157
1/16/202435 minutes, 11 seconds
Episode Artwork

Reimagining Risk in the Emerging Cloud: A GRC Perspective - Solomon Ugah - CSP #156

More and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a Governance, Risk and Compliance (GRC) perspective. Fitzgerald, T. 2019. Chapter 1: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-156
1/9/202428 minutes, 7 seconds
Episode Artwork

Why Don’t We Care About Identity Security? - Don Baham - CSP #155

Identity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges organizations are facing today to secure the perimeter – the identity perimeter. Fitzgerald, T. 2019. Chapter 5 Cybersecurity Organization Structure in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 131-169. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-155
1/2/202427 minutes, 21 seconds
Episode Artwork

High Consequences Cyber: Make or Break the CISO’s Reputation - Andy Jaquith - CSP #154

“High Consequences Cyber” are high-risk, high-stakes cyber projects that can make or break a company or make or break the CISO’s reputation. These include issues such as, how do you architect your networks if you are a multinational with exposure to high-risk countries? What are key choices you can make when moving critical workloads such as email and collaboration to the cloud? What's the role of authentication in the age of cloud, and why do companies keep messing it up? How do you educate the board on critical or strategic initiatives while gaining their confidence that the program is well-run? If you’re coming into a new organization, how do you evaluate the team and determine how to level it up? During this month CISO Stories is focusing on Identity Management, and we discuss Andy’s views on password less identities and Zero Trust. Fitzgerald, T. 2019. Chapter 15: The CISO and the Board of Directors in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 491-511. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Jaquith, A. 2007. Security Metrics: Replacing Fear, Uncertainty, and Doubt, 1st Ed, Addison-Wesley, Upper Saddle river, NJ. https://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989 Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-154
12/26/202329 minutes, 30 seconds
Episode Artwork

Four Pieces of Transitional Advice: Incoming CISOs - Sean Zadig - CSP #153

There’s been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also focuses on Identity Management this month, we also discuss architecting identities to meet the needs of many different types of users vs a one-size-fits-all approach. Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.   Visit https://cisostoriespodcast.com for all the latest episodes!   Show Notes: https://cisostoriespodcast.com/csp-153
12/19/202332 minutes, 28 seconds
Episode Artwork

Is there really an Information Security Jobs Crisis? - Ben Rothke - CSP #152

Are there really millions of open information security jobs available? Or is much of the numbers hyped up? Join us as we discuss these numbers , boot camps, regional differences, and where these job openings come from. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-152
12/12/202327 minutes, 15 seconds
Episode Artwork

Prioritizing Identity and Getting the Fundamentals Right - Bezawit Sumner - CSP #151

Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! This segment is sponsored by Bitwarden. Visit https://cisostoriespodcast.com/bitwarden to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-151
12/5/202329 minutes, 25 seconds
Episode Artwork

Do You Really Want to Be a CISO? - Spencer Mott - CSP #150

Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-150
11/28/202327 minutes, 21 seconds
Episode Artwork

All in One CISO: There Is Nothing We Can't Do - Jessica Hoffman - CSP #149

As a CISO, the opportunities we must positively cultivate the cybersecurity landscape for our organizations are endless. From driving projects to implementing innovative technologies to strengthening basic cybersecurity hygiene, reshaping the organization's culture, protecting from ransomware, and diversifying the cyber workforce, the CISO is a certified change-maker! Let's get excited about security! This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://securityweekly.com/csp-149
11/21/202329 minutes, 22 seconds
Episode Artwork

Building a People-Centric Security Program - Cathy Olsen - CSP #148

In security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them!   Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-148
11/14/202321 minutes, 48 seconds
Episode Artwork

Veterans Impacting Cybersecurity - David Cross - CSP #147

Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-147
11/7/202327 minutes, 5 seconds
Episode Artwork

Should We Be Relying on Our Cybersecurity Risk Matrices? - Doug Hubbard - CSP #146

A key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss some of the flaws present in measuring risk today and considerations to improve our risk management approach. https://www.howtomeasureanything.com/cybersecurity Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-146
10/31/202329 minutes, 17 seconds
Episode Artwork

OT Is Not IT But Security Can Handle Both - Mea Clift - CSP #145

Join us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it’s important for cybersecurity professionals to acknowledge that they are just as important as information in our protection, and that it requires specific out of the box thinking to secure effectively. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-145
10/24/202325 minutes, 7 seconds
Episode Artwork

Effective Communication is Critical for CISO Success - Wes Knight - CSP #144

Technical people, CISOs included, may have challenges communicating well with executive management due to a different career path evolution . To maximize our success, we must all improve our communication skills with technical and non-technical people. Join us as we discuss some of the nuanced communications and areas to pay closer attention to. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-144
10/17/202329 minutes, 3 seconds
Episode Artwork

Terminology Matters: Changing 'Cybersecurity' to Data Care - Cyndi Gula, Ron Gula - CSP #143

Cybersecurity touches all our lives, however there is a belief that only experts in all of the technical disciplines need to apply. The term ‘cybersecurity’ does not invoke a personal sense of responsibility to care for the protection of data. Join us as we discuss the concept of reframing cybersecurity to “Data Care”, like the concepts used in the healthcare industry to advance personal responsibility as well as to attract people to the field that may not have considered it previously. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-143
10/10/202327 minutes, 4 seconds
Episode Artwork

NextGen Security Tooling: Investments in Intelligence - Mike Coogan - CSP #142

Security tools have become overwhelming in number, yet companies continue to get breached. With all the recent focus on artificial intelligence, security leaders must avoid neglect of natural intelligence. When your opponent is thinking and adapting to your every move, can you really afford to neglect your most critical defenses?   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-142
10/3/202331 minutes, 54 seconds
Episode Artwork

Uber CISO Trial Learnings for CISOs: In the CISO's Own Words - Joe Sullivan - CSP #141

In the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years’ probation. Join the former CISO of Uber as we discuss the events which led to the prosecution case, the results of the trial and aftermath, and the implications for CISOs and what is needed to move the cybersecurity industry forward. This segment is sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-141
9/26/202340 minutes, 21 seconds
Episode Artwork

Managing CyberRisk in a Mid-Cap Company - Walter Lefmann - CSP #140

MidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-140
9/19/202325 minutes, 43 seconds
Episode Artwork

Collective Defense: The Importance of Partnerships in Cybersecurity - Jamil Farshchi - CSP #139

With cybersecurity emerging as a board-level agenda item, collaboration is becoming increasingly high-stakes and multifaceted. Join us as we examine the opportunities and potential pitfalls of this new era, as well as the skills needed. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-139
9/12/202336 minutes, 52 seconds
Episode Artwork

Teams are Built around Key Players Performing Great Functions - Ralston Simmons - CSP #138

Skills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-138  
9/5/202330 minutes, 19 seconds
Episode Artwork

Championship Results: No Bank Breaking or Boat Rocking! - Steve Hunt - CSP #137

Top-performing CISOs shared with me their hacks for creating a team atmosphere, getting excellent and consistent results, and creating buy-in from management for their budgets, projects, and big ideas. This discussion goes beyond risk management into the realm of performance excellence. Impact Leaders Pod Training for Cyber Teams is a unique 8-week program to up-level performance in information technology professionals and teams. Participants grow leadership, emotional intelligence, teamwork, and performance excellence while excelling at their daily job responsibilities. For more information contact Steve or visit impactleaderscoaching.com Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-137  
8/29/202327 minutes, 33 seconds
Episode Artwork

Supply Side Security: How to Maintain a Talent Pipeline - Helen Patton - CSP #136

There are a ton of entry-level candidates for security roles, but we need mid- to late- career cyber candidates to fill our open positions. Hiring managers need to partner with non-security people to build and maintain that pipeline. Let's talk about how to go about getting this done. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-136  
8/22/202328 minutes, 43 seconds
Episode Artwork

Deploying Zero Trust Without Destroying End User Trust - Mike Zachman, Colin Chisholm - CSP #135

Deploying SASE (Secure Access Service Edge) is a critical step on your Zero Trust journey. It is not without risk, especially to the end user experience. Join us as we discuss our lessons-learned fresh from the deployment trenches. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-135
8/15/202326 minutes, 52 seconds
Episode Artwork

Security Musings from a Psychotherapeutic Perspective - Mark Eggleston - CSP #134

Come listen in on hearing a CISO's story of going from carpenter to psychotherapist to security leader. The stories told will help anyone working in cyber - from those looking to break into cyber to those who are battle tested and looking for new support or coping strategies. Morin, A. 2017. 13 Things Mentally Strong People Don’t Do. Harper Collins. 13 Things Mentally Strong People Don't Do: Take Back Your Power, Embrace Change, Face Your Fears, and Train Your Brain for Happiness and Success: Morin, Amy: 9780062358301: Amazon.com: Books  This segment is sponsored by Google.  Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp-134
8/8/202328 minutes, 33 seconds
Episode Artwork

Cyber Risk Governance: The Hype, Hope, & Harsh Reality - John Sapp - CSP #133

Cyber Risk Governance or Cyber Risk Management has been an often talked about concept for more nearly two decades yet remains one of the most elusive and sought after outcomes by every C-level executive across every line of business in every industry sector and particularly in the Board room. In this session, we are going to jump into the shoes of the C-level executives and Board members as we describe "what they want" and how we achieve the visual representation of cyber risk in a way that is easily consumable in a language that is universally understood across three levels of stakeholders (Operational/Technical, IT Management, C-level / Board). This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-133
8/1/202327 minutes, 40 seconds
Episode Artwork

The Tactics of Being Strategic in Cybersecurity - Jason Elrod - CSP #132

Discussion about what it means to be strategic as a CISO and, more importantly, what specific, tactical steps are you can take to bring that into reality. This segment is sponsored by Google.  Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp-132  
7/25/202326 minutes, 55 seconds
Episode Artwork

Protecting the Nation’s Most Sensitive Information & 800-171 Update - Ron Ross - CSP #131

NIST recently released the initial draft of a major update to its cybersecurity guidelines for protecting sensitive unclassified information. The update is intended to help federal agencies and government contractors implement cybersecurity requirements more consistently. The revised draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171 Revision 3), will be of particular interest to the many thousands of businesses that contract with the federal government. Federal rules that govern the protection of controlled unclassified information (CUI), which includes such sensitive data as health information, critical energy infrastructure information and intellectual property, reference the SP 800-171 security requirements. Systems that store CUI often support government programs containing critical assets, such as design specifications for weapons systems, communications systems, and space systems. The changes are intended in part to help these businesses better understand how to implement the specific cybersecurity safeguards provided in a closely related NIST publication, SP 800-53 Rev. 5. The authors have aligned the language of the two publications, so that businesses can more readily apply SP 800-53’s catalog of technical tools, or “controls,” to achieve SP 800-171’s cybersecurity outcomes. The update is designed to help maintain consistent defenses against high-level threats to information security. Many of the newly added requirements specifically address threats to CUI, which recently has been a target of state-level espionage. NIST wants to implement and maintain state-of-the-practice defenses because the threat space of hostile adversaries is changing constantly. Protecting CUI is critical to the national and economic security interests of the United States. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp-131
7/18/202327 minutes, 47 seconds
Episode Artwork

The Evolution & Portability of the CISO Role - Sheldon Cuffie - CSP #130

As a function of CISOs responsibilities, the best are multi-faceted leaders that shift between cyber, technical, and business domains in response to shifting cyber-risk landscape. This level of adaptability makes them portable to other CISO roles in different industries, and C-level roles that they may not have thought of and frankly, others may not have thought of for them. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp-130  
7/11/202327 minutes, 47 seconds
Episode Artwork

Being a CISO in Higher Education - Lorna Koppel - CSP #129

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-129
7/4/202323 minutes, 32 seconds
Episode Artwork

Being a CISO in Higher Education - Lorna Koppel - CSP #129

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Show Notes: https://securityweekly.com/csp-129
7/4/202323 minutes, 32 seconds
Episode Artwork

Building High Performing Security, RM, & Resilience Teams - Darin Hurd - CSP #128

Navigate the complexities of building high performing teams in security, risk management, and business resilience uncovering the strategy, frameworks and tactics. Join us as we explore the nuances of collaboration, strategy formulation, and innovative thinking that empower these teams to excel in challenging business and risk management environments. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-128  
6/27/202324 minutes, 37 seconds
Episode Artwork

Deliver High Impact Global Security Programs with Low Ego - Rajesh David - CSP #127

In today’s hyper connected world how do you create a global cyber program that can deliver locally. You start by creating a culture - a culture rooted to delivering high impact with low ego. Culture eats strategy for breakfast ... Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp-127
6/20/202329 minutes, 3 seconds
Episode Artwork

Security @ Scale: Building Trust, Starting with Cybersecurity - Rob Duhart Jr. - CSP #126

10,500 storefronts. 2.3 million associates worldwide. $572.8 billion in revenue. Today’s cybersecurity landscape is complex, as attacks can deliver disruption in the blink of an eye. The focus of Walmart’s Information Security team is to secure our operating environment in the service of building and maintaining trust with our customers, associates and stakeholders. To perform at the necessary scale, it takes a village of intelligent associates, a reliance on technologies like automation and a vigilant mindset to stay ahead of adversarial threats. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-126
6/13/202328 minutes, 48 seconds
Episode Artwork

The Company’s Lawyer is Not Your Lawyer – Legal Self Defense - Larry Dietz - CSP #125

Joe Sullivan has shown all of us that CISOs are on the front lines when it comes to breaches and their legal aftermath. Unfortunately, most CISOs are not attorneys and may not understand the rules of engagement with law enforcement to the point where they may find themselves in legal jeopardy for ‘doing the right thing’. Join Larry Dietz long time cybersecurity professional, attorney and retired US Army Colonel and Todd Fitzgerald for a lively discussion on how to prepare for the legal ramifications of security incidents. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-125
6/6/202327 minutes, 1 second
Episode Artwork

Are We Thinking in the Right Way as CISOs? - Sajan Gautam - CSP #124

CISOs want to enable the business. But sometimes we must stand our ground and explain our position with rationale. So, how do we convince other people to act without telling their baby is ugly? Join us, as we discuss having difficult conversations.   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp-124 
5/30/202323 minutes, 21 seconds
Episode Artwork

Using Data to Estimate Cyber Risk Financial Implications - Paul Sand - CSP #123

The CISO who can speak to the financial implications of cyber risk will be able to successfully work amongst the C-suite and in the board room to prioritize and address cyber initiatives. Building a view of the financial implications of those risks based on real data enhances not only the CISO’s decision-making ability but also the CISO’s credibility with stakeholders. Join us as we take a look at how industry and enterprise data sources can be leveraged to build a view of the financial implications of cyber risk to set the stage for making quality decisions.   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp123 
5/23/202324 minutes, 27 seconds
Episode Artwork

SEC Cybersecurity Risk Governance Requirements - Christopher Hetner - CSP #122

In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues. The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk.   Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp122 
5/16/202326 minutes, 38 seconds
Episode Artwork

Cyber-Local: City of Chicago Cybersecurity Mission - Bruce Coffing - CSP #121

All CISO roles are challenging. CISOs of large municipalities face many of the same risks with a unique set of challenges to overcome. Join us for a conversation about the rewarding experience of leading a government cybersecurity program for the nation’s third largest city.   Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp121 
5/9/202329 minutes, 17 seconds
Episode Artwork

Establishing and Enrolling Others in a Cybersecurity Vision - Joey Johnson - CSP #120

Writing a cybersecurity strategy is an essential role of the CISO. How do you avoid the strategy from becoming outdated? Shelfware? Not in line with the business? Join us as Joey articulates his techniques for gaining stakeholder adoption of the strategy.   Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp120 
5/2/202324 minutes, 31 seconds
Episode Artwork

Leadership Lessons Learned and Preparing your CISO Successor - Dave Estlick - CSP #119

Obtaining our first CISO role is an exciting and challenging experience at the same time. At some point, we will move on to another company. How have you prepared the person who needs to take your role? What knowledge and experience are you sharing with the next in line? Join Dave, as he has some great leadership lessons, approaches and tips for helping the next CISO and the organization.   Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/    Show Notes: https://securityweekly.com/csp119 
4/25/202335 minutes, 16 seconds
Episode Artwork

From Nothing to Something: Overcoming Hurdles - Larry Whiteside Jr - CSP #118

Everyone has a struggle or hurdle they will face. Your outcome is largely determined by your approach. Does this mean you will get OVER every hurdle? No. But sometimes, you can go around it or under it and still reach your final destination.   Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp118 
4/18/202333 minutes, 22 seconds
Episode Artwork

From Nothing to Something: Overcoming Hurdles - Larry Whiteside Jr - CSP #118

Everyone has a struggle or hurdle they will face. Your outcome is largely determined by your approach. Does this mean you will get OVER every hurdle? No. But sometimes, you can go around it or under it and still reach your final destination.   Show Notes: https://securityweekly.com/csp118 
4/18/202333 minutes, 22 seconds
Episode Artwork

20 Years of GRC: What Have we Learned? What is Next? - Michael Rasmussen - CSP #117

Ensuring organizations have the proper governance, risk and compliance (GRC) practices is essential to ensuring risks are appropriately mitigated. Join us as we discuss the interconnectedness of risk, the process of GRC , and Michael’s thoughts on how to improve the process.   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp117 
4/11/202324 minutes, 47 seconds
Episode Artwork

County Government Cyber: Don’t Let the Roadblocks Stop You ft. Michael Dent & Richard Greenberg- CSP #116

How is County Government Security different from company cybersecurity? Is it difficult to get funding and attract resources? What are the advantages to working in Country government cybersecurity? Join two experienced County Government CISOS, with experience in leading cybersecurity in two of the largest counties in the U.S, Fairfax County and Los Angeles County.   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/   Show Notes: https://securityweekly.com/csp116
4/4/202332 minutes, 8 seconds
Episode Artwork

Connecting with Higher Education: New Talent at the Source - Fred Kwong - CSP #115

Finding cyber talent is difficult in today's market. At a time when cyber salaries are high, working with universities to tap into the new cyber workforce is something all companies should be looking at. Today we will explore how to work with universities to bring talent to your organization. Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Visit https://securityweekly.com/csp for all the latest episodes!   Show Notes: https://securityweekly.com/csp115
3/28/202329 minutes, 59 seconds
Episode Artwork

Security vs. Operations – Balancing the Risk - Ross Leo - CSP #114

The role of CISO is one filled with challenges and decisions. Frequently, a CISO is faced with having to decide in compromise with Operations, in favor of Operations. This can be a very difficult and risky choice to make - but the ideal of having both get 100% of what they want, or need is not realistic. How to do this? In this session, we discuss how to analyze both POV, both sets of requirements and issues and reach optimal decisions that, hopefully, achieves a balance between these without amplifying risk. Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Visit https://securityweekly.com/csp for all the latest episodes!   Show Notes: https://securityweekly.com/csp114
3/27/202327 minutes, 14 seconds
Episode Artwork

CSP #113 - The Rise of the Chief Product Security Officer - Jason Christman

Cybersecurity is becoming a #1 business risk for many organizations. For CISOs to effectively manage this risk, proper strategy, adequate resourcing, and leadership support are all essential, but not enough. CISOs need a trusted partner on the supplier side, a product CISO, known within industry as a Chief Product Security Officer, who understands customer risk, drives secure product design and development, and manages cyber support across the lifecycle of software products and connected solutions. Manufacturers around the world are investing in the Chief Product Security Officer role to elevate and mature their product security program. Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp113
3/14/202326 minutes, 13 seconds
Episode Artwork

CSP #112 - Leading Cybersecurity with Purpose - Nicole Darden Ford

Now more than ever, the significant demand for cybersecurity professionals serves as an opportunity to align with your organization’s DE&I priorities. Building a diverse and inclusive workforce is achievable and begins with intentional leadership. Learn from a cybersecurity leader’s successful track record and how to stand by your organization’s greatest asset. Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp112
3/7/202331 minutes, 19 seconds
Episode Artwork

CSP #111 - Business Ethics and the CISO - Troy Stairwalt

As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior.  Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario. CISOs must: 1 Understand your organizations risk tolerance and appetite 2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics. 3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds. 4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours? 5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor! Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp111
2/28/202327 minutes, 47 seconds
Episode Artwork

CSP #110 - Interview - 100 CISO STORIES Podcasts, What Did we Learn?

The successful CISO STORIES podcast started by interviewing the 75 contributors to the #1 Best-selling (2019-2022) and 2020 CANON Cybersecurity Hall of Fame Winning CISO roadmap book CISO COMPASS: Navigating Cybersecurity Leadership with Insights from Pioneers. These 25–30-minute podcasts have brought many issues to life, leveraging the experience of CISOs and other top security industry leaders. This podcast interviews the show host and reviews some clips from some of the more memorable episodes. Visit https://securityweekly.com/csp for all the latest episodes!  Follow us on Twitter: https://www.twitter.com/cyberleaders  Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders  Show Notes: https://securityweekly.com/csp110
2/21/202332 minutes, 14 seconds
Episode Artwork

CSP #109 - 2023 CISO Cybersecurity Priorities

Every year brings new challenges in protecting our companies and nations from threat actors. Join our conversation with key CISOs as we look back at 2022 and review some of the key learnings, and look ahead with a laser focus on 2023 priorities for cybersecurity. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!   Show Notes: https://securityweekly.com/csp109
2/14/202359 minutes, 53 seconds
Episode Artwork

CSP #108 - 2023 NFL Superbowl: Year-Long Cybersecurity Preparation - Tomás Maldonado

With over 112 million viewers tuning into the Superbowl in 2022, it is arguably the most watched televised event in the USA, with many fans globally. Whether watching for the NFL game of the year, the Superbowl Ads, or the incredible half-time shows, one can appreciate the complexity in managing security and cybersecurity for this large event. Join us, as we the CISO for the NFL discusses the complexity of ensuring an event like this, and efforts to maintain the confidentiality, integrity, and availability for the millions of end users, expecting the see the game of the year. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp110
2/7/202330 minutes, 56 seconds
Episode Artwork

CSP #107 - The Trends & Future with Cloud (PaaS & IaaS) - Erik Hart

Join Erik Hart, CISO at Cushman & Wakefield, and Eden Naftali, CTO Operations at from Wiz for a discussion around key trends in the cloud with the rapid pace of innovation and new technologies in IaaS and PaaS. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp110
1/31/202320 minutes, 17 seconds
Episode Artwork

CSP #106 - Cybersecurity in a 5G World - Timothy Youngblood

While 5G has been designed with specifications and capabilities that make it more secure than previous generations, 5G is also being deployed in a more complex threat landscape that continues to grow and evolve. How do we transform cybersecurity across the enterprise to reduce risk, particularly within a hybrid and distributed workforce? And how can new innovations in 5G, Artificial Intelligence, Cloud Technologies, Cryptography and more help us better predict attacks and prevent breaches. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp106
1/24/202327 minutes, 17 seconds
Episode Artwork

CSP #105 - Dear Auditor: Why is this a high risk finding? Can we talk?

CISOs often have a love/hate relationship with auditors, as it is the auditors that are placing judgment on the adequacy of company cybersecurity controls. Join this session from the perspective of an IT Audit leader and former CISO, as to how to view the auditors and strengthen the cybersecurity program amid adversity. Show Notes: https://securityweekly.com/csp105 This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/17/202330 minutes, 10 seconds
Episode Artwork

CSP #104 - Inclusive Leadership for CISOs Now!

The skills that got us to the CISO seat are not all we need to lead our teams and companies now. Inclusive leadership is bigger than just building a diverse team, it's knowing how to lead and develop others. This discussion to engage further on the topic of cybersecurity leadership development, blind spot detection and adapting to changing business needs Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp104
1/10/202327 minutes, 59 seconds
Episode Artwork

CSP #103 - The Future is Here – Now What? - Patti Titus

The convergence of quantum computing, artificial intelligence, machine learning and material fabrication is allowing innovation to take place in weeks verses years. What are the security implications and how should CISO's be thinking and planning for the transformation in our security capabilities to meet these new demands? This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp103  
1/3/202329 minutes, 2 seconds
Episode Artwork

CSP #102 - CISO Soft Skills Will Make or Break You! - Robert Wood

Cybersecurity is so heavily focused on technical topics, but it's the soft skills that can make or break a person. Whether you're negotiating a budget, trying to persuade another team to prioritize security patches, or collaborating with another team on a product feature, soft skills will make a security team and the individual professional more impactful. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp102
12/27/202228 minutes, 35 seconds
Episode Artwork

CSP #101 - Security Top of Mind: Key Learnings from 2022 & Thoughts on 2023 - Ryan Kazanciyan

Join Ryan Kazanciyan, CISO at Wiz (previously Meta, Tanium, Mandiant), and Raaz Herzberg from Wiz for a discussion on core security challenges we saw in 2022 and what should be top of mind for companies and security teams as they head into 2023. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp101
12/20/202225 minutes, 21 seconds
Episode Artwork

CSP #100 - Cybersecurity Myths & Misconceptions: Avoiding the Pitfalls - Eugene Spafford

Many people working in cybersecurity fall victim to myths, advertising hype, and misconceptions about fundamental concepts. The speaker has recently coauthored, with two distinguished colleagues, a book that is intended to dispel some of the common myths and provide information about how to better copy with the changing environment of cybersecurity. Spafford, E. et al. 2022. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls That Derail Us. 1st Ed. Available for Pre-Order on Amazon.com. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp100
12/13/202226 minutes, 2 seconds
Episode Artwork

CSP #99 - Build a Cybersecurity Vision and Strategy They Can Visualize - Jason Clark

Cybersecurity leaders are evaluated by their ability to build and sell a strategy that meets the needs of the organization. Listen to Jason’s experience in creating an impactful vision and cybersecurity strategy executive management can embrace! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://files.scmagazine.com/wp-content/uploads/2022/11/CISOSTORIES_JasonClark_Article.pdf Clark, J. 2019. Building a Security Vision and Strategy. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. . Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp99  
12/6/202225 minutes, 6 seconds
Episode Artwork

CSP #98 - What is a vCISO? What Do They Do? Does Having One Make Sense? - Michael Phillips & Matthew DeChant

Gartner says, “Organizations who recognize the value of a security leader but can’t afford a traditional CISO should consider virtual options. “With a current total cash compensation ranging from $208K to $337K, hiring a chief information security officer (CISO) may not be in the budget for small or midsize organizations, especially those that aren’t heavily regulated. Join 2 CISOS that have taken the plunge into the world of being a vCISO, as they share their experiences. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp98
11/29/202230 minutes, 34 seconds
Episode Artwork

CSP #97 - SMB vs Large Infosec: Different Approaches Required! - Dane Sandersen

Are you a Small or Medium Business (SMB) or a Large Business grappling with infosec challenges? Dane moved from a large, well-funded organization to a smaller organization which accelerated global business growth during his tenure! Join us as we discuss these differences and how to adapt to the different environments. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://files.scmagazine.com/wp-content/uploads/2022/11/CISOSTORIES_DaneSandersen_Article.pdf Sandersen, D. 2019. Moving From a Large Company to Small-Medium-Sized Company as CISO. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 484-485. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp97
11/22/202224 minutes, 42 seconds
Episode Artwork

CSP #96 - How the CISO can Make the Biggest Impact for the Company - Tim Callahan

Information Security is often seen as a cost center and drain on the revenue of a company. It may be seen as necessary to protect the company, but the value is not always understood by leadership and peers to the CISO. Taken from personal experience, in this talk, we will explore some suggestions on how CISOs can bring and show value to their companies. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp96
11/15/202228 minutes, 31 seconds
Episode Artwork

CSP #95 - The Value of Cyber Defense Competitions in Building a Strong SOC - Brian Wickenhauser

The Security Operations Center is often the first line of engagement for security incidents. It’s essential that SOC teams are planned, practiced, and prepared to act. One of the best ways to do that? Cyber Defense Exercises. Join us as we discuss how these work and the value to the program. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp95
11/8/202222 minutes, 8 seconds
Episode Artwork

CSP #94 - Surviving and Thriving in the CISO Role for the Long Run - Jim Cameli

The average tenure of a CISO is 18 Months to 5 years, depending upon the research. Learn from a CISO who has been employed by the same organization for almost 4 decades! Learn as Jim shares some of his key learnings as he has worked with an organization that has gone through many changes during his tenure, and some ideas to add to your own CISO career strategy. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp94
11/1/202231 minutes, 22 seconds
Episode Artwork

CSP #93 - Approaching Cloud Security from a Cloud-Native Perspective - Josh Dreyfuss

What is the best way to approach cloud security as the cloud environment evolves and what should security leaders consider as they think about scaling their security? Join us to learn about how CISO of Wiz, Ryan Kazanciyan thinks about cloud security from a cloud-native perspective, what makes securing your cloud infrastructure so challenging, and what makes your cloud security posture “good”? This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp93
10/25/202220 minutes, 57 seconds
Episode Artwork

CSP #92 - NIST Privacy Framework 101 - Dylan Gilbert

The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Join the leader of the NIST development team to learn about why the framework was created, how it can be used, and the resources available. NIST Privacy Framework, https://www.nist.gov/privacy-framework Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp92
10/18/202231 minutes, 8 seconds
Episode Artwork

CSP #91 - Cybersecurity Leadership Through Adversity - Marc Varner

The Covid-19 pandemic caused many organizations to quickly pivot to a remote environment, while for others, this was more business as usual and simply acquiring more VPN licenses. Marc has led technology risk management/security for several large companies, experiencing even more impactful changes. How do you lead through this adversity? How do you get the organization to change? Join us as Marc shares his experience. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp91
10/11/202226 minutes, 40 seconds
Episode Artwork

CSP #90 - 2022 DBIR Trends: Ransomware, Remote Work, Threat Actors...Oh My! - Chris Novak

Chris has been a contributing author to the industry-recognized Verizon Data Breach Investigations Report (DBIR) since its inception (2008), a report which provides valuable information for CISOs on current trends and mitigation approaches. Join Chris as he reviews this year’s (2022-2023) key trends with Ransomware, COVID-19 Remote Working impacts, threat actors, and risk mitigation. 2022 Data Breach Investigations Report, Verizon. https://www.verizon.com/business/resources/reports/dbir/ This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Follow  Show Notes: https://securityweekly.com/csp90
10/4/202232 minutes, 33 seconds
Episode Artwork

CSP #89 - Are CISOs Experiencing a Mental Health Crisis? - Shamla Naidoo

CISOs have a stressful job, due to the many threats, unknowns and high expectations. How does this impact mental health? Is this different from other leadership roles? Should you discuss with your company? Join Shamla who has held several Fortune 100 CISO roles, as she discusses several approaches to this real issue. Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 1. Dark Reading (Jan 28). https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-1 Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 2. Dark Reading (Jan 31). https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-2 This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp89  
9/27/202229 minutes, 32 seconds
Episode Artwork

CSP #88 - The NIST Cybersecurity Framework Explained - From Its Leader - Matthew Smith

The NIST Cybersecurity Framework simplifies the language of Cybersecurity across the organization. Learn from the person who led the contracting team for the development of the NIST Cybersecurity Framework what the framework is all about and how it can reduce risk to the organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_MatthewSmith_Article.pdf Smith, M. 2019. Using the Nist Cybersecurity Framework in an International Setting In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 239-240. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp88
9/20/202224 minutes, 19 seconds
Episode Artwork

CSP #87 - Should we be Concerned About Quantum Computing and Cybersecurity Now? - Richard Rushing

There has been much discussion lately about Quantum Computing and the future threats to encryption and authentication it could cause. Should CISOs be worried? Are there steps that should be taken now? Join us as we discuss Quantum computing and the implications for the CISO – today. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp87
9/13/202229 minutes, 13 seconds
Episode Artwork

CSP #86 - Are Cryptocurrencies to Blame for the Increase in Ransomware Attacks? - Bob Seeman

Fortunes have been gained and lost through Bitcoin and other cryptocurrency purchases. Ransomware paid in cryptocurrency is rarely recovered. Should the CISOs get involved in promoting regulation of the cryptocurrency? Would this reduce the number and amounts paid in ransomware attacks? Join the author of “The COiNMEN”, who has extensively researched cryptocurrencies and promoted policy changes as he shares his views. Segment Resources: Letter in Support of Responsible Fintech Policy, www.concerned.tech “The Coinmen” is on Amazon at https://www.amazon.com/dp/B09SL16P5Y . This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp86
9/6/202230 minutes, 19 seconds
Episode Artwork

CSP #85 - Cyberinsurance & the CISO: What You Need to Know - Bryan E. Hurd

As ransomware wreaks havoc on our systems and information, more companies are transferring some of the risk through Cyber Insurance. What technologies are cyber insurance companies looking to have in place? How are insurance companies setting the premiums? Join Bryan as he shares his extensive cyber counterintelligence and forensic experience in supporting CISOs to navigate cyberinsurance carriers. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp85
8/30/202231 minutes, 3 seconds
Episode Artwork

CSP #84 - The Positive Power of Community Engagement - Ron Hale

Ron has seen the CISO role emerge over as a senior executive at ISACA. Join us as Ron shares the necessity of the CISO getting out of the office and the types of forums that are most beneficial to the CISO, based upon his decades experience in enhancing the CISO profession. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_RonHale_ArticleV2.pdf Hale, R. 2019. The Positive Power of Community Engagement. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp84
8/23/202223 minutes, 14 seconds
Episode Artwork

CSP #83 - The CEO Won’t Wear a Security Badge? Try This! - John Ceraolo

What do you do if the most senior person in your organization, the CEO, refuses to wear security badges- an essential control for identifying associates and restricting physical entry? Listen as John uses creativity to win the heart and mind of the CEO and embrace and become a strong advocate of the security awareness program! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_JohnCeraolo_ArticleV2.pdf Ceraolo, J. 2019. Listening and Using Creativity in You Security Program In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp83
8/19/202224 minutes, 55 seconds
Episode Artwork

CSP #82 - Have we Forgotten About the Basics? - Benjamin Corll

Go to any security conference today and there is a plethora of new products to prevent, detect and respond to the current threat environment. But are we missing something? Is there a less expensive and more tactical way to approach security? Join Benjamin as we review what some are the key basics are that should be in place before investing in higher-end technology. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp82
8/9/202227 minutes, 20 seconds
Episode Artwork

CSP #81 - Using MindMaps to Strengthen Cybersecurity - Michael Wilcox

CISOs, security leaders and their teams must consume a large amount of information from many sources to remain effective. How does the CISO organize unstructured information? How does the CISO brainstorm? How does the CISO collaborate? Mind Mapping is a very effective tool to generate ideas quickly and was also used to create the CISO COMPASS book! Learn from a CISO who uses Mind Maps™ for just about everything! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelWilcox_Article.pdf  Wilcox, M. 2019. Mind Maps™ Effective Method for Organizing Cybersecurity Information In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 80-81. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp81
8/2/202230 minutes, 9 seconds
Episode Artwork

CSP #80 - How to Talk With Your Lawyer - Mark Daryl Rasch

A Lawyer can be the CISOs best friend and advocate for cybersecurity investments. Are you frustrated with a lawyers answer of, “it depends?” Lawyers have a different thought process than many CISOs when apply the law. Join this session from a notable cybersecurity lawyer as to the differences in language and how to best take advantage of the legal expertise available to support the mission. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MarkDRasch_Article.pdf Rasch, M. 2019. How to Talk to Your Lawyer In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 317-318. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp80
7/26/202224 minutes, 15 seconds
Episode Artwork

CSP #79 - Insider's View of the CISO Search - Joyce Brocaglia

Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_Joyce_Brocaglia_Article.pdf Brocaglia. 2019. An Insider’s View of the CISO Search In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 33-35. Fitzgerald, T. CRC Press, Boca Raton, Fl. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today. Show Notes: https://securityweekly.com/csp79
7/19/202231 minutes, 35 seconds
Episode Artwork

CSP #78 - Solarwinds From the Inside: The Breach and the Aftermath - Tim Brown

The Solarwinds breach raised the visibility of Software supply chain risks, as many organizations employ third party software with potential access to sensitive information. Join the CISO of Solarwinds as he discusses what happened during the attack, the lessons learned, the mitigations employed after the attack, and excellent, transparent actions for organizations to manage software development and distribution processes. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp78
7/12/202229 minutes, 54 seconds
Episode Artwork

CSP #77 - Protecting Your Intellectual Property - Michael Boucher

As CISOs embark on implementing an Intellectual Property protection effort, they are often met with resistance, being challenged as to the necessity of the effort. Join Michael as he shares his experience in winning the support for his efforts to properly classify and secure the information and systems.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelBoucher_Article.pdf   Boucher, M. 2019. Data Protection: Security Intellectual Property In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp77
7/5/202223 minutes, 16 seconds
Episode Artwork

CSP #76 - Achieving a Competitive Advantage Through Privacy By Design - Ann Cavoukian

Join the former Privacy Commissioner of Ontario, Canada and creator of PrivacyByDesign (PbD), translated into 40 languages and incorporated into General Data Protection Regulation (GDPR) and used by many organizations to proactively “bake-in” privacy into our systems. Every CISO needs to pay attention to and support the various country privacy laws. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_AnnCavoukian_Article.pdf Cavoukian, A. 2019. Lead with Privacy by Design for Competitive Advantage. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp76
6/28/202222 minutes, 10 seconds
Episode Artwork

CSP #75 - Attracting Talent Using The Nice Framework - Greg Witte

As your organization increases the cybersecurity talent to protect and defend the information assets, how do you know what skills are needed? What tasks are to be performed and what knowledge is necessary to perform these functions? The NIST NICE Framework helps define the job and assist the CISO in hiring as well as measuring the capability along the career path. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_GregWitte_Article.pdf Witte, G. 2019. Using NICE Framework to Attract Talent In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 422. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp75
6/21/202224 minutes, 29 seconds
Episode Artwork

CSP #74 - Where Should the CISO Report? Guess Again! - Stephen Fried

Where the CISO should report has been debated for many years, with the predominant view being “anywhere but the CIO”, while even in 2022, most CISOs are reporting to the CIO! Which reporting structure viewpoint is right? This podcast will examine the pros and cons of reporting to the CIO and other departments. Join Stephen as he shares his experience as a Former CISO for several large financial institutions, along with his current views. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_StephenFried_Article.pdf Fried, S. 2019. The Best Reporting Relationship for a CISO May Not Be What You Think! In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 174-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp74
6/14/202226 minutes
Episode Artwork

CSP #73 - Educating Senior Management in Cybersecurity - Edward Amoroso

Managing cybersecurity defense inside an organization is an enormously complex endeavor, considering the interconnections, vendor relationships, cloud, and mobile proliferation of the data. While many of these computing technologies have a clear purpose and usefulness, many times organizations minimize the complexity when presenting to the Board. Should we? Join us as we discuss a different approach to better communications. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_EdwardAmoroso_Article.pdf Amoroso, E. 2019. Educating Senior Management in Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 150-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp73
6/7/202226 minutes, 42 seconds
Episode Artwork

CSP #72 - Moving From a Techie to a CISO - Shaun Cavanaugh

Careers can just happen, or they can be planned. Join us as we discuss making the decision to become a CISO and then taking the steps necessary to develop the skills to attain the job and thrive in the role. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_ShaunCavanaugh_Article.pdf Cavanaugh, S. 2019. From Techie to CISO – Identify Where you Want to Be and How to Get There. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 480-481. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp72
5/31/202228 minutes, 33 seconds
Episode Artwork

CSP #71 - Women in Leadership - Stacy Mill

The cybersecurity field has traditionally been male dominated and there is clearly a desire to attract more women into the field. Join us as we discuss practical tips for women advancement to leadership positions, how to stand apart when climbing the leadership ladder, and advice for leading effective teams. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_StayMill_Article.pdf Mill, S. 2019. Women In Leadership – Practical Advice. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 425 Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  Show Notes: https://securityweekly.com/csp71
5/24/202227 minutes, 14 seconds
Episode Artwork

CSP #70 - Establishing and Selling The Cost of Cybersecurity - Devon Bryan

The security spend is increasing year over year as hackers become more sophisticated, organized, and opportunistic. Join us as we discuss ways to determine and evaluate the cost of cybersecurity to ensure the organization is spending the appropriate amount to reduce the risk to an acceptable level. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_DevonBryan_Article.pdf Bryan, D. 2019. The Cost of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 501-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp70
5/17/202227 minutes, 43 seconds
Episode Artwork

CSP #69 - Deliver Your Board Message with Context and Confidence! - Jason Witty

A key function of the CISO is to provide an accurate organizational picture of the risk the organization is currently accepting and communicate the strategy for enhancing the security maturity in support of the business goals. The way you prepare and communicate is just as important as the message. Join us as we discuss how to improve the delivery of the message. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonWitty_Article.pdf Witty, J. 2019. Projecting Confidence when Presenting to the Board of Directors. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 493-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes!  Show Notes: https://securityweekly.com/csp69
5/10/202222 minutes, 28 seconds
Episode Artwork

CSP #68 - Using Security Metrics as a Shared Goal With Developers - Caroline Wong

Security metrics are often a struggle to establish by security departments. These metrics may be taking too narrow of a view, whereby metrics visible and embraced by other areas can improve the security program success. Join us as we discuss these metrics. Additionally, Caroline is graciously offering her Linkedin metrics course focused on establishing objectives and measuring progress towards the objectives, to CISO STORIES listeners at no cost at https://www.linkedin.com/learning/learning-security-metrics/why-are-security-metrics-important?autoplay=true To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_CarolineWong_Article.pdf Wong, C. 2019. Sharing the Metrics Goal Between Departments. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 158-9. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp68
5/3/202225 minutes, 11 seconds
Episode Artwork

CSP #67 - Keeping Up with the Jones when Your Neighbors Are Bad Actors - Jason Taule

Organizations want to know, how are we doing with respect to security? Companies can accept risks they are aware of, and don’t want to outspend the competitors with the industry vertical. They also need a way to understand and benchmark the effectiveness of the security program. Join us as we discuss how to ensure the threats are being evaluated.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonTaule_Article.pdf   Taule, J. 2019. Keeping Up with The Jones (When Your Neighbors Are Bad Actors). In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 156-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp67 Visit https://securityweekly.com/csp for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/26/202225 minutes, 58 seconds
Episode Artwork

CSP #66 - Get Ready: 4 Generations Are Returning to The Office! - Caitlin McGaw

We have four generations predominantly in the workforce today, boomers, generation X, Millennials, and Generation Z. Each generation was influenced by different world events, shaping values towards work, family, and technology. The past few years have brought a changing view towards work, with remote and hybrid working. Join us as we discuss these challenges.   McGaw, C. 2019. Optimizing Four Generations in The Workforce. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 443-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp66 Visit https://securityweekly.com/csp for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/19/202225 minutes, 45 seconds
Episode Artwork

CSP #65 - Control Frameworks Are There For A Reason - Philip Agcaoili

In addition to serving as a CISO for several large companies, Phil was instrumental in co-founding the Cloud Security Alliance (CSA) and creating the Cloud Controls Matrix (CCM) to identify what standards from the many frameworks such as NIST, ISO27000, COBIT, HIPAA, PCIDSS, etc. would be applicable to the cloud environment. Join Phil as he discusses his view of these frameworks and his approach to security today.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Phil_Agcaoili_Article.pdf   Agcaoili, P. 2019. Leveraging Control Frameworks. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 223-227. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp65 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/12/202232 minutes, 56 seconds
Episode Artwork

CSP #64 - Change Controls Are More Necessary Than Ever - Rebecca Herold

Organizations are developing technology at a rapid pace today to maintain business relevance and adapt to changing conditions. Rebecca talks about the importance of ensuring change control is implemented and the real impacts if not implemented correctly.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Rebecca_Herold_Article.pdf   Herold, R. 2019 Change Controls Are More Necessary Than Ever. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 119-120. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp64 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/5/202226 minutes, 3 seconds
Episode Artwork

CSP #63 - Determining Cyber Risk Appetite With the Board - Adel Melek

One of the most important and impactful tasks of the CISO is presenting to the Board of Directors and Senior Management. The Board needs to have the confidence the CISO is able to determine risk and provide recommendations of cost-effective business-oriented solutions. Listen to Adel as he shares his experience in working with many organizations to reduce risk.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Adel_Melek_Article.pdf   Melek, A. 2019. Determining Risk Appetite with the Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 505. Fitzgerald, T. CRC Press, Boca Raton, Fl www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp63 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/29/202230 minutes, 12 seconds
Episode Artwork

CSP #62 - CISO Priorities 2022

For security leaders, it can be hard to catch a break when faced with the increasingly challenging task of defending their organizations from evolving threats while simultaneously fighting the battle of the budget in an effort to do more with less. What issues should CISOs be prioritizing, and how can they get the most bang for their buck with regard to minimizing potential risks and maximizing potential outcomes? CISO Stories Podcast hosts Sam Curry, CSO at Cybereason, and Todd Fitzgerald, VP of Strategy at the Cybersecurity Collaborative, are joined by an esteemed panel of accomplished security leaders to discuss these challenges and more. Join our panel of seasoned CISOs from multiple industries as they share their valuable perspectives on: - Ransomware and the impact on global stability - Supply chain attacks and trusted infection vectors - Detection and response across the network and in the Cloud - Incident Response readiness - Attracting and retaining the right talent   Show Notes: https://securityweekly.com/csp62 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/22/20221 hour, 2 minutes, 7 seconds
Episode Artwork

CSP #61 - Why Are We Still Failing at Security? - Wayman Cummings

Why are we failing at security, and will we ever graduate from Cyber-Kindergarten? The industry has arguably made a lot of progress over the last three decades, yet the attackers still enjoy a distinct advantage. Wayman Cummings, VP of Security Operations at Unisys, joins the podcast to discuss how industry stagnation impacts the security for our critical infrastructure when that rises to the level of national security, what value true public-private partnerships can bring, and more…   Show Notes: https://securityweekly.com/csp61 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/15/202213 minutes, 23 seconds
Episode Artwork

CSP #60 - The CISO Six Minute Rule - Renee Stark

Sharing sensitive information on a website is likely to solicit a ‘No Way” response from the CISO. Renee was faced with these decisions early in her career and needed a way to determine and communicate the right pragmatic and ethical decision. She developed the ‘Six-Month Rule”, which has evolved into the “Six-Minute Rule” to guide these decisions. Just us as Renee articulates how to help appropriate stakeholders make informed risk/reward decisions.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Renee_Guttmann-Stark_Article.pdf   Guttmann-Stark, R. 2019 Six-Minute Rule. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 194-195. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp60 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/8/202227 minutes, 2 seconds
Episode Artwork

Lessons Learned from Building an ISAC - Grant Sewell - CSP #59

Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990’s and now represent over 20 industry sectors. Grant shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Grant_Sewell_Article.pdf   Sewell, G. 2019. Experience with an Information Sharing and Analysis Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 116. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp59 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/1/202226 minutes, 50 seconds
Episode Artwork

Getting the Board on Board With Security - Richard Clarke - CSP #58

Richard spent several decades serving Presidents of both parties and understands what is necessary to implement effective security programs. Join us as he provides pragmatic tips for working with the Board of Directors to effectively communicate the investment need and articulate the benefits in terms the Board can support.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Richard_A_Clarke_Article.pdf   Clarke, R. A. 2019 Getting the Board on Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 499. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp58 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/22/202224 minutes, 58 seconds
Episode Artwork

Understanding and Preparing for the Next Log4j - Benny Lakunishok - CSP #57

The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, co-founder and CEO of Zero Networks, takes us deeper…   Show Notes: https://securityweekly.com/csp57 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/15/202223 minutes, 20 seconds
Episode Artwork

A Cost-Effective Approach to Security Risk Management - Jack Jones - CSP #56

Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Jack_Jones_Article.pdf   Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp56 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/8/202232 minutes, 28 seconds
Episode Artwork

Creating Security Budgets Where There is No Budget - Kevin Richards - CSP #55

Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin describes how to leverage the current environment to “find” new sources of budget to fund the right cybersecurity investments.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_KevinRichards_Article.pdf   Richards, K. 2019. Creating Budget Where There Is No Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 482. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp55 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/1/202226 minutes, 58 seconds
Episode Artwork

When Should You Just Do It Internally or Hire a Consultant? - John Iatonna - CSP #54

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf   Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp54 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/25/202227 minutes, 27 seconds
Episode Artwork

Designing a Shared Vision with IT and the Business - Scott King - CSP #53

The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact that IT governance is eroding as easily and quickly should tell IT and infosec teams that they need to ditch their legacy models of service delivery and adopt an approach that addresses the current business needs and digital transformations many companies are undertaking. The security implications of this are significant in that security programs are not typically sized nor funded to deal with one technology approach yet alone two. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change.   Show Notes: https://securityweekly.com/csp53 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/18/202225 minutes, 30 seconds
Episode Artwork

Moving to the Cloud? Don't Forget Hardware Security! - Steve Orrin - CSP #52

While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security concerns. Steve discusses approaches to remaining compliant with the various laws (i.e., restricting where the data may reside) when moving to the cloud.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Steve_Orrin_Article.pdf   Orrin, S. 2019. Why Hardware Matters in Moving Securely to The Cloud. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 122. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp52 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/11/202222 minutes, 21 seconds
Episode Artwork

Privacy Hunger Games: Change The Rules - Samantha Thomas - CSP #51

Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if there are 90 of these organizations? Join this podcast to learn from a healthcare CISO who tackled this dilemma and subsequently changed a government law!   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Samantha_Thomas_Article.pdf   Thomas, S. 2019. Privacy Hunger Games: Change the Rules. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 344. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp51 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/4/202223 minutes, 27 seconds
Episode Artwork

Server Room to War Room: Enterprise Incident Response - Dawn-Marie Hutchinson - CSP #50

In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Listen to Dawn-Marie, who has navigated organizations as a CISO during crisis and consultant to “play like you practice.”   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Dawn-Marie_Hutchinson_Article.pdf   Hutchinson, D. 2019. Server Room to War Room…Enterprise Incident Response. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 214-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp50 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/28/202128 minutes, 50 seconds
Episode Artwork

CISO Shortlist: Key Issues to Cover for Todays CISOs - Leon Ravenna - CSP #49

As if CISOs don’t have enough to focus on, here’s a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest “fads” like CASB, ZTNA, SASE and more…   Show Notes: https://securityweekly.com/csp49 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/21/202128 minutes, 14 seconds
Episode Artwork

The Future Is Now: Model-Driven Security Using Data Science - Jim Routh - CSP #48

Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, and we need to find a better way. This session explores the experience of creating over 300 models using data science, machine learning, and automated incident response to increase the security posture for a major organization.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Jim_Routh_Article.pdf   Routh, J. 2019. Model-Driven Security is Making Fundamental Changes to Security Posture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 163-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp48 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/14/202127 minutes, 29 seconds
Episode Artwork

CISOs Need Training Too! - Candy Alexander - CSP #47

The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? Join this podcast to learn from the multiple term-elected ISSA International President.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Candy_Alexander_Article.pdf   Alexander, C. 2019. CISO approach to Training. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 478. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes!   Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/7/202125 minutes, 34 seconds
Episode Artwork

No Senior Management Buy-in, No Success - Chris Apgar - CSP #46

Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund the investments. Join this podcast to learn how to show senior management that funding these initiatives is more than risk avoidance and a cost to the bottom line.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Chris_Apgar_Article.pdf   Apgar, C. 2019. Security and Senior Management – Buy-In Is Critical to Success. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 139. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald.   Show Notes: https://securityweekly.com/csp46 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/30/202124 minutes, 25 seconds
Episode Artwork

Skills I Needed to be a First-Time CISO - Richard Kaufmann - CSP #45

Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Growth begins outside of your comfort zones, so some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable…   Show Notes: https://securityweekly.com/csp45 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/23/202123 minutes, 35 seconds
Episode Artwork

Which Approach Wins: Compliance or Risk? - Mark Burnette - CSP #44

Cybersecurity programs have evolved from the early days of compliance with regulations. Regulations are important and provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security? Join this podcast as the differences between compliance and true security are discussed.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/11/CISOSTORIES_Mark_Burnette_ArticleV1.pdf   Burnette, M. 2019. The Benefits of Focusing on Risk vs Compliance. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 18. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp44 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/16/202123 minutes, 19 seconds
Episode Artwork

Who Is Your SOC Really For? - Ricardo Lafosse - CSP #43

Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption?   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Ricardo_LaFosse_Article.pdf   Lafosse, R. 2019. Success Implementing A Shared Security Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 159. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp43 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/9/202130 minutes, 40 seconds
Episode Artwork

Do You Know where Your Data Is? - William Miaoulis - CSP #42

Data is everywhere today as users are working remotely, storing information in the cloud, downloading to USB drives and so on. Join this podcast to learn from a Healthcare CISO and some of the typical common events which take place to expose sensitive information.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_William_Miaoulis_Article.pdf   Miaoulis, W. 2019. Do You Know Where Your Data Is? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 368. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp42 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/2/202125 minutes, 54 seconds
Episode Artwork

The Nexus of Security, Privacy and Trust - Allison Miller - CSP #41

Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust? Should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? What does the future hold for our efforts to find the right balance between them?   Show Notes: https://securityweekly.com/csp41 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/26/202122 minutes, 44 seconds
Episode Artwork

5 Pitfalls Issuing Information Security & Privacy Policies - Charles Cresson Wood - CSP #40

The interviewee created the landmark ‘gold standard’ policy guidance in the book Information Security Policies Made Easy, now in its 13th version, and has extensively researched and helped organizations develop relevant policies. This podcast discusses the 5 key mistakes individuals make in creating and delivering policies to the organization.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Charles_Cresson_Wood_Article.pdf   Wood, C. 2019. Five Pitfalls to Avoid When Issuing Information Security and Privacy Policies In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 413. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/19/202129 minutes, 52 seconds
Episode Artwork

45 Minutes and 10,000 Servers Encrypted (NotPetya) - Todd Inskeep - CSP #39

Learn how to prepare and reduce the risk of the next ransomware event. The guest walks through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don’t miss this podcast for valuable insights from a real-life scenario.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Todd_Inskeep_Article.pdf   Inskeep, T. 2019. Dealing with Notpetya. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 204. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp39 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/12/202123 minutes, 11 seconds
Episode Artwork

Security Awareness That Works! - Steven Lentz - CSP #38

October is Security Awareness Month! Security Awareness programs must grab the employee’s attention if they are to succeed. Join the interviewee as he explains how he successfully engaged the workforce through creative and visible security awareness methods!   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Steven_Lentz_Article.pdf   Lentz, S. 2019. Security Awareness That Works. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 151. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp38 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! https://www.securityweek.com/nist-publishes-cybersecurity-workforce-framework https://www.securityweek.com/professionalizing-cybersecurity-practitioners-0 https://www.securityweek.com/cylance-launches-next-gen-endpoint-security-consumers https://www.securityweek.com/cisos-and-quest-cybersecurity-metrics-fit-business https://www.securityweek.com/whats-real-value-cost-breach-studies   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/5/202124 minutes, 20 seconds
Episode Artwork

Extending Detection and Response to the Cloud - Kathy Wang - CSP #37

Kathy Wang, CISO at Very Good Security, discusses challenges in extending detection and response capabilities to cloud deployments while also ensuring correlations across traditional networks, endpoints, mobile, and user identities. She explains how managing multi-cloud deployments impact this approach, and how organizations can ensure they have the visibility required to detect and remediate earlier.   Show Notes: https://securityweekly.com/csp37 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/28/202123 minutes, 2 seconds
Episode Artwork

Security from Scratch: Incident Response on a Shoestring Budget - Sam Monasteri - CSP #36

Every organization must be able to respond to an attack quickly. Join this podcast to learn key steps to implement in an incident response plan without breaking the bank. Sam approaches this issue by simplifying incident response into the 3 ‘P’s.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Sam_Monasteri_Article.pdf Monasteri, S. 2019. Security from Scratch: Incident Response on a Shoestring Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 161. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp36 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/21/202124 minutes, 11 seconds
Episode Artwork

Fiscally Responsible Ways to Train/Build Community - Kevin Novak - CSP #35

All organizations must have security awareness training programs to teach basics to end users. Similarly, the technical teams need to be exposed to flexible training that is interesting to them. Join this podcast to learn how to bring company groups together and form your own DEFCON-type event in-house or in partnership with other organizations.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Kevin_Novak_Article.pdf   Novak, K. 2019. Fiscally Responsible Ways to Train/Build Community. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 153. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp35 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/14/202123 minutes, 33 seconds
Episode Artwork

Communications Before, During and After the Breach - Melanie Ensign - CSP #34

Figuring out what to do after a breach is the wrong time to start the planning process. Communications strategies must be in place well beforehand and there are many benefits to the cybersecurity program for implementing these strategies in advance. Join this podcast to understand how teams benefit from relationships with communication and public relation specialists on their teams.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Melanie_Ensign_Article.pdf   Ensign, M. 2019. Importance of Communications before, during, and after the Breach. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 191. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp34 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/7/202122 minutes, 12 seconds
Episode Artwork

The Unpatchable Vulnerability That Is Human Nature - Rachel Tobac - CSP #33

Rachel, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature.   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
8/31/202116 minutes, 9 seconds
Episode Artwork

Did You Ask For (and Get!) Too Much Security Money! - James Christiansen - CSP #32

It seems CISOs are typically lamenting that the security budgets are insufficient. While this can represent a significant problem in achieving information security goals, what happens when you get the funding you asked for and asked to spend it in less time than expected? Join this session for an investment lesson learned you won’t want to miss!   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_James_Christiansen_Article.pdf Christiansen, J. 2019. Too Much Security Money? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 502. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp32 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
8/24/202125 minutes, 43 seconds
Episode Artwork

Practical Considerations for Managing Your MSSP - Johnathan Nguyen-Duy - CSP #31

For many organizations, large and small, it would be impractical to “skill up” to manage all aspects of cybersecurity. Managed Security Service Providers provide many different services. Join this podcast to learn how to work with the MSSP to ensure that the organization is obtaining the most value. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jonathan_Nguyen-Duy_Article.pdf Nguyen-Duy, J. 2019. Managing the MSSP. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 135. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Show Notes: https://securityweekly.com/csp31
8/17/202121 minutes, 36 seconds
Episode Artwork

Achieving Security Buy-in: Change Approach, Not Culture - David Nolan - CSP #30

We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, is it that the organization did not ‘get it’ or was it our approach? Join this podcast to learn how to achieve that buy-in. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_David_Nolan_Article.pdf Nolan, D. 2019. Achieving Security Buy-In: Change the Approach, Not the Culture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 470. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp30 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
8/10/202122 minutes, 55 seconds
Episode Artwork

Hacking Into Cybersecurity - Kerissa Varma - CSP #29

Kerissa Varma, Group Chief Information Security Officer of Old Mutual Limited, one of the largest financial services organizations on the African continent, discusses the cybersecurity skills shortage and her initiative to recruit brilliant minds from across an array of fields who have skill sets applicable to cybersecurity, but they might not even know it… This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
8/3/202120 minutes, 12 seconds
Episode Artwork

CISO Roundtable: Ransomware Attacks and the True Cost to Business - CSP #28

A recent global research report conducted by Cybereason, titled "Ransomware: The True Cost to Business", revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies. An esteemed panel of subject matter experts will examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack. The event was produced as a live webinar version of the CISO Stories Podcast, a weekly podcast that takes a deep dive on security leadership issues and is produced by Cybereason and the CyberRisk Alliance’s Cybersecurity Collaborative, a prominent CISO networking group.   Show Notes: https://securityweekly.com/csp28 View the Cybereason Ransomware Report here: https://www.cybereason.com/ebook-ransomware-the-true-cost-to-business This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
7/30/202158 minutes, 10 seconds
Episode Artwork

10 Min for a Call? Managing the Security Product Salesperson - Kevin Morrison - CSP #27

CISOs are approached frequently by salespersons to buy products to reduce risk. How do you manage these relationships? Join this podcast to learn how to respond to the salesperson, reduce time, and select the best products with reduced wasted interaction.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Kevin_Morrison_Article.pdf   Morrison, K. 2019. Managing the Security Product Salesperson. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 69. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp27 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
7/27/202122 minutes, 24 seconds
Episode Artwork

Developing Secure Agile Code Quickly is Very Achievable! - Glenn Kapetansky - CSP #26

Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster. Join this podcast to learn how security can be imbedded into agile software development to produced fast and secure code.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Glenn_Kapetansky_Article.pdf Kapetansky, G. 2019. Integrating Security with SDLC/Agile Development In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 27. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/20/202122 minutes, 50 seconds
Episode Artwork

Protecting the "Crown Jewels" - Steve Durbin - CSP #25

The crown jewels are those assets representing the highest value to the organization and deserve the greatest investment to protect. Join this podcast to learn the importance of protecting these crown jewels throughout the information life cycle. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Steve_Durbin_Article.pdf Durbin,S. 2019. Protecting the “Crown Jewels”. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 77. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleadersFollow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/13/202122 minutes, 15 seconds
Episode Artwork

CISOs: Always be a Student, Always be Learning - Phil Attfield - CSP #24

Phil Attfield, CEO and founder at Sequitur Labs, discusses his engineering roots and curius nature that led him to developing software tools and in-house products for modeling, synthesis and verification of telecom and network equipment hardware at Nortel. Phil the challenges involved in development of large-scale security policy and management frameworks and the key security elements of the IoT device lifecycle from design, to build, to sustaining securely.   Show Notes: https://securityweekly.com/csp24 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/6/202127 minutes, 30 seconds
Episode Artwork

CISO Business Enablement: Getting to 'Yes' as a CISO - Dan Lohrmann - CSP #23

The CISO is often in a position where vulnerabilities are known and implementing a product may result in an insecure product. Should the CISO say ‘no we can’t do that’, or ‘figure out how to make it happen?’ Join this podcast to learn how a CISO was faced with this dilemma where he was asked by the business to implement a technology, where he had stacks of whitepapers indicating the technology was insecure.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dan_Lohrmann_Article.pdf Lohrmann, D. 2019. CISOs Need to be Enablers of Business Innovation-Here Is How. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp23 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/29/202123 minutes, 31 seconds
Episode Artwork

Want to Elevate CyberSecurity? Relationships Matter! - Mark Weatherford - CSP #22

Communication in any organization can be a challenge, especially when working with different levels of government and the various funding mechanisms. Join this podcast to lean how one State CISO navigated the rough waters by focusing on relationships and increased security spending and knowledge of security activities across government levels.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Mark_Weatherford_Article.pdf Weatherford, M. 2019. Relationships Matter. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 473. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp22 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/22/202122 minutes, 57 seconds
Episode Artwork

Fixing the Talent Shortage: CyberSecurity Talent Initiative - Alexander Niejelow - CSP #21

As threats to the nation’s security grow, there remains a substantial and increasing shortage of skilled cybersecurity professionals. The federal government and private sector can work together to fill their open positions and attract the next generation of motivated mission-driven cybersecurity leaders. This podcast discusses the Cybersecurity Talent Initiative, a federal/private partnership which provides up to $75,000 in student loan assistance for individuals hired by the private sector companies after developing skills through a two-year program in the federal government.   Show Notes: https://securityweekly.com/csp21 https://securityweekly.com/wp-content/uploads/2021/06/CTI_Spring-2021-Onepager_corporate.pdf https://securityweekly.com/wp-content/uploads/2021/06/nice_framework062017.pdf   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/15/202126 minutes, 21 seconds
Episode Artwork

So You Want to be a Cyber Spy? - Ira Winkler - CSP #20

Ira Winkler, CISO at Skyline Technology Solutions, recounts his amazing journey from wannabe astronaught to NSA intelligence analyst, social engineer, systems hacker and author and some of the crazy things that happened along the way. Ira is considered one of the world’s most influential security professionals and has been named a “Modern Day James Bond” - a title he earned by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World, investigated cybercrimes against them, and then telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost-effective security programs and increase security awareness.   Show Notes: https://securityweekly.com/csp20 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/8/202132 minutes, 16 seconds
Episode Artwork

No Insider Cybersecurity Risk? Guess Again! - Dawn Cappelli - CSP #19

We want to trust our employees and contractors working within our organizations. For the most part, people are doing their jobs with integrity every day. What happens when an employee decides to leave the organization and start their own business – with our Intellectual property or customer lists? Or when an employee downloads material to work at home? Join this podcast to learn how to build an insider risk program to mitigate these threats.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dawn_Cappelli_Article.pdf   Cappelli, D. 2019. Mitigate the Risk of Insiders Stealing Company Confidential Information. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 187. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/1/202123 minutes, 19 seconds
Episode Artwork

CISOs Cross the Bridge to the Cloud - Jim Reavis - CSP #18

Today most organizations have some of the processing in the cloud. As data moves farther away from the physical control of the organization, this movement provides opportunities of scale, flexibility, and speed. Join this podcast to learn how to use appropriate controls to manage this cloud environment.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jim_Reavis_Article.pdf   Reavis, J. 2019. Building a Bridge to the Future with Cloud Controls Matrix. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 243. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald https://cloudsecurityalliance.org/ https://cloudsecurityalliance.org/education/ccak/ https://cloudsecurityalliance.org/research/cloud-controls-matrix/   Show Notes: https://securityweekly.com/csp18 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/25/202125 minutes, 8 seconds
Episode Artwork

Just Fix It: 5 Critical Elements to Protect the Right Assets - Roland Cloutier - CSP #17

We have limited investment dollars and therefore must ensure we are protecting the right assets. The practical side of determining “what” needs to be protected and “how” is a convoluted maze of academics, taxonomies, frameworks, and inconsistent approaches. Here we discuss 5 critical elements to make a difference by developing and effective Critical Asset Protection Program (CAPP).   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_RolandCloutier_Article.pdf   Cloutier, R. 2019. Critical Cyber Asset Protection Planning—Learning Concepts and Operational Imperatives for Protecting What Needs to be Protected. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 148-150. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp17 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/18/202120 minutes, 52 seconds
Episode Artwork

Passion for Solving Problems is Key to Security - Will Lin - CSP #16

Will Lin, founding team member at ForgePoint Capital and co-creator of the CISO community Security Tinkerers, discusses his passion for technology and how it led him to a career helping security companies launch, as well as his work supporting CISOs through collaboration and knowledge sharing.   Show Notes: https://securityweekly.com/csp16 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/11/202128 minutes, 28 seconds
Episode Artwork

Effective Health Care Security is More Than HIPAA!! - Erik Decker - CSP #15

Healthcare security today is much more complex with integrated clinical systems and connected community networks. No longer are the medical records stored with a single provider. Join this podcast to learn how one Healthcare CISO is forging relationships and having the appropriate risk-based discussions at the right levels to address the challenge.    To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Erik_Decker_Article.pdf   Decker, E. 2019. Healthcare Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp15 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/4/202126 minutes
Episode Artwork

Stop Reporting Useless Security Metrics!! - Edward Marchewka - CSP #14

All disciplines need to be able to demonstrate added value and track the ability to improve upon the current practices. The board, technical management, auditors, and engineers may each need a different view of the security initiatives performed. Join this podcast to how different metrics can be applied to different groups so each can improve their performance over time. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Edward_Marchewka_Article.pdf Marchewka, E. 2019. Security Metrics to Measure Program Effectiveness. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 167. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp14 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/27/202122 minutes, 15 seconds
Episode Artwork

Necessity is the Mother of Security - Tatu Ylonen - CSP #13

Tatu Ylönen, SSH founder and inventor of Secure Shell, discusses the genesis for the protocol and his keen interest in the application of technological solutions to fundamental cybersecurity challenges...   Show Notes: https://securityweekly.com/csp13 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/20/202118 minutes, 38 seconds
Episode Artwork

He Fought the FTC Over a Breach & Won - Michael Daugherty - CSP #12

Hopefully you won’t have to hire a lawyer to defend yourself against a government regulator. What happens when the Federal Trade Commission or other powerful body accuses your company of wrongdoing which you do not feel you were responsible for? Join this podcast and hear how the owner of a small company decided to take on the FTC and how he went about choosing a lawyer. The answers will surprise you and provide some useful tips for choosing a lawyer.   Show Notes: https://securityweekly.com/csp12 To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MichaelJDaugherty_CCExtract.pdf Daugherty, M. 2019. Finding the Right Lawyer to Defend Your Company. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 337. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  
4/13/202129 minutes, 17 seconds
Episode Artwork

Is There a Magic Security Control List? - Tony Sager - CSP #11

Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created the “Fog of More”, making the choices difficult to manage. Join the former 35-year NSA software vulnerability analyst and executive manager, and innovator of community-based controls sharing, as he discusses how the CIS controls can be used effectively to manage our environments.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_TonySager_CCExtract.pdf   Sager, T.. 2019. Jumpstarting Controls Prioritization Within a Control Framework. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 246. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp11 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/6/202125 minutes, 26 seconds
Episode Artwork

Doing Security Before Security Was a Career Path - Petri Kuivala - CSP #10

Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought.   Show Notes: https://securityweekly.com/csp10 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/30/202130 minutes, 9 seconds
Episode Artwork

The Colonoscopy of CyberSecurity - Lee Parrish - CSP #9

The information and cybersecurity industry have no shortage of regulations and many organizations run down the listing of requirements, load them into an excel spreadsheet to demonstrate compliance. Is compliance the same as security? Join this podcast for an analogy of why compliance is not security and how we can change our organization’s orientation to increasing security.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_LeeParrish_CCExtract.pdf   Parrish, L. 2019. The Colonoscopy of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 15. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   Show Notes: https://securityweekly.com/csp9 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/23/202121 minutes, 15 seconds
Episode Artwork

Going All-in on a Career in Security - Mauro Israel - CSP #8

Mauro Israel, CISO at ORPEA Group, discusses his colorful background and how he - like so many others in the security field - came to discover his true calling late in life but was able to apply his wide range of knowledge and experience to the role of CISO in the healthcare field.   Show Notes: https://securityweekly.com/csp8 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/16/202135 minutes, 25 seconds
Episode Artwork

Is CyberSecurity ROI Necessary? - Paul Hypki - CSP #7

Information security departments are often challenged to come up with “ROI” or Return on Investment for the information security initiatives. Why should the information security department be any different? Join this podcast and learn why calculating an ROI may not be necessary and how reducing risk has different considerations.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_PaulHypki.pdf   Hypki, P. 2019. Where’s the ROI? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 83. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/9/202124 minutes, 7 seconds
Episode Artwork

Your Job is to Make CyberSecurity Simple! - Steve Katz - CSP #6

The CISO role in some organizations is relatively new. The CISO role has actually evolved over the past 25 years since Citibank named the first CISO. Join this podcast to learn how Steve navigated the early days of security and the changes in the role today.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_SteveKatz_CCExtract.pdf   Katz, S. 2019. Interview with the First CISO. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 8. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/2/202128 minutes
Episode Artwork

...and Other Useless Security Constructs - Robert Bigman - CSP #5

Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry's most sacred cows like risk tolerance as a key driver for security programs...   Show Notes: https://securityweekly.com/csp5 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  
2/23/202125 minutes, 24 seconds
Episode Artwork

Without Building CISO EQ, You May be on Your Own! - Marci McCarthy - CSP #4

The CISO must interact with many different groups within the company. These groups differ in the amount of business acumen and technical depth necessary. The CISO must have self-awareness of how to approach each of these different types of stakeholders, as well as ensuring appropriate self-care is taken to limit burnout, stress and anxiety. Join this podcast to learn how to maintain appropriate self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_MarciMcCarthy_CCArticle.pdf McCarthy, M. 2019. Emotional Intelligence. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 466. Fitzgerald, T. CRC Press, Boca Raton, Fl.   To purchase the book: www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/  
2/16/202122 minutes, 33 seconds
Episode Artwork

Doing Privacy Right vs. Doing Privacy Rights - Valerie Lyons - CSP #3

Eric Schmidt (CEO Google 2001-2007) famously noted that his company’s policy was to get ‘right up to the creepy line and not cross it.’ The closer an organization can get to this imaginary line, the greater the profit maximization. When does this become an invasion of privacy? Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast to learn how to determine the data collection and processing appropriate for your organization.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_ValerieLyons_CCExtract.pdf   Lyons, V. 2019. Doing Privacy Right Vs. Doing Privacy Rights. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 389. Fitzgerald, T. CRC Press, Boca Raton, Fl.   To purchase the book: www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/11/202126 minutes, 17 seconds
Episode Artwork

Sled Security: Pandemics, Policies, & Penny-Pinching - Ari Schwartz - CSP #2

The Cybersecurity Coalition's Ari Schwartz brings us up to date on some of the organization's initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less...   Show Notes: https://securityweekly.com/csp2 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/10/202121 minutes, 37 seconds
Episode Artwork

Telling Scary Stories to the Board? Stop. Here’s Why. – Mischel Kwon - CSP #1

CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Join this podcast to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives.   To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MischelKwon_CCExtract.pdf   Kwon, M. 2019. Communicating Security Progress and Needs with Business-focused Leadership. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 30. Fitzgerald, T. CRC Press, Boca Raton, Fl.   To purchase the book: www.amazon.com/author/toddfitzgerald   This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!   Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ 
2/9/202117 minutes, 44 seconds