Winamp Logo
Defense in Depth Cover
Defense in Depth Profile

Defense in Depth

English, Technology, 1 seasons, 250 episodes, 4 days 22 hours 40 minutes
About
Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
Episode Artwork

When Is Data an Asset and When Is It a Liability?

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an orga
22/02/202434 minutes 49 seconds
Episode Artwork

Tracking Anomalous Behaviors of Legitimate Identities

All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode:
15/02/202434 minutes 1 second
Episode Artwork

Why Do Cybersecurity Startups Fail?

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, <a href= "https://www.3m.com/3M/en_WW/careers-
08/02/202431 minutes 43 seconds
Episode Artwork

Is "Compliance Doesn't Equal Security" a Pointless Argument?

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of
01/02/202433 minutes 33 seconds
Episode Artwork

CISOs Responsibilities Before and After an M&A

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, <a
25/01/202430 minutes 33 seconds
Episode Artwork

Use Red Teaming To Build, Not Validate, Your Security Program

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode:</st
18/01/202431 minutes 34 seconds
Episode Artwork

The Do's and Don'ts of Approaching CISOs

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG. In this episode: Ve
11/01/202431 minutes 36 seconds
Episode Artwork

Doing Third Party Risk Management Right

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, In
04/01/202430 minutes 30 seconds
Episode Artwork

Warning Signs You're About To Be Attacked

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: What are the things that raise red flags that you're about to experience an attack? What signals set off your Spidey sense that things could go sideways? What are the early warning signs an atta
14/12/202333 minutes 7 seconds
Episode Artwork

Do We Have to Fix ALL the Critical Vulnerabilities?

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, <a href= "https://plansource
07/12/202330 minutes 48 seconds
Episode Artwork

Mitigating Generative AI Risks

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM. <strong id
30/11/202332 minutes 38 seconds
Episode Artwork

Building a Cyber Strategy for Unknown Unknowns

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, <a href="https://censys.com/c
16/11/202329 minutes 57 seconds
Episode Artwork

Responsibly Embracing Generative AI

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Are businesses walking a tightrope with generative AI? How can organizations implement generative AI responsibly?</l
09/11/202333 minutes 23 seconds
Episode Artwork

People Are the Top Attack Vector (Not the Weakest Link)

All links and images for this episode can be found on CISO Series. In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vectors, but are they actually the weak leak in your defenses? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="http://linkedin.c
02/11/202330 minutes 35 seconds
Episode Artwork

What's Entry Level in Cybersecurity?

All links and images for this episode can be found on CISO Series. We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us this week is our guest Jay Wilson, CISO, Insurity.
26/10/202331 minutes 11 seconds
Episode Artwork

New SEC Rules for Cyber Security

All links and images for this episode can be found on CISO Series. The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Jamil Farshchi, C
19/10/202335 minutes 57 seconds
Episode Artwork

The Value of RSA, Black Hat, and Mega Cyber Tradeshows

All links and images for this episode can be found on CISO Series. Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest <a href= "http
12/10/202329 minutes 33 seconds
Episode Artwork

Is Remote Work Helping or Hurting Cybersecurity?

All links and images for this episode can be found on CISO Series. Work from home flourished during the pandemic. Many workers love it and don't want to go back. Some organizations are pushing for a return to the office. Is in-office work necessary to improve productivity and cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (<a href="http
05/10/202331 minutes 25 seconds
Episode Artwork

How to Manage Users' Desires for New Technology

All links and images for this episode can be found on CISO Series. Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a hr
28/09/202323 minutes 54 seconds
Episode Artwork

Cybersecurity Questions Heard Around the Kitchen Table

All links and images for this episode can be found on CISO Series. What do the people least in the know about cyber, want to know? What are they asking? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, <a href= "https://w
21/09/202330 minutes 29 seconds
Episode Artwork

How to Prime Your Data Lake

All links and images for this episode can be found on CISO Series. A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (<a href="http://twitte
14/09/202327 minutes 18 seconds
Episode Artwork

Getting Ahead Of Your Threat Intelligence Program

All links and images for this episode can be found on CISO Series. A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy
07/09/202333 minutes 33 seconds
Episode Artwork

How Security Leaders Deal with Intense Stress

All links and images for this episode can be found on CISO Series. When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap</
31/08/202340 minutes 46 seconds
Episode Artwork

How Do We Influence Secure Behavior?

All links and images for this episode can be found on CISO Series. We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress.
24/08/202331 minutes 49 seconds
Episode Artwork

Security Concerns with ChatGPT

All links and images for this episode can be found on CISO Series. Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href= "https://www.linkedin.com/in/geoffbelk
17/08/202328 minutes 59 seconds
Episode Artwork

Create A Pipeline of Cyber Talent

All links and images for this episode can be found on CISO Series. The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (
10/08/202332 minutes 5 seconds
Episode Artwork

Improving Adoption of Least Privileged Access

All links and images for this episode can be found on CISO Series. What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap<
03/08/202327 minutes 39 seconds
Episode Artwork

Securing SaaS Applications

All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO’s architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is <a href="https://www.linkedin.
27/07/202330 minutes 33 seconds
Episode Artwork

How Do We Get Better Control of Cloud Data?

All links and images for this episode can be found on CISO Series. When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. We welcome our sponsored guest Amer Deeba, CEO and Co
20/07/202330 minutes 15 seconds
Episode Artwork

Finding Your Security Community

All links and images for this episode can be found on CISO Series. If you're struggling to get your first job in security or you're trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href=
13/07/202329 minutes 55 seconds
Episode Artwork

Let's Write Better Cybersecurity Job Descriptions

All links and images for this episode can be found on CISO Series. What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (
06/07/202330 minutes 18 seconds
Episode Artwork

How Should Security Better Engage with Application Owners?

All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap
29/06/202330 minutes 48 seconds
Episode Artwork

How To Get More People Into Cybersecurity

All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is <a href="https://www.
22/06/202329 minutes 52 seconds
Episode Artwork

How to Create a Positive Security Culture

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href=
15/06/202330 minutes 59 seconds
Episode Artwork

How Should We Trust Entry Level Employees?

All links and images for this episode can be found on CISO Series. All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of <a href= "https://cisoseries.com
08/06/202330 minutes 57 seconds
Episode Artwork

How Must Processes Change to Reduce Risk?

All links and images for this episode can be found on CISO Series. What do we need to do to fix our processes to truly reduce risk and vulnerabilities? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Amad Fida (@brinqa), CEO, Brinqa. Thanks to our podcast sponsor, Brinqa
01/06/202328 minutes 47 seconds
Episode Artwork

Reputational Damage from Breaches

All links and images for this episode can be found on CISO Series. Security professionals talk a lot about the reputational damage from breaches. And it seems logical, but major companies still do get breached and their reputation seems spared. What's the reality of what breaches can do to a company's reputation? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap)
25/05/202330 minutes 45 seconds
Episode Artwork

Do RFPs Work?

All links and images for this episode can be found on CISO Series. Do RFPs or request for proposals work as intended? It seems they're loaded with flaws yet for some organizations who must follow processes, they become necessary evils for both buyers and sellers. What can we do to improve the process? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Keith McCartney (<a href="http://
18/05/202327 minutes 36 seconds
Episode Artwork

Successful Cloud Security

All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, <a href
11/05/202331 minutes 13 seconds
Episode Artwork

How Should Security Vendors Engage With CISOs?

All links and images for this episode can be found on CISO Series. One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href="https://w
04/05/202337 minutes 14 seconds
Episode Artwork

Gartner Created Product Categories

All links and images for this episode can be found on CISO Series. Do we really need more categories of security products? Every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.
27/04/202334 minutes 32 seconds
Episode Artwork

How to Always Make a Business Case for Security

All links and images for this episode can be found on CISO Series. How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar
20/04/202331 minutes 7 seconds
Episode Artwork

Do Breaches Happen Because the Tool Fails, or the Tool Was Poorly Configured?

All links and images for this episode can be found on CISO Series. Security tools are supposed to do a job. Either they need to alert you, protect you, or remediate an issue. But they don't always work and that's why we have breaches. Who's at fault, the tool or the administrators who configured the tool? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Kenneth Foster (<a href= "https://twitte
13/04/202332 minutes 27 seconds
Episode Artwork

What We Love About Working in Cybersecurity

All links and images for this episode can be found on CISO Series. We talk a lot on this show about what makes cybersecurity such a hard job, yet there are so many people who are in it and love it. What draws people to this profession and why do they love it so much? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbe
06/04/202328 minutes 53 seconds
Episode Artwork

Security That Accounts for Human Fallibility

All links and images for this episode can be found on CISO Series. We expect our users to be perfect security responders even when the adversaries are doing everything in their power to trick them. These scams are designed to make humans respond to them. Why aren't we building our security programs to account for this exact behavior that is simply not going to go away? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is <a href= "https://www.
30/03/202331 minutes 55 seconds
Episode Artwork

Why You Should Be Your Company's Next CISO

All links and images for this episode can be found on CISO Series. How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="
23/03/202327 minutes 55 seconds
Episode Artwork

How to Become a CISO

All links and images for this episode can be found on CISO Series. How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks. Thanks to our podcast sponsor, SPMB</st
16/03/202330 minutes 46 seconds
Episode Artwork

Can You Build a Security Program on Open Source?

All links and images for this episode can be found on CISO Series. What would it take to build your entire security program on open source software, tools, and intelligence? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome guest <a href="https://www.link
09/03/202325 minutes 10 seconds
Episode Artwork

Third Party Risk vs. Third Party Trust

All links and images for this episode can be found on CISO Series. Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, <a href= "http
02/03/202328 minutes 40 seconds
Episode Artwork

How Can We Improve the Cyber Sales Cycle?

All links and images for this episode can be found on CISO Series The cybersecurity sales process is so terribly inefficient. And everyone, the targets and cybersecurity leaders, are losing valuable time because of that inefficiency. Where can we start making improvements? Check out this post for the discussion that's the basis for this podcast episode. This week's Defense in Depth is hosted by me, David Spark (@dspark), producer, CISO Series. Our guest co-host is John Overbaugh, CISO, ASG. John and I welcome our guest, Jeric
23/02/202326 minutes 11 seconds
Episode Artwork

What Leads a Security Program: Risk or Maturity?

All links and images for this episode can be found on CISO Series. When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is <a hre
16/02/202332 minutes 58 seconds
Episode Artwork

Limitations of Security Frameworks

All links and images for this episode can be found on CISO Series Why do strongly supported security frameworks have such severe limitations when building a security program? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn</a
09/02/202328 minutes 14 seconds
Episode Artwork

Why Is There a Cybersecurity Skills Gap?

All links and images for this episode can be found on CISO Series. Why is there a cybersecurity skills gap? Practically everyone is looking to hire, and there are ton of people getting training and trying to get into the industry, but we still have this problem. Why? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome
02/02/202332 minutes 18 seconds
Episode Artwork

What Can the Cyber Haves Do for the Cyber Have Nots?

All links and images for this episode can be found on CISO Series. Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? Check out this post for the discussions that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="http://link
26/01/202332 minutes 18 seconds
Episode Artwork

Securing Unmanaged Assets

All links and images for this episode can be found on CISO Series. "When the asset discovery market launched, every single company that offered a solution used the line, “You can’t protect what you don’t know.” Everyone agreed with that. Problem is, “what you don’t know” has grown… a lot." Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href= "h
19/01/202330 minutes 33 seconds
Episode Artwork

Ambulance Chasing Security Vendors

All links and images for this episode can be found on CISO Series A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest <a href
12/01/202332 minutes 44 seconds
Episode Artwork

Do CISOs Have More Stress than Other C-Suite Jobs

All links and images for this episode can be found on CISO Series Why do CISOs seem more stressed out than other C-level executives? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest <a href= "https://www.linkedin.co
05/01/202330 minutes 38 seconds
Episode Artwork

How Should We Discuss Cyber With the C-Suite?

All links and images for this episode can be found on CISO Series How detailed do we get in our conversation with business leaders? Do we dumb it down? Or is that a recipe for trouble? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href="https://www.linkedin.com/in/
15/12/202228 minutes 40 seconds
Episode Artwork

Can You Be a vCISO If You’ve Never Been a CISO?

All links and images for this episode can be found on CISO Series Why are there so many vCISOs who have never been a CISO? Isn't it difficult to advise on a role you've never done? Do organizations feel comfortable hiring an inexperienced vCISO as their CISO? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="ht
08/12/202228 minutes 40 seconds
Episode Artwork

How Should We Gauge a Company's Cyber Health?

All links and images for this episode can be found on CISO Series As an outside observer, how can you tell if a company is staying cyber healthy? While there is no financial statement equivalency to let you know the strength of a company's security profile, there are signals that'll give you a pretty good idea. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="http://linked
01/12/202231 minutes 20 seconds
Episode Artwork

Reducing the Attack Surface

All links and images for this episode can be found on CISO Series The cyber attack surface just keeps growing to the point that it seems endless. Protecting it all is impossible. Is there anything that can be done to reduce that attack surface and limit your exposure? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Jonat
17/11/202231 minutes 11 seconds
Episode Artwork

Do We Need a Marketing Manager for the Security Team?

All links and images for this episode can be found on CISO Series Those reports on security procedures for the business are falling short. No one is reading them. What good are security controls if your staff doesn't know about them or adhere to them? Is it time to hire a marketing manager for the security team? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO
10/11/202232 minutes 13 seconds
Episode Artwork

Cybersecurity Budgets

All links and images for this episode can be found on CISO Series Cybersecurity budgets are increasing, by a lot. What's fueling the increase and where are those budgets being spent? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest sponsored guest Nick Kakolowski, senior director of research at
03/11/202226 minutes 43 seconds
Episode Artwork

How Can We Make Sense of Cybersecurity Titles?

All links and images for this episode can be found on CISO Series What's the difference between a head of security, a vp of security, and a CISO? Do job responsibilities change whether you're a security analyst or a threat engineer? Roles are confusing and so is the pay and responsibilities attached to them. Check out this post and this post for the basis of today's discussion. this week’s episode co-hosted by me,
27/10/202230 minutes 51 seconds
Episode Artwork

Walk a Mile in a Security Recruiter's Shoes

All links and images for this episode can be found on CISO Series Instead of complaining about the security hiring process, walk a mile in a recruiter's shoes and have a little compassion to what they're going through, and how you might be able to help, at any level. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff B
20/10/202229 minutes 13 seconds
Episode Artwork

Moving Security from a Prevention to a Resilience Strategy

All links and images for this episode can be found on CISO Series Are security programs drifting from a prevention to a resilience strategy? If so, are you truly operating in a resilient environment? Or are you still acting in a prevention stance but you know you should be resilient? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geof
13/10/202228 minutes 17 seconds
Episode Artwork

How to Engage with Non-Technical Business Leaders

All links and images for this episode can be found on CISO Series How do you talk to non-technical business leaders about cybersecurity? It's a concern, it's a risk, they want to know so they can make logical business decisions. How do you help? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (<a href=
06/10/202229 minutes 58 seconds
Episode Artwork

Cybersecurity Burnout

All links and images for this episode can be found on CISO Series Why are cybersecurity professionals burning out? What's the dynamic of the job, the pressures being put on them, that causes the best to leave? And this industry can't afford to lose its best talent. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, <a href="https://www.wfscorp.com
29/09/202232 minutes 37 seconds
Episode Artwork

How to Build a Greenfield Security Program

All links and images for this episode can be found on CISO Series You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, <a href
22/09/202231 minutes 6 seconds
Episode Artwork

Managing the Onslaught of Files

All links and images for this episode can be found on CISO Series Files are still the core of how people do business. How are you dealing with the onslaught of files coming into your network? People are sharing files across a multitude of platforms, and many for which you may not even know about. What checks and balances do you put in place to make sure you've got file integrity no matter the source? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (<a href= "
15/09/202231 minutes 36 seconds
Episode Artwork

Can You Have Culture Fit and Diversity, or Are They Mutually Exclusive?

All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, <a
08/09/202234 minutes 59 seconds
Episode Artwork

How to Follow Up With a CISO

All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is <a href="https://www.linkedin.com/in/jack-kufahl/"
01/09/202236 minutes 23 seconds
Episode Artwork

Roles to Prepare You to Be a CISO

All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union. <s
25/08/202231 minutes 55 seconds
Episode Artwork

Minimizing Damage from a Breach

All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (
18/08/202225 minutes 18 seconds
Episode Artwork

We're All Still Learning Cyber

All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, <a href
11/08/202228 minutes 21 seconds
Episode Artwork

Practical Cybersecurity for IT Professionals

All links and images for this episode can be found on CISO Series You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Sp
04/08/202228 minutes 26 seconds
Episode Artwork

Data Protection for Whatever Comes Next

All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of <a href="https://
28/07/202225 minutes 46 seconds
Episode Artwork

What Is Attack Surface Profiling?

All links and images for this episode can be found on CISO Series Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest i
21/07/202231 minutes 36 seconds
Episode Artwork

How Can You Tell If Your Security Program Is Improving?

All links and images for this episode can be found on CISO Series What’s your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Simon Goldsmith (@cybergoldsmith), director of information sec
14/07/202231 minutes 17 seconds
Episode Artwork

How Can We Improve Recruiting of CISOs and Security Leaders?

All links and images for this episode can be found on CISO Series Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark
07/07/202229 minutes 50 seconds
Episode Artwork

How Is Our Data Being Weaponized Against Us?

All links and images for this episode can be found on CISO Series How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbel
30/06/202228 minutes 6 seconds
Episode Artwork

Can Security Be a Profit Center?

All links and images for this episode can be found on CISO Series Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Michael Weiss, CISO, Human Interest. Thanks to our podcast sponso
23/06/202229 minutes 35 seconds
Episode Artwork

Getting Ahead of the Ongoing Malware Fight

All links and images for this episode can be found on CISO Series For years we've been referring to malware protection as a cat and mouse game. The crooks come up with a new malware attack, and then the good guys figure out a way to stop it. And that keeps cycling over and over again. So where are we today with malware protection and is there any way to get ahead of the cycle? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the p
16/06/202227 minutes 8 seconds
Episode Artwork

Building a Security Awareness Training Program

All links and images for this episode can be found on CISO Series We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, a
09/06/202228 minutes 14 seconds
Episode Artwork

Onboarding Cyber Professionals with No Experience

All links and images for this episode can be found on CISO Series You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="http
02/06/202228 minutes 44 seconds
Episode Artwork

Where's the Trust in Zero Trust?

All links and images for this episode can be found on CISO Series Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, <a href="http:
26/05/202228 minutes 15 seconds
Episode Artwork

Who Investigates Cyber Solutions?

All links and images for this episode can be found on CISO Series Cyber professionals, who is responsible on your team for investigating new solutions? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is <a href= "https://www.linkedin.com/in/
19/05/202227 minutes 53 seconds
Episode Artwork

Does the Cybersecurity Industry Suck?

All links and images for this episode can be found on CISO Series In the cyber industry we pat each other on the back and give each other awards, all while the statistics for breaches appear to be worsening, Are we celebrating growing failure? Does the cyber industry suck? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href="https://
12/05/202233 minutes 30 seconds
Episode Artwork

Are We Taking Zero Trust Too Far?

All links and images for this episode can be found on CISO Series For some, the definition of zero trust has expanded from how we grant access to networks, applications, and data to how we trust individuals in the real world. Are we taking zero trust too far? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href="https://www.linkedin.com/in/ge
05/05/202229 minutes 43 seconds
Episode Artwork

Is Shift Left Working?

All links and images for this episode can be found on CISO Series Developers and security professionals have been heavily sold on the concept of "shift left" or deal with security issues early in development rather bolting it on at the end. It all made logical sense, but now we've been doing it for a few years and has shift-left actually reduced application security concerns? Check out this post, this post, and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by m
28/04/202232 minutes 51 seconds
Episode Artwork

Technical vs. Compliance Professionals

All links and images for this episode can be found on CISO Series Do we have a Monitgue/Capulet rivalry between technical and compliance professionals? Why is this happening, and what can be done to improve it? Does it need to be improved? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Ou
21/04/202228 minutes 43 seconds
Episode Artwork

Why Do So Many Cybersecurity Products Suck?

All links and images for this episode can be found on CISO Series Why do we end up with so many bad security products? Who is to blame and how can we fight back an ecosystem that may be fostering subpar products? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (<a href= "http://twitter.com/ge
14/04/202231 minutes 33 seconds
Episode Artwork

Training for a Cyber Disaster

All links and images for this episode can be found on CISO Series What are you doing to prepare for the next cyber disaster? You must train for it, because when it happens, and it will happen, everyone should know what they need to do. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is <a href="https://www.link
07/04/202227 minutes 47 seconds
Episode Artwork

Virtual Patching

All links and images for this episode can be found on CISO Series What if you didn't spend all your time patching vulnerabilities but instead created a security policy that prevented known vulnerabilities from being exploited. How doable is this solution of virtual patching? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ody Lupescu, CISO, Ethos Life.</
31/03/202229 minutes 30 seconds
Episode Artwork

Start a Cybersecurity Department from Scratch

All links and images for this episode can be found on CISO Series A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap)
24/03/202228 minutes 33 seconds
Episode Artwork

How to Think Like a Cybercrook

All links and images for this episode can be found on CISO Series "If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the p
17/03/202231 minutes 20 seconds
Episode Artwork

Building a Data-First Security Program

All links and images for this episode can be found on CISO Series Could you build a data-first security program? What would you do if you focused your security program on just the asset? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Brian Vecci (@brianthevecci), field CTO, Va
10/03/202232 minutes 50 seconds
Episode Artwork

Offensive Security

All links and images for this episode can be found on CISO Series Offensive security or "hacking back" has always been seen as either unethical or illegal. But now, we're seeing a resurgence in offensive security solutions. Are we redefining the term, or are companies now "hacking back?" Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Eric Hussey, CISO, <a href="https://www.apti
03/03/202231 minutes 43 seconds
Episode Artwork

When Vendors Pounce on New CISOs

All links and images for this episode can be found on CISO Series A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.
24/02/202229 minutes 55 seconds
Episode Artwork

Building a Cybersecurity Culture

All links and images for this episode can be found on CISO Series How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is <a href= "https://www.linkedin.com/in/michael-hanley-b650891
17/02/202227 minutes 29 seconds
Episode Artwork

How to Pitch to a Security Analyst

All links and images for this episode can be found on CISO Series You're a security vendor and you've got a short briefing with a security analyst from a research firm. What do you want to get across to them, and what do you want to hear back from them? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Ed Amoroso (<a href= "http://twitter.com/
10/02/202231 minutes
Episode Artwork

Is Your Data Safer in the Cloud?

All links and images for this episode can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Michael Johnson, CISO, Novi (the financial arm of Meta, formerly
03/02/202227 minutes 46 seconds
Episode Artwork

What Should We Stop Doing in Cybersecurity?

All links and images for this episode can be found on CISO Series Security professionals are drowning in activities. Not all of them can be valuable. What should security professionals stop doing be to get back some time? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jim Rutt, CISO, Dana Foundation. Thanks to our podcast sponso
27/01/202224 minutes 57 seconds
Episode Artwork

DDoS Solutions

How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Alastair Cooke (@demitasenz), analyst, <a href="http://giga
20/01/202228 minutes 46 seconds
Episode Artwork

Making Cybersecurity Faster and More Responsive

All links and images for this episode can be found on CISO Series Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (<a href= "http://twitter.com/jasonelrod
13/01/202230 minutes 53 seconds
Episode Artwork

Promises of Automation

All links and images for this episode can be found on CISO Series Automation was supposed to make cybersecurity professionals’ lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Lo
06/01/202226 minutes 59 seconds
Episode Artwork

When Social Engineering Bypasses Our Cyber Tools

All links and images for this episode can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian.
16/12/202128 minutes 51 seconds
Episode Artwork

How Can We Simplify Security?

All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium</s
09/12/202128 minutes 17 seconds
Episode Artwork

Convergence of Physical and Digital Security

All links and images for this episode can be found on CISO Series Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, <a href="http://linkedin.co
02/12/202130 minutes 39 seconds
Episode Artwork

How Do You Measure Cybersecurity Success?

All links and images for this episode can be found on CISO Series In most jobs there’s often a clear indicator if you’re doing a good job. In security, specifically security leadership, it’s not so easy to tell. “Nothing happening” is not an effective measurement. So how should security performance be graded? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and
18/11/202129 minutes
Episode Artwork

How Do We Turn Tables Against Adversaries?

All links and images for this episode can be found on CISO Series If we’re going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host <a href= "https://www.linkedin.com/in/geoffbelkna
11/11/202126 minutes 47 seconds
Episode Artwork

Ageism in Cybersecurity

All links and images for this episode can be found on CISO Series Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life.
04/11/202131 minutes 46 seconds
Episode Artwork

Proactive Vulnerability Management

All links and images for this episode can be found on CISO Series How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is <a href= "https://www.l
28/10/202132 minutes 36 seconds
Episode Artwork

Why Is Security Recruiting So Broken?

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security.  Thanks to our podcast sponsor, Qualys <img src= "
21/10/202132 minutes 55 seconds
Episode Artwork

How to Be a Vendor that CISOs Love

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Andy Ellis (@csoandy), operating partner, YL Ventures. Thanks to our podcast sponsor, Varonis <a title="Varonis" href= "htt
14/10/202130 minutes 2 seconds
Episode Artwork

The "Are We Secure?" Question

All links and images for this episode can be found on CISO Series When a senior person at your company asks you, "Are we secure?" how should you respond? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Paul Truitt, principal US cyber practice leader, Mazars. Thanks to our podcast sponsor, Varonis <a title="Varonis" href= "https://www.varonis.com/solutions/ransomware/?utm_medium=dis
07/10/202128 minutes 33 seconds
Episode Artwork

Ransomware Kill Chain

What are the tell tale signs you've got ransomware before you receive the actual ransomware threat? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Brian Vecci (@BrianTheVecci), field CTO, <a hr
30/09/202131 minutes 5 seconds
Episode Artwork

Can Technology Solve Phishing?

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Robert Wood (@holycyberbatman), CISO at Centers for Medicare & Medicaid Services. Thanks
23/09/202130 minutes 33 seconds
Episode Artwork

Convergence of SIEM and SOAR

All links and images for this episode can be found on CISO Series SIEM tools that ingest and analyze data are ubiquitous in security operations centers. But just knowing what's happening in your environment is not enough. For competitive reasons, must SIEM tools expand and offer more automation, intelligence, and the ability to act on that intelligence? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, <a href="http://linkedin.com/
16/09/202127 minutes 2 seconds
Episode Artwork

Cybersecurity Is Not Easy to Get Into

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Adam Keown, director, information security, Eastman. Thanks to our podcast sponsor, VMware In this episode: What's more valuable to get hired: degrees or experience? What's bet
09/09/202131 minutes 8 seconds
Episode Artwork

Preventing Ransomware

All links and images for this episode can be found on CISO Series What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Rebecca Harness (<a href= "http://twitter.com/rebec
02/09/202127 minutes 16 seconds
Episode Artwork

Managing Lateral Movement

All links and images for this episode can be found on CISO Series For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest <a href= "https://www.l
26/08/202129 minutes 3 seconds
Episode Artwork

First Steps as a CISO

All links and images for this episode can be found on CISO Series You've just joined a company as CISO, what's the very first step you would take to improve the security posture of your new company? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Olivia Rose, vp of IT and security, Amplitude. Thanks to our podcast sponsor, Proofpoint <img src= "https://assets.libsyn.com/secure/show/156524/Pro
19/08/202130 minutes 21 seconds
Episode Artwork

How Does Ransomware Enter the Network?

All links and images for this episode can be found on CISO Series How is ransomware getting into your network? Is the path direct, like via email, or does it take a more circuitous route? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Ryan Kalember (@rkalember), evp, cy
12/08/202128 minutes 47 seconds
Episode Artwork

What's the Value of Certifications?

All links and images for this episode can be found on CISO Series Why should security professionals get certifications? Do they actually teach you what you need to know to solve cybersecurity challenges? OR do they act as gateways or approval checks to be admitted into the field of cybersecurity? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Will Gregorian (@willgregorian), head of IT and security, Rhino and our guest <a href=
05/08/202130 minutes 14 seconds
Episode Artwork

Measuring the Success of Cloud Security

All links and images for this episode can be found on CISO Series How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO
29/07/202127 minutes 17 seconds
Episode Artwork

How do I get my first cybersecurity job?

All links and images for this episode can be found on CISO Series What does a young person, eager to get into cybersecurity, have to show or prove to land their first help desk, tech support role? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Bryan Zimmer (<a href="https://twitter.com/b
22/07/202128 minutes 32 seconds
Episode Artwork

Educating the Board About Cybersecurity

All links and images for this episode can be found on CISO Series What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geof
15/07/202125 minutes 58 seconds
Episode Artwork

CISO Recruiting Is Broken

All links and images for this episode can be found on CISO Series The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Inv
05/07/202128 minutes 13 seconds
Episode Artwork

Retaining Cyber Talent

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Liam Connolly, CISO, Seek. and our guest Ben Sapiro (@ironfog), head of technology risk and CISO, Canada Life. Thanks to our podcast sponsor, RevCult <img src="
01/07/202134 minutes 7 seconds
Episode Artwork

Salesforce Security

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-salesforce-security/ Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security
24/06/202123 minutes 25 seconds
Episode Artwork

Cloud Configuration Fails

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-configuration-fails/ Why do we hear so many stories about incidents related to poor or misconfigured cloud services? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbel
17/06/202124 minutes 35 seconds
Episode Artwork

Starting Pay for Cyber Staff

All links and images for this episode can be found on CISO Series https://cisoseries.com/starting-pay-for-cyber-staff/  What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest <a href="https://www.li
10/06/202130 minutes 11 seconds
Episode Artwork

Fear of Automation

All links and images for this episode can be found on CISO Series. https://cisoseries.com/fear-of-automation/ Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our guest Edward Frye (<a href=
03/06/202124 minutes 11 seconds
Episode Artwork

Hiring Talent with No Security Experience

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/ Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience? Check out this post and this Twitter discussion for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, <a href="https://www
27/05/202127 minutes 18 seconds
Episode Artwork

Security Hygiene for Software Development

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/ How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO <a href="https://linkedin.com/
20/05/202125 minutes 31 seconds
Episode Artwork

How Much Do You Know About Your Data?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/ Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Stra
13/05/202126 minutes 24 seconds
Episode Artwork

Do Startups Need a CISO?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/  Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head
06/05/202128 minutes 13 seconds
Episode Artwork

Insider Risk

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-insider-risk/ By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Z
29/04/202129 minutes 7 seconds
Episode Artwork

What’s the Obsession with Zero Trust?

 All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/ Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO <
22/04/202128 minutes 33 seconds
Episode Artwork

Mentoring

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-mentoring/ Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, <a href= "https://www.linkedi
15/04/202127 minutes 23 seconds
Episode Artwork

Securing the Super Bowl and Other Huge Events

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/ How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (<a href="https://t
08/04/202130 minutes 20 seconds
Episode Artwork

Cybersecurity Isn’t That Difficult

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/ What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (<a h
01/04/202126 minutes 50 seconds
Episode Artwork

Cloud Security Myths

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-security-myths/ The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, <a href="https://www.levistrauss.com/
25/03/202128 minutes 29 seconds
Episode Artwork

What Is Security's Mission?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-what-is-securitys-mission/ What's the mission of your security program? Is it to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY, OR, is it to PROTECT THE COMPANY BRAND by effectively PREVENTing, DETECTING and RESPONDING to cyber-threats? These are the two options for security's mission that we discuss on this week's show. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host <a href= "https://www.linkedin.com/in/szale
18/03/202125 minutes 56 seconds
Episode Artwork

Vendor CISOs

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-vendor-cisos/ It's hard to be a CISO. But, what's it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our spon
11/03/202127 minutes 9 seconds
Episode Artwork

How Much Log Data Is Enough?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Z
04/03/202125 minutes 5 seconds
Episode Artwork

Should Finance or Legal Mentor Cyber?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department's general counsel? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (<
25/02/202125 minutes 17 seconds
Episode Artwork

Data Destruction

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-data-destruction How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Shawn Bowen, CISO, Restaurant Brands International (RBI)
18/02/202127 minutes 24 seconds
Episode Artwork

How to Make Cybersecurity More Efficient

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-to-make-cybersecurity-more-efficient/ You're a new CISO told to hold headcount even and find the resources to do 20% more work. We're already maxed out. So how do we do more? Coming up next we're getting smart and more efficient with security. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, <a href= "https://www.linkedin.com/in/mic
11/02/202125 minutes 42 seconds
Episode Artwork

Does a CISO Need Tech Skills?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-does-a-ciso-need-tech-skills Does a CISO need technical skills to be an effective cybersecurity leader? Many CISOs don't have them. Are they still effective and does it affect their ability to lead? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Ben Sapiro, (@ironfog), CISO, Great-West LifeCo, and our guest, <a hr
04/02/202127 minutes 8 seconds
Episode Artwork

How Do You Know if You're Good at Security?

All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-do-you-know-if-youre-good-at-security/ What metrics or indicators signal to you that an organization is “good at security”? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, <a href=
28/01/202125 minutes 53 seconds
Episode Artwork

Building a Security Team

All links and images for this episode can be found on CISO Series You're a new CISO at a new org given a headcount of ten to build a cybersecurity team. What's your strategy to build that team? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest JJ Agha (<a href= "http://twi
21/01/202131 minutes 58 seconds
Episode Artwork

Are our Data Protection Strategies Evolving?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-are-our-data-protection-strategies-evolving/) As we're evolving from putting data on premises to the cloud, are our data protection strategies evolving as well? There are issues of securing data, knowing where it travels, and privacy implications of data. How are we handling all of that? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our spo
14/01/202125 minutes 12 seconds
Episode Artwork

Should CISOs Be Licensed Professionals?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-cisos-be-licensed-professionals/) Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark<
07/01/202126 minutes 47 seconds
Episode Artwork

Inherently Vulnerable By Design

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/) Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alf
17/12/202026 minutes 54 seconds
Episode Artwork

Imposter Syndrome

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-imposter-syndrome/) For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and
10/12/202028 minutes 43 seconds
Episode Artwork

Why Don't More Companies Take Cybersecurity Seriously?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-why-dont-more-companies-take-cybersecurity-seriously/) With every cybersecurity breach, we still don't seem to be getting through. Many companies don't seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host A
03/12/202027 minutes 55 seconds
Episode Artwork

Data Protection and Visibility

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-protection-and-visibility/) Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalf
19/11/202033 minutes 7 seconds
Episode Artwork

What's an Entry Level Cybersecurity Job?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-whats-an-entry-level-cybersecurity-job/) Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn. The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not know what an entry level cybersecurity job is. Check out this post for the basis for
12/11/202028 minutes 27 seconds
Episode Artwork

Securing Digital Transformations

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/) Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host <a href= "https://www.linkedin.com/in/allanalfor
29/10/202029 minutes 1 second
Episode Artwork

Leaked Secrets in Code Repositories

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/) Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@all
22/10/202028 minutes 41 seconds
Episode Artwork

Measuring the Success of Your Security Program

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/) How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host <a href= "https://www.linkedin.com/in/
15/10/202027 minutes 19 seconds
Episode Artwork

Privacy Is An Uphill Battle

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/) Privacy is an uphill battle. The problem is those gathering the data aren't the ones tasked with protecting the privacy of those users for whom that data represents. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is <a hre
08/10/202028 minutes 43 seconds
Episode Artwork

Legal Protection for CISOs

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/) What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Al
01/10/202029 minutes 21 seconds
Episode Artwork

XDR: Extended Detection and Response

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-xdr-extended-detection-and-response/) Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what's going on in your environment. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of
24/09/202025 minutes 3 seconds
Episode Artwork

Calling Users Stupid

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/) Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (
17/09/202027 minutes 27 seconds
Episode Artwork

Is College Necessary for a Job in Cybersecurity?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-college-necessary-for-a-job-in-cybersecurity/) Where is the best education for our cyber staff of the future? Where does college fit in or not fit in? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest <a href="https://www.lin
10/09/202028 minutes 14 seconds
Episode Artwork

When Red Teams Break Down

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/) What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allan
03/09/202025 minutes 17 seconds
Episode Artwork

What Cyber Pro Are You Trying to Hire?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/) Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What's breaking down? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest <a h
27/08/202028 minutes 35 seconds
Episode Artwork

Junior Cyber People

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-junior-cyber-people/) There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Naomi Buckwalter (<a href= "http
20/08/202029 minutes 17 seconds
Episode Artwork

Trusting Security Vendor Claims

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/) Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying? Check out this post and the Valimail survey for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@al
13/08/202027 minutes 55 seconds
Episode Artwork

How Vendors Should Approach CISOs

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-how-vendors-should-approach-cisos/) "How do I approach a CISO?" It's the most common question I get from security vendors. In fact, I have another podcast dedicated to this very question. But now we're going to tackle it on this show. Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest <
06/08/202030 minutes 12 seconds
Episode Artwork

Secure Access

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-secure-access/) What is the Holy Grail of secure access? There are many options, all of which are being strained by our new work from home model. Are we currently at the max? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Rohini Kasturi, chief
30/07/202022 minutes 53 seconds
Episode Artwork

InfoSec Fatigue

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/) Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp? Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Helen Patton (@O
23/07/202028 minutes 23 seconds
Episode Artwork

Securing a Cloud Migration

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-a-cloud-migration/) You're migrating to the cloud. When did you develop your security plan? Before, during, or after? How aware are you and the board of the cloud's new security implications? Does your team even know how to apply security controls to the cloud? Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored gue
16/07/202025 minutes 54 seconds
Episode Artwork

API Security

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-api-security/) APIs are gateways in and out of our kingdom and thus they're also great access points for malicious hackers. How the heck do we secure them without overwhelming ourselves? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Roey Eliyahu, CEO, <a
09/07/202023 minutes 28 seconds
Episode Artwork

Shared Threat Intelligence

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-threat-intelligence/) We all know that shared intelligence has value, yet we're reticent to share our threat intelligence. What prevents us from doing it and what more could we know if shared threat intelligence was mandated? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, <a href= "https://www.linked
02/07/202027 minutes 7 seconds
Episode Artwork

Drudgery of Cybercrime

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/) Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime? Check out this post by Brian Krebs for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Z
25/06/202026 minutes 5 seconds
Episode Artwork

Security Budgets

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-security-budgets/) How do you calculate a security budget? Is it a percentage of the IT budget? Something else? And why does it grow so drastically after a breach? Thanks to this week's podcast sponsor, IronNet Cybersecurity. To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster shari
18/06/202025 minutes 43 seconds
Episode Artwork

Role of the BISO

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-role-of-the-biso/) What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nicole Dove
11/06/202028 minutes 52 seconds
Episode Artwork

Shared Accounts

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-accounts/) As bad as all security professionals know, shared accounts are a fact in the business world. They still linger, and from an operational standpoint they're hard to secure and get accountability. Why are they still around and what can be done about them? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest <a
04/06/202026 minutes 21 seconds
Episode Artwork

Bug Bounties

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bug-bounties/) What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Justin Berman (@justinmberman
28/05/202029 minutes 30 seconds
Episode Artwork

Data Classification

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/) The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nina Wyatt, CISO, Sunflower Bank. Tha
21/05/202024 minutes 41 seconds
Episode Artwork

Prevention vs. Detection and Containment

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/) We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (<a
14/05/202026 minutes 40 seconds
Episode Artwork

Asset Valuation

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-asset-valuation/) What's the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause? Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Bobby Ford, global CISO, Unilever. Thanks to this week's podcast sponsor, CyberArk. <img src= "https://assets.libsyn.com/secure/show/156524/Cybe
07/05/202028 minutes 26 seconds
Episode Artwork

DevSecOps

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/) We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and <a href="https://www.linke
30/04/202026 minutes 39 seconds
Episode Artwork

Fix Security Problems with What You've Got

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-fix-security-problems-with-what-youve-got/) Stop buying security products. You probably have enough. You're just not using them to their full potential. Dig into what you've got and build your security program. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest <a href="https://www.linkedin.com/in/brent
23/04/202028 minutes 22 seconds
Episode Artwork

Should Risk Lead GRC?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-risk-lead-grc/) Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can't start with it? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our g
16/04/202024 minutes 57 seconds
Episode Artwork

Responsible Disclosure

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-responsible-disclosure/) Security researchers and hackers find vulnerabilities. What's their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX</
09/04/202025 minutes 10 seconds
Episode Artwork

Internet of Things

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth:-internet-of-things/) When Internet of Things or IoT devices first came onto the market, security wasn't even a thought, let alone an afterthought. Now we're flooded with devices with no security and their openness and connectivity are being used to launch malicious attacks. What are methods to secure environments today and how should these IoT devices being secured in the future? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series</
02/04/202029 minutes 13 seconds
Episode Artwork

Is Governance the Most Important Part of GRC?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-governance-the-most-important-part-of-grc) Your policy should rarely change. But your ability to achieve that policy is found in procedures or governance that should inform, steer, and guide your team. Those procedures should change often and others should follow. Are they? Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Mustapha Kebbeh (@mustaphake), CISO, Brinks. Thanks to this week's podcast sponsor, CyberArk.<
26/03/202027 minutes 16 seconds
Episode Artwork

Who Should the CISO Report To?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/) Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security? Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Yaron Levi (@0xL3v1) CISO, Blue Cross Blue Shield of Kansas City. Our guest is Gary Harbison, vp, global CISO, <a href="https:
19/03/202024 minutes 35 seconds
Episode Artwork

Hybrid Cloud

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hybrid-cloud/) The consistency of your security program becomes a challenge once you introduce the cloud. Controls and visibility are not necessarily transferable. How do you maintain the control you want in a hybrid environment? Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Taylor Lehmann (@BostonCyberGuy), vp, CISO, athenahealth, and our sponsored guest, Chris Meenan (@chris_meenan), director, offering management an
12/03/202027 minutes 45 seconds
Episode Artwork

CISO Tenure

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-tenure/) The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. Our guest is <a
05/03/202029 minutes 16 seconds
Episode Artwork

Toxic Security Teams

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-toxic-security-teams/) There's an endless number of variables that contribute to creating a toxic security teams. How does it happen, and what are ways to manage and eradicate the toxicity? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Jinan Budge (<a href= "https://twitter.com/Jinan_Forreste
27/02/202025 minutes 34 seconds
Episode Artwork

Personality Tests in the Workplace

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-personality-tests-in-the-workplace/) As a cybersecurity leader, should you use personality tests for hiring and managing a team? Does it create diversity, understanding of communication styles, or does it just create more conflict? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is <a href= "https://www.lin
20/02/202023 minutes 26 seconds
Episode Artwork

Lack of Diversity in Cybersecurity

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-lack-of-diversity-in-cybersecurity/) Cybersecurity teams are notoriously not diverse. At the same time we keep hearing and talking about the need for diversity. Is it critical? Can you be just as successful without it? Check out this Twitter feed for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is <a href= "https://www.linkedin.com/in/christopher-zell-cissp-veteran-6a46
13/02/202027 minutes 50 seconds
Episode Artwork

When Are CISOs Responsible for Breaches?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/) When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let go with an attractive payout? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Norman Hunt (<a href=
06/02/202028 minutes 37 seconds
Episode Artwork

Post Breach Desperation and Salary Negotiations

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-post-breach-desperation-and-salary-negotiations/) A data breach usually spells financial and reputational disaster. But such an event can also be an opportunity for a security professional to capitalize. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordi
30/01/202026 minutes 20 seconds
Episode Artwork

Presenting to the Board

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-presenting-to-the-board/) What metrics, reports, or strategies should a security professional utilize to communicate the value to the board? Or is the mode of "presenting to the board" a damaged approach? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is <a
23/01/202025 minutes 11 seconds
Episode Artwork

The Iran Cybersecurity Threat

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-iran-cybersecurity-threat/) The Iran conflict has threatened new retaliations and we don't know where they're going to come from. Cyber retaliation is a real possibility. Who's being threatened and how should we prepare? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is <a href= "http
16/01/202026 minutes 28 seconds
Episode Artwork

Building a Fully Remote Security Team

Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-building-a-fully-remote-security-team/) Could you be successful with a fully virtual InfoSec team? Many say it can't be done, while some have actually done it and been successful. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is <a href="https://www.linkedin.com/in/kathyw
09/01/202025 minutes 33 seconds
Episode Artwork

Account Takeover

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-account-takeover/) An account takeover traditionally follows a methodical path that takes considerable time before anything bad happens. Is it worth a company's time and effort to be monitoring a potential account takeover at the earliest stages? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is <a hr
19/12/201925 minutes 38 seconds
Episode Artwork

UX in Cybersecurity

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/) Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Rakesh Patwari
12/12/201926 minutes 31 seconds
Episode Artwork

InfoSec Trends for 2020

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-trends-for-2020/) We're coming to the end of the year and that means it's time to make our predictions for 2020. Mark this episode and check back in one year to see how we did. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is <a href= "https://
05/12/201926 minutes 20 seconds
Episode Artwork

Cybersecurity Readiness as Hiring Criteria

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-readiness-as-hiring-criteria/) What if every candidate interviewed was tested on their cybersecurity competency? How would that affect hiring and how would that affect your company's security? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is <a href= "htt
21/11/201926 minutes 22 seconds
Episode Artwork

Cybersecurity and the Media

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-and-the-media/) Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What's the media's role? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Dave B
14/11/201929 minutes 47 seconds
Episode Artwork

The Cloud and Shared Security

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/) When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors? Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud. This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and <a href= "https
07/11/201924 minutes 57 seconds
Episode Artwork

Is Product Security Improving?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-product-security-improving/) We've been at this cybersecurity thing for a long time. Are products improving their security? A recent study says they aren't. Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products. This episode is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford
31/10/201926 minutes 6 seconds
Episode Artwork

Best Starting Security Framework

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-best-starting-security-framework/) If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point? Check out this post initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?" That conversation sparked this week’s episode co-hosted by me, David Spark (@dspark), the creator o
24/10/201926 minutes 46 seconds
Episode Artwork

Cyber Defense Matrix

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cyber-defense-matrix/) A simple way to visualize your entire security program and all the tools that support it. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Sounil Yu (@sounilyu), creator of t
17/10/201927 minutes 46 seconds
Episode Artwork

User-Centric Security

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-user-centric-security/) How can software and our security programs better be architected to get users involved? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Adrian Ludwig, CISO, <a hre
10/10/201928 minutes 54 seconds
Episode Artwork

Securing the New Internet

All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-securing-the-new-internet/) If you could re-invent the entire Internet, starting all over again with security in mind, what would you do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode, Davi Otte
03/10/201932 minutes 22 seconds
Episode Artwork

Resiliency

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-resiliency/) How fortified is the business to withstand cyberattacks? Can it absorb the impact of the inevitable hits? Would understanding the business' level of resilience provide the appropriate guidance for our security program? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX</
26/09/201926 minutes 24 seconds
Episode Artwork

Ransomware

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ransomware/) Why is Ransomware so prevalent? Why are so many getting caught in its net? And what are some of the best tactics to stop its scourge? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Brian Vec
19/09/201926 minutes 4 seconds
Episode Artwork

Top CISO Communication Issues

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-top-ciso-communication-issues/) Understanding risk. Communicating with the board. Getting others to understand and care about security. What is the most vexing cybersecurity issue for a CISO? Check out this post by Kate Fazzini, cybersecurity reporter for CNBC, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alf
12/09/201927 minutes 40 seconds
Episode Artwork

Cybersecurity Excuses

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-excuses/) "I've got all the security I need." "I'm not a target for hackers." These are just a few of the many rationalizations companies make when they're in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond? Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dsp
05/09/201924 minutes 40 seconds
Episode Artwork

Employee Hacking

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-employee-hacking/) A cyber professional needs their staff, non-IT workers, and the board to take certain actions to achieve the goals of their security program. Should a CISO use the hacking mindset on their own people? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our gue
29/08/201925 minutes 40 seconds
Episode Artwork

100% Security

100% Security. A great idea that's impossible to achieve. Regardless, CEOs are still asking for it. How should security people respond and we'll discuss the philosophical implications of 100% security. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Rich Friedberg (@richf321), CISO, Blackbaud.
22/08/201924 minutes 56 seconds
Episode Artwork

Proactive Security

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-proactive-security/) How proactive should we be about security? What's the value of threat intelligence vs. just having security programs in place with no knowledge of what attackers are trying to do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode i
15/08/201928 minutes 35 seconds
Episode Artwork

ATT&CK Matrix

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-attck-matrix/) Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of <a
08/08/201924 minutes 59 seconds
Episode Artwork

Hacker Culture

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hacker-culture/) The hacker community needs a new PR campaign. Far too many people equate hacker with criminal. But hacker is a mindset of how one approaches security. What is that approach and why are CISOs so attracted to hiring hackers? Check out this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is <a href= "https://www.linkedin.
01/08/201925 minutes 29 seconds
Episode Artwork

Bad Best Practices

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bad-best-practices/) All professionals like to glom onto "best practices." But in security, "best" practices may be bad out of the gate, become useless over time, or they're not necessarily appropriate for all situations. Stay tuned, we're about to expose some of the worst "best" practices. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@Alla
25/07/201923 minutes 33 seconds
Episode Artwork

Cyber Harassment

All images and links are available on CISO Series (https://cisoseries.com/defense-in-depth-cyber-harassment/) Whether a jilted lover or someone trying to wield their power over another, cyber harassment takes many forms and it doesn't stay in the digital world. It comes into our real world and gets very dangerous. What is it and how can it be thwarted? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is <a hr
18/07/201923 minutes 43 seconds
Episode Artwork

CISO Series One Year Review

Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-series-one-year-review/)  The CISO/Security Vendor Relationship Podcast is now more than a year old. On this episode, the hosts of both podcasts, reflect on the series and we respond to listeners critiques, raves, and opinions. Check out this post and this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan
25/06/201928 minutes 9 seconds
Episode Artwork

Economics of Data

All images and links for this episode available at CISO Series (https://cisoseries.com/defense-in-depth-economics-of-data/)  Do we understand the value of our data? Do our adversaries? And is the way we're protecting it making it too expensive for them to steal? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest for this episode is Chip Wit
25/06/201927 minutes 42 seconds
Episode Artwork

Tool Consolidation

All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-tool-consolidation/) While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (
19/06/201923 minutes 52 seconds
Episode Artwork

Camry Security

Links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-camry-security/) The Camry is not the fastest car, nor is it the sexiest. But, it is one of the most popular cars because it delivers the best value. When CISOs are looking for security products, are they also shopping for Camry's instead of "best of breed" Cadillacs? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this ep
12/06/201922 minutes 21 seconds
Episode Artwork

Amplifying Your Security Posture

All links and images can be found on CISO Series (https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/) In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is <a href= "http
04/06/201926 minutes 52 seconds
Episode Artwork

ERP Security

All images and links for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-erp-security/) For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is B
30/05/201921 minutes 41 seconds
Episode Artwork

Managing Obsolete (Yet Business Critical) Systems

All links and images from this episode can be found at CISO Series (https://cisoseries.com/defense-in-depth-managing-obsolete-yet-business-critical-systems/) Obsolete systems that are critical to your business. They're abandoned, unpatchable and unmanaged. We've all got them, and often upgrading is not an option. What do you do? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode i
22/05/201928 minutes 23 seconds
Episode Artwork

Cybersecurity Hiring

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-hiring/) Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is one our favorite InfoSec gadflies, <a href="https://www.linkedi
16/05/201925 minutes 30 seconds
Episode Artwork

How CISOs Discover New Solutions

Find images and links for this episode on CISO Series (https://cisoseries.com/defense-in-depth-how-cisos-discover-new-solutions/) Are security professionals so burned out by aggressive cybersecurity marketing that they're giving up on discovering new and innovative solutions? What are the best ways for cyber professionals to discover new solutions? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at <a href="http:/
09/05/201929 minutes 28 seconds
Episode Artwork

Is the Cybersecurity Industry Solving Our Problems?

Find all links and images from this episode on CISO Series (https://cisoseries.com/defense-in-depth-is-the-cybersecurity-industry-solving-our-problems/) Is the cybersecurity industry solving our problems? We've got lots of new entrants. Are they doing anything new, or just doing the same thing slightly better? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel</a
01/05/201929 minutes 51 seconds
Episode Artwork

Vulnerability Management

This is a special episode of Defense in Depth being shared on this feed. Find the full post with links and images on the CISO Series site here (https://cisoseries.com/defense-in-depth-vulnerability-management/) So many breaches happen through ports of known vulnerabilities. What is the organizational vulnerability in vulnerability management? Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (<a hr
25/04/201921 minutes 29 seconds
Episode Artwork

Privileged Access Management

If you can't see all the show notes (with images and links) head here: https://cisoseries.com/defense-in-depth-privileged-access-management-pam/ Where does privileged access management (PAM) fit in the order of operations? Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mite
17/04/201925 minutes 14 seconds
Episode Artwork

Machine Learning Failures

Full post for this episode (https://cisoseries.com/defense-in-depth-machine-learning-failures/) Is garbage in, garbage out the reason for machine learning failures? Or is there more to the equation? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Davi Ottenheimer (<a href= "https://twitter.co
10/04/201931 minutes 43 seconds
Episode Artwork

Software Fixing Hardware Problems

The full post (if you're not seeing links and images) can be found here (https://cisoseries.com/defense-in-depth-software-fixing-hardware-problems/) As we have seen with the Boeing 737 MAX crashes, when software tries to fix hardware flaws, it can turn deadly. What are the security implications? Thanks to this week’s podcast sponsor, Unbound Tech Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX),
04/04/201922 minutes 55 seconds
Episode Artwork

Tools for Managing 3rd Party Risk

To see all the notes and links for this episode, go here (https://cisoseries.com/defense-in-depth-tools-for-managing-3rd-party-risk/) Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required? Check out this post and discussion for the basis of our conversation on th
28/03/201925 minutes 3 seconds
Episode Artwork

CISO Burnout

Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Webroot. Thanks to this week’s podcast sponsor, Praetorian <a title="Praet
21/03/201927 minutes 13 seconds
Episode Artwork

RSA 2019: Success or Failure?

Is the RSA Conference a must attend for security professionals? Or is it enough to "just be in San Francisco that week"? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Tyson Martin, CISO for Lumber Liquidators. <img src= "https://assets.libsyn.com/secure/show/156524/DiD_RSA.jpg" alt= "David Spark, producer of CISO Series
14/03/201929 minutes 36 seconds
Episode Artwork

Security IS the Business

If a company's brand and value is built on trust, then your security department is critical to building the value of the company. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Scott McCool (@McCoolScott), former CIO of Polycomm. Thanks to this week’s podcast sponsor, SpyCloud <a title="SpyCloud" href= "https
07/03/201925 minutes 59 seconds
Episode Artwork

Threat Intelligence

Do companies who deliver "threat intelligence" deliver on that promise, or is there more the customer needs to bring to the table to be able to take action? Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest for this episode is Eric Murphy (@_EricMurphy), VP, security research, SpyCloud.  <img style=
27/02/201920 minutes 59 seconds
Episode Artwork

Secure Controls Framework

Defense in Depth is available at CISOSeries.com. Is the "free to use" Secure Controls Framework the one meta-framework to rule them all? Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Tom Cornelius, founder and contributor of the Secure Controls Framework (SCF) (<a
21/02/201924 minutes 52 seconds
Episode Artwork

Insider Threats

Defense in Depth is available at CISOSeries.com. Is your own staff the greatest threat to the security of your company? On this episode of Defense in Depth we discuss protecting your business from itself. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is Vijay Bolina (@_ja
14/02/201920 minutes 50 seconds
Episode Artwork

Building an Information Security Council

Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com. Security for the business affects everyone and all departments. On this episode of Defense in Depth we discuss the values and difficulties of building an information security council.  Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (<a href= "https://twi
07/02/201924 minutes 12 seconds
Episode Artwork

Privacy

Will the privacy outcry and new regulations limit companies’ abilities to do business, or will it span a whole new industry? We discuss building a business in the new age of privacy regulations on this week’s Defense in Depth. Chris Jordan, CEO, Fluency Security This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our sponsored guest is Chris Jordan, CEO of Fluency Security.<
31/01/201928 minutes 57 seconds
Episode Artwork

Security Metrics

Defense in Depth is part of the CISO Series network which can be found at CISOSeries.com. What are the most important metrics to measure when building out your security program? One thing we learned on this episode is those metrics change, as your security program matures. This episode of Defense in Depth is co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest is my co-host of the other show, Mike Johnson, CISO of Lyft. <img class= "aligncenter size-full
23/01/201924 minutes 11 seconds
Episode Artwork

Welcome to Defense in Depth

Just a quick welcome message to this weekly show covering controversial and confusing topics in cybersecurity.
21/01/201934 seconds