Defense in Depth

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security.

In this episode:

Why does scaling least privilege in the cloud remain challenging?

Is throwing more people at the problem feasible? 

How are you managing it?

What aspects haven’t been considered?

Thanks to our podcast sponsor, Sonrai Security

A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts.

In this episode:

How do CISOs feel about sales pitches?

Do they have legitimate complaints?

When do these legitimate complaints cross the line to sounding entitled?

Do CISOs need to show a little more empathy to sales?

Thanks to our podcast sponsor, SquareX

SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian.

In this episode:

How to manage data leaks outside your perimeter?

When data leaks increasingly come from third-parties, what can you do to protect your organization?

How do we even begin to address this problem?

 Is there a one size fits all fix?

Thanks to our podcast sponsor, GitGuardian

GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render.

In this episode:

In today's current climate, is the role of the CISO still worth it?

Does the position carry a lot of potential liability?

Do the upsides still outweigh the risks?

Do CISOs tend to have more responsibility than authority?

Thanks to our podcast sponsor, Sonrai Security

A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment.

Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback?

In this episode:

How important is onboarding new cyber talent?

Does it set the tone for their tenure with your organization?

What should CISOs do to make sure onboarding is effective for both sides?

What are the mistakes CISOs should avoid, and what are the best ways to excel?

 Thanks to our podcast sponsor, OffSec

OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

All links and images for this episode can be found on CISO Series.

Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.  Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank.

In this episode:

Why does advancing your career require more than just technical skills?

Does it require you to build relationships within your organizations, particularly with your boss?

How can you consciously build these relationships with an eye to leveling up your career?

How do you develop soft skills?

Thanks to our podcast sponsor, OffSec

OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude.

In this episode:

Why does it take so long to integrate new tools and get them up to speed?

Are we always in a state where we are always lacking readiness?

What should we be measuring?

Do we focus too much on singular events?

Thanks to our podcast sponsor, Prelude

Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures.

In this episode:

Why is it so darn expensive to get any training on the defender side?

Why is there a mountain of free education for red teaming?

Shouldn’t blue team training should be free or less expensive as well?

Is this the firewall that's preventing us from having all those cyber experts we so desperately need?

Thanks to our podcast sponsor, Query

Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife.

In this episode:

Why do we see a dearth of CISOs listed in executive leadership?

Is this just a factor of company reporting structure?

Or do CISOs really not have a seat at the table with the business?

How do we convince the C-suite?

Thanks to our podcast sponsor, Query

Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query.

In this episode:

Isn't the whole point of a single pane of glass making sense of your data?

But when these dashboards are limited to a single platform, how useful are they?

Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts?

We know we want to take action based on our data, so how do we get there?

Thanks to our podcast sponsor, Query

Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation.

In this episode:

Data is the life blood of an organization but what happens when you collect too much?

Do you put risk on both your organization and for any individuals that data belongs too?

Is it still wise to collect as much data as possible?

How can CISOs embrace data minimization that doesn't clash with the needs of the business?

Thanks to our podcast sponsor, Material Security

Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.

All links and images for this episode can be found on CISO Series.

The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security.

In this episode:

Where are we in terms of monitoring anomalous behavior of our users?

Why are we still struggling to understand what happens after threat actors are in our networks?

How are new AI-based tools helping us to scale efforts?

What's working and where do we need to improve?

Thanks to our podcast sponsor, Reveal Security

Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M.

In this episode:

Why do security startups fail?

All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry?

What's unique about cybersecurity startups?

What's the most common reason you've seen a cyber startup not succeed?

Thanks to our podcast sponsor, RevealSecurity!

Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series

Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System.

Thanks to our podcast sponsor, Eclypsium

Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.

In this episode:

All links and images for this episode can be found on CISO Series

Automation was supposed to make cybersecurity professionals’ lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Lozada (@brianl1775), CISO, HBOMax.

Thanks to our podcast sponsor, deepwatch

Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian.

Thanks to our podcast sponsor, Tessian

95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.

In this episode:

All links and images for this episode can be found on CISO Series

Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises.

Thanks to our podcast sponsor, Eclypsium

Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.

In this episode:

All links and images for this episode can be found on CISO Series

Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard.

Thanks to our podcast sponsor, Tessian

95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.

All links and images for this episode can be found on CISO Series

In most jobs there’s often a clear indicator if you’re doing a good job. In security, specifically security leadership, it’s not so easy to tell. “Nothing happening” is not an effective measurement. So how should security performance be graded?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Deneen DeFiore (@deneendefiore), CISO, United Airlines.

Thanks to our podcast sponsor, Tessian

In this episode:

All links and images for this episode can be found on CISO Series

If we’re going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, Eclypsium.

Thanks to our podcast sponsor, Eclypsium

Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.

All links and images for this episode can be found on CISO Series

Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life.

Thanks to our podcast sponsor, Qualys

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.

In this episode:

All links and images for this episode can be found on CISO Series

How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there?

Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys.

Thanks to our podcast sponsor, Qualys

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security.

 Thanks to our podcast sponsor, Qualys

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Andy Ellis (@csoandy), operating partner, YL Ventures.

Thanks to our podcast sponsor, Varonis

What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment.

In this episode:

All links and images for this episode can be found on CISO Series

When a senior person at your company asks you, "Are we secure?" how should you respond?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Paul Truitt, principal US cyber practice leader, Mazars.

Thanks to our podcast sponsor, Varonis

Still in the news is REvil’s ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Learn more about how to prevent ransomware.

In this episode:

What are the tell tale signs you've got ransomware before you receive the actual ransomware threat?

Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Brian Vecci (@BrianTheVecci), field CTO, Varonis.

Thanks to our podcast sponsor, Varonis

What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn’t stand a chance. Get a free risk assessment.

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Robert Wood (@holycyberbatman), CISO at Centers for Medicare & Medicaid Services.

Thanks to our podcast sponsor, Living Security

Traditional approaches to security communication are limited to one-off training sessions that fail to take customers, regulators, and other external stakeholders into account and rarely affect long-term behavioral change. This report lays out a four-step plan that CISOs should follow to manage the human risk. It provides design principles for creating transformational security awareness initiatives which will win the hearts and minds of senior executives, employees, the technology organization, and customers.

In this episode:

All links and images for this episode can be found on CISO Series

SIEM tools that ingest and analyze data are ubiquitous in security operations centers. But just knowing what's happening in your environment is not enough. For competitive reasons, must SIEM tools expand and offer more automation, intelligence, and the ability to act on that intelligence?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Chris Grundemann (@ChrisGrundemann), category lead, security, GigaOm.

Thanks to our podcast sponsor, Keyavi

Cyber criminals who attack healthcare systems know medical record information has tremendous value for stealing identities. If you infuse personally identifiable information with geographical awareness and intelligence, you dramatically reduce the risk of patient identity theft. Join a live demo session on www.keyavi.com/sessions to learn more.

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Adam Keown, director, information security, Eastman.

Thanks to our podcast sponsor, VMware

In this episode:

All links and images for this episode can be found on CISO Series

What is the most critical step to preventing ransomware? Security professionals may be quick to judge users and say it's a lack of cyberawareness. Could it be something else?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Rebecca Harness (@rebeccaharness), CISO, St. Louis University.

Thanks to our podcast sponsor, VMware

In this episode:

All links and images for this episode can be found on CISO Series

For four years in a row, Verizon's DBIR, has touted compromised credentials as the top cause of data breaches. That means bad people are getting in yet appearing to be legitimate users. What are these malignant users doing inside our network? What are the techniques to both understand and allow for good yet thwart bad lateral movement?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Sandy Wenzel (@malwaremama), cybersecurity transformation engineer, VMware.

Thanks to our podcast sponsor, VMware

In this episode: 

All links and images for this episode can be found on CISO Series

You've just joined a company as CISO, what's the very first step you would take to improve the security posture of your new company?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Olivia Rose, vp of IT and security, Amplitude.

Thanks to our podcast sponsor, Proofpoint

Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.

In this episode:

All links and images for this episode can be found on CISO Series

How is ransomware getting into your network? Is the path direct, like via email, or does it take a more circuitous route?

Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our sponsored guest Ryan Kalember (@rkalember), evp, cybersecurity strategy, Proofpoint.

Thanks to our podcast sponsor, Proofpoint

Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.

In this episode:

All links and images for this episode can be found on CISO Series

Why should security professionals get certifications? Do they actually teach you what you need to know to solve cybersecurity challenges? OR do they act as gateways or approval checks to be admitted into the field of cybersecurity?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Will Gregorian (@willgregorian), head of IT and security, Rhino and our guest Shawn M. Bowen (@smbowen), CISO, World Fuel Services.

Thanks to our podcast sponsor, Palo Alto Networks

First, every company became a software company. Now, every company needs to be a cybersecurity company too. Prisma Cloud from Palo Alto Networks a single security platform that delivers comprehensive protection from code through app, so your company can keep doing what it's supposed to do. Learn more at paloaltonetworks.com/prisma/cloud.

In this episode:

All links and images for this episode can be found on CISO Series

How are you measuring your progress and success with cloud security? How much visibility into this are you providing to your engineering teams?

Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest Matthew Chiodi (@mattchiodi), CSO, public cloud, Palo Alto Networks.

Thanks to our podcast sponsor, Palo Alto Networks

If you're doing cloud security right, no one knows if you've done anything. When you do it wrong, well, you end up on Cybersecurity Headlines. Prisma Cloud from Palo Alto Networks helps ensure your security stays in the quietly appreciated group. It's a single security platform that delivers comprehensive protection from code to cloud. Learn more at paloaltonetworks.com/prisma/cloud.

In this episode

All links and images for this episode can be found on CISO Series

What does a young person, eager to get into cybersecurity, have to show or prove to land their first help desk, tech support role?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Bryan Zimmer (@bryanzimmer), head of security, Humu.

Thanks to our podcast sponsor, Palo Alto Networks

In 1666, Sir Isaac Newton famously used a prism to disperse white light into colors. Today, cloud security professionals use Prisma Cloud from Palo Alto Networks to disperse full lifecycle security and full stack protection across their multi- and hybrid-cloud environments. We think Sir Isaac would approve. Learn more about Prisma Cloud paloaltonetworks.com/Prisma/cloud.

In this episode

All links and images for this episode can be found on CISO Series

What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be?

Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care.

Thanks to our podcast sponsor, Proofpoint

Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint's 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.

In this episode

All links and images for this episode can be found on CISO Series

The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers

Thanks to our podcast sponsor, RevCult

On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.

In this episode:

All links and images for this episode can be found on CISO Series

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Liam Connolly, CISO, Seek. and our guest Ben Sapiro (@ironfog), head of technology risk and CISO, Canada Life.

Thanks to our podcast sponsor, RevCult

On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses. 

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-salesforce-security/

Thanks to our podcast sponsor, RevCult

On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses.

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-cloud-configuration-fails/

Why do we hear so many stories about incidents related to poor or misconfigured cloud services?

Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our sponsored guest, Brendan O'Connor, CEO, AppOmni.

Thanks to our podcast sponsor, AppOmni

AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/starting-pay-for-cyber-staff/ 

What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest Dan Walsh (@danwalshciso), CISO, VillageMD.

Thanks to our podcast sponsor, AppOmni

AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.

In this episode:

All links and images for this episode can be found on CISO Series.

https://cisoseries.com/fear-of-automation/

Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our guest Edward Frye (@edwardfrye), CISO, Aryaka Networks and president of Silicon Valley chapter of ISSA.

AppOmni is building the future of SaaS security. We empower our users to enforce security standards across their SaaS applications, and enable them to remediate in confidence knowing they’re fixing the most important SaaS security issues first. Contact us at www.appomni.com to find out who - and what - has access to your SaaS data.

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/

Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience?

Check out this post and this Twitter discussion for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Dev Akhawe (@frgx), CISO, Figma.

Thanks to our podcast sponsor, Sonatype

With security concerns around software supply chains ushered to center stage in recent months, organizations around the world are turning to Sonatype as trusted advisors. The company’s Nexus platform offers the only full-spectrum control of the cloud-native software development lifecycle including third-party open source code, first-party source code, infrastructure as code, and containerized code.

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/

How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and sponsored guest Wayne Jackson, CEO, Sonatype.

Thanks to our podcast sponsor, Sonatype

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/

Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our sponsored guest, Aidan Simister (@aidansimister), CEO, Lepide.

Thanks to our podcast sponsor, Lepide

Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast.

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/ 

Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head of cybersecurity for Netflix DVD and our guest is Bryan Zimmer (@bryanzimmer), head of security for Humu.

Thanks to our podcast sponsor, Lepide

Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats – fast.

In this episode:

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-insider-risk/

By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Zalewski, CISO, Levis, and our sponsored guest Mark Wojtasiak (@markwojtasiak), vp, portfolio strategy & product marketing, Code42 and author of Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can't Ignore.

Thanks to our podcast sponsor, Code42

Redefine data security standards for the hybrid workforce. Check out Code42.

In this episode:

 All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/

Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, Melody Hildebrandt (@mhil1), evp, product & engineering and CISO, Fox.

Thanks to our podcast sponsor, Code42

Redefine data security standards for the hybrid workforce. Check out Code42.

In this episode

Does Zero Trust obscure the core principles it's supposed to serve?

How does Zero Trust affect the assumptions around cybersecurity’s control and ownership of a network

What are the real Zero Trust best practices?

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-mentoring/

Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and our guest Sean Catlett, CSO, Slack.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/

How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tomás Maldonado (@tomas_mald), CISO, NFL

Thanks to our podcast sponsor, Lepide

Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide’s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats - fast.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/

What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix

Thanks to our podcast sponsor, Trend Micro as bold

Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-cloud-security-myths/

The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our sponsored guest Mark Nunnikhoven (@markna), vp, cloud research, Trend Micro.

Thanks to our podcast sponsor, Trend Micro

Threat actors want what you’re storing in the cloud. Trend Micro’s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-what-is-securitys-mission/

What's the mission of your security program? Is it to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY, OR, is it to PROTECT THE COMPANY BRAND by effectively PREVENTing, DETECTING and RESPONDING to cyber-threats? These are the two options for security's mission that we discuss on this week's show.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Johna Till Johnson (@JohnaTillJohnso), CEO, Nemertes Research.

Thanks to our podcast sponsor, Trend Micro

The conversation between you and your board of directors is not always a walk in the park. With more cloud projects coming your way, it’s time to change the conversation to speak their language and start paving the way for a secure future. For more, go to http://trendmicro.com/CISO

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-vendor-cisos/

It's hard to be a CISO. But, what's it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Allan Alford (@AllanAlfordinTX), CTO/CISO, TrustMAPP, and host of The Cyber Ranch Podcast.

Thanks to our podcast sponsor, TrustMAPP

Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need

You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, deputy CISO, Levis, and our guest Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies .

Thanks to our podcast sponsor, TrustMAPP

Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP’s data visualization helps you communicate with your board in a way they can understand – and approve.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber

Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department's general counsel?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest, David Schellhase (@davidschellhase), general counsel, Slack.

Thanks to our podcast sponsor, TrustMAPP

TrustMAPP delivers Security Performance Management, giving CISOs a real-time view of the effectiveness of their security program. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs. To learn about the MAPP methodology, download the white paper at https://trustmapp.com/mapp-paper/

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-data-destruction

How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Shawn Bowen, CISO, Restaurant Brands International (RBI), and our sponsored guest, Frank Milia, partner, (@ITAssetRecvry), IT Asset Management Group.

Thanks to our podcast sponsor, IT Asset Management

Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.  Is it clear who is responsible for the performance of your data disposition practice?   IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners.       Download the program guide today at itamg.com/CISO

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-how-to-make-cybersecurity-more-efficient/

You're a new CISO told to hold headcount even and find the resources to do 20% more work. We're already maxed out. So how do we do more? Coming up next we're getting smart and more efficient with security.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Mike Morgan, (@theywerecones) head of information security, infrastructure director, Foster Farms

Thanks to our podcast sponsor, IT Asset Management Group

Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.  Is it clear who is responsible for the performance of your data disposition practice?   IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners.       Download the program guide today at itamg.com/CISO

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-does-a-ciso-need-tech-skills

Does a CISO need technical skills to be an effective cybersecurity leader? Many CISOs don't have them. Are they still effective and does it affect their ability to lead?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, and guest co-host Ben Sapiro, (@ironfog), CISO, Great-West LifeCo, and our guest, Zach Powers, CISO, Benchling.

Thanks to our episode sponsor, IT Asset Management Group

Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.  Is it clear who is responsible for the performance of your data disposition practice?   IT Asset Management Group’s free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. Download the program guide today at itamg.com/CISO.

In this episode

All links and images for this episode can be found on CISO Series

https://cisoseries.com/defense-in-depth-how-do-you-know-if-youre-good-at-security/

What metrics or indicators signal to you that an organization is “good at security”?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Justin Berman (@justinmberman), former CISO, Dropbox.

Thanks to our podcast sponsor, Imperva

Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.

In this episode

All links and images for this episode can be found on CISO Series

You're a new CISO at a new org given a headcount of ten to build a cybersecurity team. What's your strategy to build that team?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest JJ Agha (@jaysquaredx2), CISO, Compass.

Thanks to our podcast sponsor, Imperva

Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.

All links and images for this episode can be found on CISO Series

(https://cisoseries.com/defense-in-depth-are-our-data-protection-strategies-evolving/)

As we're evolving from putting data on premises to the cloud, are our data protection strategies evolving as well? There are issues of securing data, knowing where it travels, and privacy implications of data. How are we handling all of that?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Chris Brown, senior director, data security at Imperva.

Thanks to our podcast sponsor, Imperva.

Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it’s stored and who’s accessing it. Start a free trial now.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-cisos-be-licensed-professionals/)

Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Patrick Benoit (@patrickbenoit), vp, global head of GRC and BISO, CBRE.

Thanks to this week's podcast sponsor, F5

External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)

Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.

Thanks to this week's podcast sponsor, F5.

External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-imposter-syndrome/)

For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest David Peach (@realdavidp), CISO and head of privacy, The Economist Group.

Thanks to this week's podcast sponsor, F5.

CISOs are dealing with the increasing sophistication of cyber attackers that are taking advantage of their applications. Find out how F5 helps organizations expand their security and see the unseen by watching the F5 Security Summit webinar. View it here.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-why-dont-more-companies-take-cybersecurity-seriously/)

With every cybersecurity breach, we still don't seem to be getting through. Many companies don't seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Ben Sapiro, global CISO, Great-West LifeCo.

Thanks to this week's podcast sponsor, Sonatype.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-protection-and-visibility/)

Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Elliot Lewis (@elliotdlewis), CEO, Keyavi Data.

Thanks to this week's podcast sponsor, Keyavi Data.

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-whats-an-entry-level-cybersecurity-job/)

Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn. The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not know what an entry level cybersecurity job is.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Joseph Carrigan (@JTCarrigan), senior security engineer at Johns Hopkins University Information Security Institute, and co-host Hacking Humans podcast.

Thanks to this week's podcast sponsor, Keyavi Data.

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-digital-transformations/)

Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Paul Asadoorian (@securityweekly), founder & CTO, Security Weekly, and chief innovation officer, Cyber Risk Alliance.

Thanks to this week's podcast sponsor, Keyavi Data.

Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/)

Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Jérémy Thomas, CEO, GitGuardian.

Thanks to this week's podcast sponsor GitGuardian.

GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/)

How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Chad Boeckmann (@SDS_Advisor), CEO, TrustMAPP.

TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/)

Privacy is an uphill battle. The problem is those gathering the data aren't the ones tasked with protecting the privacy of those users for whom that data represents.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire Podcast.

Thank to our episode sponsor, TrustMAPP.

TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/)

What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring.

Thank to our episode sponsor, TrustMAPP.

TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you’re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-xdr-extended-detection-and-response/)

Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what's going on in your environment.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire.

Thanks to our sponsor, Hunters.

Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-calling-users-stupid/)

Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Dustin Wilcox, CISO, Anthem.

Thanks to our sponsor, Hunters.

Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-is-college-necessary-for-a-job-in-cybersecurity/)

Where is the best education for our cyber staff of the future? Where does college fit in or not fit in?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Dan Walsh, CISO, Rally Health.

Thanks to our sponsor, Hunters.

Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they’re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-when-red-teams-break-down/)

What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.

Thanks to this week’s podcast sponsor, PlexTrac.

PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/)

Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What's breaking down?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our guest Liam Connolly, CISO, Seek.

Thanks to this week's podcast sponsor, Salt Security.

Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-junior-cyber-people/)

There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Naomi Buckwalter (@ineedmorecyber), director of information security & privacy at Energage.

Thanks to this week's podcast sponsor, Salt Security.

Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/)

Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying?

Check out this post and the Valimail survey for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Lee Parrish (@LeeParrish), CISO, Hertz.

Thanks to this week's podcast sponsor, AttackIQ.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-how-vendors-should-approach-cisos/)

"How do I approach a CISO?" It's the most common question I get from security vendors. In fact, I have another podcast dedicated to this very question. But now we're going to tackle it on this show.

Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Ian Amit (@iiamit), CSO, Cimpress.

Here also is my original article with Allan Alford when he first launched this engage with vendors campaign.

Thanks to this week's podcast sponsor, Sonrai Security.

Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud. 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-secure-access/)

What is the Holy Grail of secure access? There are many options, all of which are being strained by our new work from home model. Are we currently at the max?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Rohini Kasturi, chief product officer, Pulse Secure.

Thanks to this week’s podcast sponsor, Pulse Secure.

Pulse Secure offers easy, comprehensive solutions that provide visibility and seamless, protected connectivity for hybrid IT in a Zero Trust world. Over 24,000 enterprises entrust Pulse Secure to empower their mobile workforce to securely access applications and information in the data center and cloud while ensuring business compliance.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-infosec-fatigue/)

Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp?

Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Helen Patton (@OSUCISOHelen) CISO, The Ohio State University.

Thanks to this week's podcast sponsor, Sonrai Security.

Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud. 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-securing-a-cloud-migration/)

You're migrating to the cloud. When did you develop your security plan? Before, during, or after? How aware are you and the board of the cloud's new security implications? Does your team even know how to apply security controls to the cloud?

Check out this post for the basis of our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Sandy Bird, CTO and co-founder, Sonrai Security.

Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing, and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue.

Thanks to this week's podcast sponsor, Sonrai Security.

Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an enterprise cloud security platform that identifies and monitors every possible relationship between identities and data that exists inside your public cloud. 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-api-security/)

APIs are gateways in and out of our kingdom and thus they're also great access points for malicious hackers. How the heck do we secure them without overwhelming ourselves?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Roey Eliyahu, CEO, Salt Security.

Salt Security protects the APIs at the core of SaaS, web, and mobile applications. By using patented behavioral protection Salt Security automatically and continuously discovers and learns the granular behavior of each unique API and stops attacks. In 2020 Salt Security was named a Gartner Cool Vendor in API Strategy.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-threat-intelligence/)

We all know that shared intelligence has value, yet we're reticent to share our threat intelligence. What prevents us from doing it and what more could we know if shared threat intelligence was mandated?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest, Joel Bork (@cincision), senior threat hunter, IronNet Cybersecurity.

Thanks to this week's podcast sponsor, IronNet Cybersecurity.

To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/)

Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime?

Check out this post by Brian Krebs for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Steve Zalewski, deputy CISO, Levi Strauss.

Thanks to this week's podcast sponsor, IronNet Cybersecurity.

To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-security-budgets/)

How do you calculate a security budget? Is it a percentage of the IT budget? Something else? And why does it grow so drastically after a breach?

Thanks to this week's podcast sponsor, IronNet Cybersecurity.

To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to improve the detection capabilities of the collective. Through faster sharing of behavioral analytics, signature-based, and human threat insights, organizations can more effectively spot malicious activity and reduce attacker dwell time. More on IronNet Cybersecurity.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-role-of-the-biso/)

What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nicole Dove (@IssaUrbanGirl), BISO, ADP, and host of Urban Girl Corporate World podcast.

Thanks to this week's podcast sponsor, Deep Instinct.

Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-shared-accounts/)

As bad as all security professionals know, shared accounts are a fact in the business world. They still linger, and from an operational standpoint they're hard to secure and get accountability. Why are they still around and what can be done about them?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Jake King (@jakeking), CEO, Cmd.

Thanks to this week's podcast sponsor, Cmd.

Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-bug-bounties/)

What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Justin Berman (@justinmberman), head of security, Dropbox.

Thanks to this week's podcast sponsor, Cmd.

Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-data-classification/)

The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Nina Wyatt, CISO, Sunflower Bank.

Thanks to this week's podcast sponsor, Cmd.

Cmd provides a lightweight platform for hardening production Linux. Small and large companies alike use Cmd to address auditing gaps, implement controls that keep DevOps safe, and trigger alerts on hard-to-find threats. With out-of-the-box policies that make setup easy, Cmd is leading the way in native protection of critical systems.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/)

We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Steve Salinas (@so_cal_aggie), head of product marketing, Deep Instinct.

Thanks to this week's podcast sponsor, Deep Instinct.

Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-asset-valuation/)

What's the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause?

Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Bobby Ford, global CISO, Unilever.

Thanks to this week's podcast sponsor, CyberArk.

At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-devsecops/)

We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other?

Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our sponsored guest is Sumedh Thakar (@sumedhthakar), president and chief product officer, Qualys.

Thanks to this week’s podcast sponsor, Qualys.

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-fix-security-problems-with-what-youve-got/)

Stop buying security products. You probably have enough. You're just not using them to their full potential. Dig into what you've got and build your security program.

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest Brent Williams (@brentawilliams), CISO, SurveyMonkey.

Thanks to this week's podcast sponsor, Deep Instinct.

Deep Instinct is changing cybersecurity by harnessing the power of Deep Learning to prevent threats in zero time. Deep Instinct’s on-device, solution protects against zero-day, APT, ransomware attacks, and against both known and unknown malware with unmatched accuracy and speed. Find out more about the solution’s wide covering platform play.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-should-risk-lead-grc/)

Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can't start with it?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Allan Alford (@AllanAlfordinTX). Our guest is Marnie Wilking (@mhwilking), global head of security & technology risk management, Wayfair.

Thanks to this week’s podcast sponsor, Qualys.

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-responsible-disclosure/)

Security researchers and hackers find vulnerabilities. What's their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest is Tom Merritt (@acedtect), host, Daily Tech News Show.

Thanks to this week’s podcast sponsor, Qualys.

Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.