All links and images for this episode can be found on CISO Series There are vendors that CISOs can't look away from. Who are they and what did they do to get so much attention from CISOs? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Saša Zdjelar , svp, security assurance, Salesforce . Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize...
Oct 04, 2022•41 min
All links and images for this episode can be found on CISO Series If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It's actually really hard to hire a diverse team because what you want to do is simply hire people who look, talk, and sound like you. People who come from the same background a...
Sep 27, 2022•37 min
All links and images for this episode can be found on CISO Series What are signs your team is getting burnt out? It's not an imbalance of work and family, it's feeling you're having no impact. That you're working your tail off and nothing is getting accomplished. This happens often in cybersecurity. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Sara-Michele Lazarus , vp/head of trust and security, Stavvy . Thanks to our podc...
Sep 20, 2022•41 min
All links and images for this episode can be found on CISO Series Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to pi...
Sep 13, 2022•37 min
All links and images for this episode can be found on CISO Series. You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is Renee Guttman , former CISO, Campbell's, Coca-Cola, and Time Warner. Thanks to our podcast sponsor, Ok...
Sep 06, 2022•32 min
All links and images for this episode can be found on CISO Series Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out? This week’s episode is hosted by me, David Spark ( @dspark ), producer ...
Aug 30, 2022•37 min
All links and images for this episode can be found on CISO Series Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure. T...
Aug 23, 2022•40 min
All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is David Cross ( @mrdbcross ), SVP/CISO for Oracle SaaS Cloud . Thanks to our pod...
Aug 16, 2022•34 min
All links and images for this episode can be found on CISO Series You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is Aviv Grafi , founder a...
Aug 09, 2022•40 min
All links and images for this episode can be found on CISO Series We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our sponsored guest is Anna Belak ( @aabelak ), director of thought lead...
Aug 02, 2022•39 min
All links and images for this episode can be found on CISO Series What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), ope...
Jul 26, 2022•34 min
All links and images for this episode can be found on CISO Series If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Carla Sweeney , vp information security, Red Ventures . Thanks to our ...
Jul 19, 2022•36 min
All links and images for this episode can be found on CISO Series Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is A...
Jul 12, 2022•32 min
All links and images for this episode can be found on CISO Series Should you monitor your staff? I mean reallymonitor them. Some bosses are installing screen grabbing and click tracking software to monitor employees and by most estimates employees hate it so much that half of them would quit if their supervisors installed monitoring software on their computers . But in some cases an employee's behavior may lend themselves to being monitored. This week’s episode is hosted by me, David Spark ( @ds...
Jul 05, 2022•35 min
All links and images for this episode can be found on CISO Series Next time you're annoyed by a security vendor's pitch, instead of firing back at them at what an idiot they are, or complaining about it on social media, why not see if you can find a friendly manager at the vendor company and explain what happened so they can actually address the problem appropriately? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Rob Suarez ...
Jun 28, 2022•35 min
All links and images for this episode can be found on CISO Series I have no idea what I need to spend to demonstrate our security program is working. What's it going to take? Or maybe I need just others on my team to just validate that they truly do care about security. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is John McClure ( @johnmcclure00 ), CISO, Sinclair Broadcast Group . Th...
Jun 21, 2022•37 min
All links and images for this episode can be found on CISO Series How dangerous is it for a cybersecurity professional to pull a G-d complex with the email server just because they didn't like the way one salesperson behaved? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our sponsored guest is Jadee Hanson ( @jadeehanson ), CIO/CISO, Code42 . Thanks to our podcast sponsor, Code42. As the Insider...
Jun 14, 2022•40 min
All links and images for this episode can be found on CISO Series What if we could convince management that security is not a cost center, but a means to actually make and save money for the business? The concept isn't so completely outrageous. Companies are using privacy and security as differentiators, and certain security tools such as single sign on, password managers, and passwordless reduce operational costs in support tickets. This week’s episode is hosted by me, David Spark ( @dspark ), ...
Jun 07, 2022•35 min
To see the blog post and read the transcript, head over to CISO Series . We don't celebrate quitting. Maybe we should. When should you do it when you don't have another offer? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Hadas Cassorla , CISO, M1 . On this episode: When a "good" security control is actually bad for business. A "how to" engage with a CISO during a presentation meeting. Losing your passion for cybersecurity. ...
May 31, 2022•40 min
All links and images for this episode can be found on CISO Series I have talked to vendors who get all excited about Gartner opening up a new category for them. All I can think is uggh, something new to confuse the security marketplace. I know there's a need to label products in categories to simplify sales. But the complexity is driving buyers nuts. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures ....
May 24, 2022•33 min
All links and images for this episode can be found on CISO Series Are bad security policies of yesteryear just because we didn't know any better at the time, or were they some bozos idea of legitimate security yet the rest of us knew it was just security theater? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Dr. Diane M Janosek ( @dm_janosek ), deputy director of compliance, NSA and senior legal advisor for Women in Cybersec...
May 17, 2022•40 min
All links and images for this episode can be found on CISO Series Legacy tech can often be the anchor that prevents an organization from growing. Put the issue of dealing with legacy tech long enough and the problem could get bigger than the business itself. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is TJ Mann ( @teejaymann ), CISO, Children's Mercy Kansas City . Thanks to our podc...
May 10, 2022•37 min
All links and images for this episode can be found on CISO Series People violate cybersecurity policies at a rate of one out of every 20 job tasks. It's just a matter of time before all your employees are in violation. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is Bruce Schneier ( @schneierblog ), chief of security architecture, Inrupt and fellow and lecturer and Harvard Kennedy Sch...
May 03, 2022•33 min
All links and images for this episode can be found on CISO Series A young woman is killing it in her first cybersecurity job out of college. Management is so thrilled with her that they want to give her a promotion. Problem is the promotion reveals a lot of other innerworkings that don't speak well of the company's culture. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Davi Ottenheimer ( @daviottenheimer ), vp trust and digital ethics, I...
Apr 26, 2022•40 min
All links and images for this episode can be found on CISO Series First job out of college and you get the cybersecurity job of your dreams... and nightmares. It's just too much, and you definitely don't have the experience to handle it all. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Rick Doten ( @rick_doten ), CISO, Carolina Complete Health . Check out Rick's Youtube channel with the CIS Critical Security Control videos....
Apr 19, 2022•37 min
All links and images for this episode can be found on CISO Series "No business wants more security, they want less risk," said a redditor on the cybersecurity subreddit. Executives seem to not care about cybersecurity because they're not talking in those terms. They talk in terms of managing risk. It's the InfoSec professional's job to do the translation. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Tom Doughty , vp and CIS...
Apr 12, 2022•36 min
All links and images for this episode can be found on CISO Series A CISO hears about your company's product from some other CISOs. Eager to find more information like a video demo they could watch on their own, they visit your site. They can't find anything except a prominently placed "Request a Demo" button. Fearing the marketing and salespeople who will hound them if they fill out the information, they just bail. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Se...
Apr 05, 2022•39 min
All links and images for this episode can be found on CISO Series The web is awash with sites claiming they know what the security trends will be for 2022. All of them were filled with quotes from security experts at different vendors who "surprise" we're saying the big trend is what their product can fix. One publication, eWEEK, had probably the only logical set of trends and they look a lot like what happened in 2021. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CI...
Mar 29, 2022•33 min
All links and images for this episode can be found on CISO Series Are security conferences really helpful in advising you on making your business more secure, or are they just adding more worries to your plate that aren't actually going to be threats your business is going to have to face? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Our guest is Jason Witty , CSO, USAA . Thanks to our podcast ...
Mar 22, 2022•36 min
All links and images for this episode can be found on CISO Series Our entire network launched because of the irritation CISOs had with vendors could have stopped some breach that happened to another company. Then the chest pounding subsided, and we thought we were making an impact, until Log4j appeared... This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson . Our guest is Tim Rohrbaugh , CISO, JetBlue . Thanks to our sponsor, CyCognito By underst...
Mar 15, 2022•34 min
