We have an exciting announcement. Our latest version of the podcast is packed with new features and they're riddled with security holes. We know you wanted the features. The security vulnerabilities are just a bonus. On this episode of the CISO/Security Vendor Relationship Podcast, we discuss: Cybersecurity burnout: How bad is it? What can be done to mitigate it? And what are the warning signs? All tech professionals have burnout issues, but InfoSec has it toughest because it's very hard for the...
Sep 10, 2018•32 min
Security is suffering from a serious Rodney Dangerfield "I get no respect" problem. What has often been seen as the department of "no" is struggling under that brand image. That's probably because security is often seen as an inhibitor rather than an enabler. If InfoSec wants to fix that perception, it'll be their responsibility to dig themselves out. Here's what you'll hear on the latest episode of the CISO/Security Vendor Relationship Podcast: Nobody thinks security is their friend: How can se...
Aug 27, 2018•30 min
This is an extra segment we recorded with Dan Glass , former CISO, American Airlines for our last episode. It didn't make it into the last episode, but I thought it was still worthwhile to release as a short bonus mini episode of only four minutes. As always, the show includes myself, David Spark , founder, Spark Media Solutions and Mike Johnson , CISO, Lyft . Enjoy....
Aug 23, 2018•4 min
We spend a good portion of this episode of the CISO/Security Vendor Relationship Podcast mocking unrealistic job listings that ask for too many unnecessary credentials and on top of it aren't willing to pay a fair market rate. Did companies forget that it's a buyers' market right now in security? On this episode of the podcast we discuss: The security semantics of "responsibility" vs. "accountability": Which one drives which behavior? And it is possible to try to compel one to the detriment of t...
Aug 21, 2018•31 min
We promise to keep your identity private while we discuss the troubles of two-factor authentication. On this episode of the CISO/Security Vendor Relationship Podcast we discuss: Why don't more people use two-factor authentication? Does the UX still suck? Why can't we agree on a common model for how to authenticate? Will U2F be the saving grace for 2FA ? Story on the debate . What are the signs your employees are going rogue? We debate the need to monitor employees this way. Are internal intrusio...
Aug 14, 2018•36 min
Just because you have a new salesperson, doesn't mean you have to restart the sales process. If you've been properly entering information into your CRM, you shouldn't have to. On this episode of the podcast we discuss: Are you ready for...Black Hat: Techniques to get the most value out of the conference. We've got some really good post-conference suggestions. What do you think of this pitch? We have one of those follow up pitches that just rubs CISOs and security professionals the wrong way. It'...
Aug 06, 2018•29 min
Just like so many security products are infused with artificial intelligence, we've also got plenty of meaningless modifiers to describe this podcast. On this episode we've got: First 90 Days of a CISO. How do you assess talent already there, and how do you prioritize the new hires you need? Please, Enough! No, More! We delve into the overexposure of AI (artificial intelligence) and machine learning. Are they the same thing? And what do CISOs actually want to hear more about on both of these top...
Jul 31, 2018•30 min
If I knew more about your current security needs, I'd probably be able to tell you what security product to buy. But that would require me to spend time understanding your needs and this podcast is only 30 minutes long. Instead, we decided to uncover the universal truths of what security product you shouldn't buy. In this episode of the CISO/Security Vendor Relationship podcast, we uncover failed CISO product purchases plus: Do temporary dips in hacker attacks change your security posture? What ...
Jul 24, 2018•32 min
We're fed up with vendors who think they can detect any breach, but we're not fed up with breach detection. On this week's episode: Are millennials excited or not excited about working in security? Supposedly, nine percent of all millennials are interested in a job of security. Is that good news/bad news/misrepresented news? ( Read the story ) Haroon Meer's amazingly open story of the money Thinkst spent at RSA 2018. Was it worth it? Great advice for anyone else sponsoring a big tech conference....
Jul 17, 2018•33 min
Are you managing your passwords the same today as you did five years ago? On this episode of the CISO/Security Vendor Relationship podcast, we discuss the changing landscape of what we once thought were best practices, but aren't anymore. On this episode: Which CEOs are more fatalistic about inevitability of cyber attacks Explaining cyber risks to the board Reappropriating the word "hacker." My cartoon that spurned a debate and Rick McElroy of Carbon Black's discussion on LinkedIn. What we're no...
Jul 10, 2018•31 min
Want to get under a CISO's skin? Ask them if they have a concern for security in their environment. It's like asking a chef if they're concerned about preparing food. In this week's episode of the CISO/Security Vendor Relationship Podcast we learn how the following: Dumbest mistakes you can make as a CISO What to do on day 1 when you're a CISO Why is everyone talking about this now? Questioning a CISO's job interests. Please, Enough. No, More on GDPR. We critique a vendor pitch. And "Ask a CISO....
Jul 03, 2018•27 min
Did Katy Perry provide sound security advice, or didn’t she? You’ll have to listen to the latest episode of the CISO/Security Vendor Relationship Podcast to find out. In this episode: A Third of UK Organizations Have Sacked Employees for Data Breach Negligence Younger Employees Identified as ‘Main Culprits’ of Security Breaches Who has your CEO’s credentials? – by Robert Herjavec, one of the sharks on “Shark Tank” NEW Segment: Please, Enough. No, More. This week we talk about identity management...
Jun 26, 2018•29 min
On this week’s episode of the CISO/Security Vendor Relationship podcast we ask, “What good is a security alert if there’s no actionable item?” As always, the show is hosted by me, David Spark ( @dspark ), founder, Spark Media Solutions and Mike Johnson , CISO, Lyft . Our guest this week is Wendy Nather ( @wendynather ), director, advisory CISOs, Duo Security . On this episode, you’ll learn: Flex your incident response muscles. Does your cybersecurity policy change around high-profile events? Wha...
Jun 19, 2018•29 min
Don’t bother trying to craft a potentially clever, funny and adorable email that you hope will tickle a security practitioner; it’s simply not going to work. When it comes to security pitches, practitioners just want the facts. While humor is appreciated, a cold email pitch is not the time to showcase your creative writing skills. As always, the show is hosted by me, David Spark ( @dspark ), founder, Spark Media Solutions and Mike Johnson , CISO, Lyft . Our guest this week is Jeremiah Grossman (...
Jun 13, 2018•31 min
After tackling some dodgy audio issues, we have released the second episode of the CISO/Security Vendor Relationship podcast with our guest Kip Boyle ( @KipBoyle ), CEO of Cyber Risk Opportunities . Subscribe to Kip’s podcast . As always, the show is hosted by myself, David Spark ( @dspark ), Founder, Spark Media Solutions and Mike Johnson , CISO, Lyft . In this episode, “Security Vendors Buy Their First Pack of Condoms”: 10-second security tip. Amazon Alexa hacked or just a failure of the techn...
Jun 04, 2018•28 min
I’m proud and excited to announce the launch of the CISO/Security Vendor Relationship Podcast based on the series of articles and videos I produced that examine the relationship between security buyers and sellers. That series was heavily inspired by the writings, posts and insane engagement that Mike Johnson , CISO of Lyft , continues to drive on LinkedIn. And what’s even more awesome, Mike agreed to be my co-host! For our first episode, Mike and I invite Dwayne Melançon ( @ThatDwayne ), CTO, I...
Jun 01, 2018•30 min
