All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth:-internet-of-things/ ) When Internet of Things or IoT devices first came onto the market, security wasn't even a thought, let alone an afterthought. Now we're flooded with devices with no security and their openness and connectivity are being used to launch malicious attacks. What are methods to secure environments today and how should these IoT devices being secured in the future? Check o...
Apr 02, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-is-governance-the-most-important-part-of-grc ) Your policy should rarely change. But your ability to achieve that policy is found in procedures or governance that should inform, steer, and guide your team. Those procedures should change often and others should follow. Are they? Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford....
Mar 26, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-who-should-the-ciso-report-to/ ) Who should the CISO report to? What factors determine that decision? And why is that single decision so critical to a company's overall security? Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Yaron Levi ( @0xL3v1 ) CISO, Blue Cross Blue Shield of Kansas City . Our guest is Gary Harbiso...
Mar 19, 2020•25 min
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-hybrid-cloud/) The consistency of your security program becomes a challenge once you introduce the cloud. Controls and visibility are not necessarily transferable. How do you maintain the control you want in a hybrid environment? Check out this post for the basis for our conversation on this week’s episode which features me, special guest co-host Taylor Lehmann ( @BostonCyberGuy ), vp, CISO...
Mar 12, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-ciso-tenure/ ) The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), producer of CISO Series and guest co-host Gary Hayslip ( @ghayslip ), CISO, Softbank Invest...
Mar 05, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-toxic-security-teams/ ) There's an endless number of variables that contribute to creating a toxic security teams. How does it happen, and what are ways to manage and eradicate the toxicity? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), producer of CISO Series and Allan Alford ( @AllanAlfordinTX ). ...
Feb 27, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-personality-tests-in-the-workplace/ ) As a cybersecurity leader, should you use personality tests for hiring and managing a team? Does it create diversity, understanding of communication styles, or does it just create more conflict? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), producer of CISO Seri...
Feb 20, 2020•23 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-lack-of-diversity-in-cybersecurity/ ) Cybersecurity teams are notoriously not diverse. At the same time we keep hearing and talking about the need for diversity. Is it critical? Can you be just as successful without it? Check out this Twitter feed for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO S...
Feb 13, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-when-are-cisos-responsible-for-breaches/ ) When is a CISO responsible for a breach or cyber incident? Should they be disciplined, fired, or let go with an attractive payout? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our guest...
Feb 06, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-post-breach-desperation-and-salary-negotiations/ ) A data breach usually spells financial and reputational disaster. But such an event can also be an opportunity for a security professional to capitalize. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford ...
Jan 30, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-presenting-to-the-board/ ) What metrics, reports, or strategies should a security professional utilize to communicate the value to the board? Or is the mode of "presenting to the board" a damaged approach? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford...
Jan 23, 2020•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-the-iran-cybersecurity-threat/ ) The Iran conflict has threatened new retaliations and we don't know where they're going to come from. Cyber retaliation is a real possibility. Who's being threatened and how should we prepare? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Ser...
Jan 16, 2020•26 min
Links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-building-a-fully-remote-security-team/ ) Could you be successful with a fully virtual InfoSec team? Many say it can't be done, while some have actually done it and been successful. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our gu...
Jan 09, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-account-takeover/ ) An account takeover traditionally follows a methodical path that takes considerable time before anything bad happens. Is it worth a company's time and effort to be monitoring a potential account takeover at the earliest stages? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), th...
Dec 19, 2019•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-ux-in-cybersecurity/ ) Security products and programs may be functional and work correctly, but are they usable in the sense that it fits into the work patterns of our users? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our gues...
Dec 12, 2019•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-infosec-trends-for-2020/ ) We're coming to the end of the year and that means it's time to make our predictions for 2020. Mark this episode and check back in one year to see how we did. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX )...
Dec 05, 2019•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-cybersecurity-readiness-as-hiring-criteria/ ) What if every candidate interviewed was tested on their cybersecurity competency? How would that affect hiring and how would that affect your company's security? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alfor...
Nov 21, 2019•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-cybersecurity-and-the-media/ ) Cybersecurity and the media. It rides the line between providing valuable information and feeding the FUD cycle. What's the media's role? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our guest for t...
Nov 14, 2019•30 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-the-cloud-and-shared-security/ ) When your business enters the cloud, you are transferring risk, but also adding new risk. How do you deal with sharing your security obligations with cloud vendors? Check out this LinkedIn post for the basis of this show's conversation on shared responsibility of security with a digital transformation to the cloud. This episode is co-hosted by me, David Spa...
Nov 07, 2019•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-is-product-security-improving/ ) We've been at this cybersecurity thing for a long time. Are products improving their security? A recent study says they aren't. Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products. This episode is co-hosted by me, David Spark ( ...
Oct 31, 2019•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-best-starting-security-framework/ ) If you were building a security program from scratch, which many of our listeners have done, which framework would be your starting point? Check out this post initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?" That co...
Oct 24, 2019•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-cyber-defense-matrix/ ) A simple way to visualize your entire security program and all the tools that support it. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our guest for this episode is Sounil Yu ( @sounilyu ), creator of the ...
Oct 17, 2019•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-user-centric-security/ ) How can software and our security programs better be architected to get users involved? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our sponsored guest for this episode is Adrian Ludwig , CISO, Atlassian...
Oct 10, 2019•29 min
All links and images from this episode can be found at CISO Series ( https://cisoseries.com/defense-in-depth-securing-the-new-internet/ ) If you could re-invent the entire Internet, starting all over again with security in mind, what would you do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our guest for this episode, Davi Ottenhimer ...
Oct 03, 2019•32 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-resiliency/ ) How fortified is the business to withstand cyberattacks? Can it absorb the impact of the inevitable hits? Would understanding the business' level of resilience provide the appropriate guidance for our security program? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CI...
Sep 26, 2019•26 min
All images and links for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-ransomware/ ) Why is Ransomware so prevalent? Why are so many getting caught in its net? And what are some of the best tactics to stop its scourge? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our sponsored guest for this episode...
Sep 19, 2019•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-top-ciso-communication-issues/ ) Understanding risk. Communicating with the board. Getting others to understand and care about security. What is the most vexing cybersecurity issue for a CISO? Check out this post by Kate Fazzini , cybersecurity reporter for CNBC, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the cr...
Sep 12, 2019•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-cybersecurity-excuses/ ) "I've got all the security I need." "I'm not a target for hackers." These are just a few of the many rationalizations companies make when they're in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond? Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversati...
Sep 05, 2019•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-employee-hacking/ ) A cyber professional needs their staff, non-IT workers, and the board to take certain actions to achieve the goals of their security program. Should a CISO use the hacking mindset on their own people? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series an...
Aug 29, 2019•26 min
100% Security. A great idea that's impossible to achieve. Regardless, CEOs are still asking for it. How should security people respond and we'll discuss the philosophical implications of 100% security. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our guest for this episode is Rich Friedberg ( @richf321 ), CISO, Blackbaud . Thanks to th...
Aug 22, 2019•25 min
