All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-salesforce-security/ Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you’re protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security we...
Jun 24, 2021•23 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-configuration-fails/ Why do we hear so many stories about incidents related to poor or misconfigured cloud services? Check out this post and this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn and our sponsored guest, Brendan O'Connor , CEO, AppOm...
Jun 17, 2021•25 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/starting-pay-for-cyber-staff/ What should an entry level cybersecurity person be paid? And what level of education and training should be expected of them? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Naomi Buckwalter ( @ineedmorecyber ), director of information security and IT at Beam Technolo...
Jun 10, 2021•30 min
All links and images for this episode can be found on CISO Series. https://cisoseries.com/fear-of-automation/ Why are security professionals so darn afraid of automation? We continue to hold on to the idea that people have to be integral in the real-time decision process to protect ourselves from the technology we deploy to protect us. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, and Steve Zalew...
Jun 03, 2021•24 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-hiring-talent-with-no-security-experience/ Should you look for the ideal candidate that has all the security talent you want, or should you find the right person and train them with the security talent you want. And if the latter, what is the right person to work in security who doesn't have security experience? Check out this post and this Twitter discussion for the basis for our conversati...
May 27, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-security-hygiene-for-software-development/ How do we improve the quality of our software? In the rush to be competitive, security has often taken a back seat to be first to market. What's the formula for fast and secure applications? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host, Geof...
May 20, 2021•26 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-do-you-know-about-your-data/ Do cybersecurity professionals even know what they're protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you're protecting? What can you do that you weren't able to do before? Check out this post for the basis for our conversation on this week’s episode which ...
May 13, 2021•26 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-do-startups-need-a-ciso/ Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, and guest co-host Jimmy Sande...
May 06, 2021•28 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-insider-risk/ By just doing their jobs, your employees are introducing risk to the business. They don't mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security's fault for not creating the right systems? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @...
Apr 29, 2021•29 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-whats-the-obsession-with-zero-trust/ Why is everyone obsessed with Zero Trust? Is it just a marketing ploy that vendors are using to sell their products? Or, is it truly a methodology that provides better security, especially in today's environment. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Serie...
Apr 22, 2021•29 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-mentoring/ Companies want security people with experience and they want to grow cybersecurity leaders. It's often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles. Check out this post for the basis for our conversation on this week’s episode w...
Apr 15, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-securing-the-super-bowl-and-other-huge-events/ How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city's New Year's Eve party? What are the unique considerations that come into play? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Geoff B...
Apr 08, 2021•30 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cybersecurity-isnt-that-difficult/ What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We've got the control frameworks, tools, and training that are predecessors didn't have. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), ...
Apr 01, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-cloud-security-myths/ The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Se...
Mar 25, 2021•28 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-what-is-securitys-mission/ What's the mission of your security program? Is it to proactively SECURE THE COMPANY against a compromise of the CONFIDENTIALITY, INTEGRITY, and AVAILABILITY, OR, is it to PROTECT THE COMPANY BRAND by effectively PREVENTing, DETECTING and RESPONDING to cyber-threats? These are the two options for security's mission that we discuss on this week's show. Check out thi...
Mar 18, 2021•26 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-vendor-cisos/ It's hard to be a CISO. But, what's it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn , and our sponsored guest...
Mar 11, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-much-log-data-do-you-need You're a CISO struggling with an influx of log data into your SIEM. What's the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of C...
Mar 04, 2021•25 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-should-finance-or-legal-mentor-cyber Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they're not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial offic...
Feb 25, 2021•25 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-data-destruction How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Shawn Bowen , CISO, Restaurant Brands International (RBI), and our spo...
Feb 18, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-to-make-cybersecurity-more-efficient/ You're a new CISO told to hold headcount even and find the resources to do 20% more work. We're already maxed out. So how do we do more? Coming up next we're getting smart and more efficient with security. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series,...
Feb 11, 2021•26 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-does-a-ciso-need-tech-skills Does a CISO need technical skills to be an effective cybersecurity leader? Many CISOs don't have them. Are they still effective and does it affect their ability to lead? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, and guest co-host Ben Sapiro , ( @ironfog ), CIS...
Feb 04, 2021•27 min
All links and images for this episode can be found on CISO Series https://cisoseries.com/defense-in-depth-how-do-you-know-if-youre-good-at-security/ What metrics or indicators signal to you that an organization is “good at security”? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn , and our guest Justin Berman ( @justinmberman ), former ...
Jan 28, 2021•26 min
All links and images for this episode can be found on CISO Series You're a new CISO at a new org given a headcount of ten to build a cybersecurity team. What's your strategy to build that team? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, guest co-host Steve Zalewski , Deputy CISO, Levis , and our guest JJ Agha ( @jaysquaredx2 ), CISO, Compass . Thanks to our podcast sponsor, Imperva Face it, yo...
Jan 21, 2021•32 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-are-our-data-protection-strategies-evolving/ ) As we're evolving from putting data on premises to the cloud, are our data protection strategies evolving as well? There are issues of securing data, knowing where it travels, and privacy implications of data. How are we handling all of that? Check out this post for the basis for our conversation on this week’s episode which features me, David...
Jan 14, 2021•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-should-cisos-be-licensed-professionals/ ) Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard? Check...
Jan 07, 2021•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/ ) Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspar...
Dec 17, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-imposter-syndrome/ ) For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there's an endless stream of threats and a landscape that changes without your knowledge? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-...
Dec 10, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-why-dont-more-companies-take-cybersecurity-seriously/ ) With every cybersecurity breach, we still don't seem to be getting through. Many companies don't seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, c...
Dec 03, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-data-protection-and-visibility/ ) Where is your data? Who's accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalf...
Nov 19, 2020•33 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-whats-an-entry-level-cybersecurity-job/ ) Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn . The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not...
Nov 12, 2020•28 min
