All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Sherron Burgess , CISO, BCD Travel . Thanks to our podcast sponsor, Votiro Can you tr...
Sep 08, 2022•35 min
All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Jack Kufahl , CISO, Michigan Medicine . Thank...
Sep 01, 2022•36 min
All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Evelin Biro ( @wolfsgame ), CISO, Alliant Credit Union . Thanks to our podcast sponsor, Qualys Qualys is ...
Aug 25, 2022•32 min
All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our sponsored guest is Dave Klein ( @cybercaffeinate ), director, cyber evangelist, Cymulate . Thanks to our po...
Aug 18, 2022•25 min
All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Jerich Beason , CISO, Commercial,...
Aug 11, 2022•28 min
All links and images for this episode can be found on CISO Series You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, ...
Aug 04, 2022•28 min
All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), t...
Jul 28, 2022•26 min
All links and images for this episode can be found on CISO Series Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Nick Shevelyov , former CSO, Silicon Valley Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can’t ...
Jul 21, 2022•32 min
All links and images for this episode can be found on CISO Series What’s your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Simon Goldsmith ( @cybergoldsmith ), director of information security, OVO Energy . Thanks to our ...
Jul 14, 2022•31 min
All links and images for this episode can be found on CISO Series Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn with...
Jul 07, 2022•30 min
All links and images for this episode can be found on CISO Series How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our sponsored guest is John Ayers (...
Jun 30, 2022•28 min
All links and images for this episode can be found on CISO Series Is it possible to position your security team as a profit center instead of the traditional cost center reporting to the CIO? Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Michael Weiss , CISO, Human Interest . Thanks to our podcast sponsor, Optiv The modern enterprise nee...
Jun 23, 2022•30 min
All links and images for this episode can be found on CISO Series For years we've been referring to malware protection as a cat and mouse game. The crooks come up with a new malware attack, and then the good guys figure out a way to stop it. And that keeps cycling over and over again. So where are we today with malware protection and is there any way to get ahead of the cycle? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-ho...
Jun 16, 2022•27 min
All links and images for this episode can be found on CISO Series We all know and have experienced bad security awareness training. People can learn, and should learn about being cyber aware. How do you build a security awareness training program that sticks? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn with our guest...
Jun 09, 2022•28 min
All links and images for this episode can be found on CISO Series You want to bring on entry level personal, But green employees, who are not well versed in security, IT, or your data introduce risk once they have access to it. What are ways to bring these people on while also managing risk? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap...
Jun 02, 2022•29 min
All links and images for this episode can be found on CISO Series Zero trust is a hollow buzzword. In any form of security, there exist critical points where we have to trust. What we need is a move away from implicit trust to explicit trust, or identity that can be verified. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn...
May 26, 2022•28 min
All links and images for this episode can be found on CISO Series Cyber professionals, who is responsible on your team for investigating new solutions? Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Nick Ryan , director of enterprise technology security and risk, Baker Tilly . Thanks to our podcast sponsor, Votiro Can you tr...
May 19, 2022•28 min
All links and images for this episode can be found on CISO Series In the cyber industry we pat each other on the back and give each other awards, all while the statistics for breaches appear to be worsening, Are we celebrating growing failure? Does the cyber industry suck? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn ...
May 12, 2022•34 min
All links and images for this episode can be found on CISO Series For some, the definition of zero trust has expanded from how we grant access to networks, applications, and data to how we trust individuals in the real world. Are we taking zero trust too far? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is...
May 05, 2022•30 min
All links and images for this episode can be found on CISO Series Developers and security professionals have been heavily sold on the concept of "shift left" or deal with security issues early in development rather bolting it on at the end. It all made logical sense, but now we've been doing it for a few years and has shift-left actually reduced application security concerns? Check out this post , this post , and this post for the discussions that are the basis of our conversation on this week’s...
Apr 28, 2022•33 min
All links and images for this episode can be found on CISO Series Do we have a Monitgue/Capulet rivalry between technical and compliance professionals? Why is this happening, and what can be done to improve it? Does it need to be improved? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Linda White , director of InfoSec, Axiom Medical . Tha...
Apr 21, 2022•29 min
All links and images for this episode can be found on CISO Series Why do we end up with so many bad security products? Who is to blame and how can we fight back an ecosystem that may be fostering subpar products? Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our sponsored guest is Haroon Meer ( @HaroonMeer ), founder...
Apr 14, 2022•32 min
All links and images for this episode can be found on CISO Series What are you doing to prepare for the next cyber disaster? You must train for it, because when it happens, and it will happen, everyone should know what they need to do. Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Roland Cloutier ( @CSOR...
Apr 07, 2022•28 min
All links and images for this episode can be found on CISO Series What if you didn't spend all your time patching vulnerabilities but instead created a security policy that prevented known vulnerabilities from being exploited. How doable is this solution of virtual patching? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Ody Lupescu , CISO...
Mar 31, 2022•30 min
All links and images for this episode can be found on CISO Series A 500+ person company doesn't have a security department. They need one and they need to convince the CEO they need one. How do you build a cybersecurity team and program from scratch? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Rishi Trip...
Mar 24, 2022•29 min
All links and images for this episode can be found on CISO Series "If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process? Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Brian Brushwood ( @shwo...
Mar 17, 2022•31 min
All links and images for this episode can be found on CISO Series Could you build a data-first security program? What would you do if you focused your security program on just the asset? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our sponsored guest is Brian Vecci ( @brianthevecci ), field CTO, Varonis . Thanks to our sponsor, Varonis On average, a...
Mar 10, 2022•33 min
All links and images for this episode can be found on CISO Series Offensive security or "hacking back" has always been seen as either unethical or illegal. But now, we're seeing a resurgence in offensive security solutions. Are we redefining the term, or are companies now "hacking back?" Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Steve Zalewski . Our guest is Eric ...
Mar 03, 2022•32 min
All links and images for this episode can be found on CISO Series A security professional announces a new position as CISO. As a vendor you see this as good timing to try a cold outreach to sell your product. Why do so many vendors think this is a good tactic, when in reality it’s exactly what you should not do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belk...
Feb 24, 2022•30 min
All links and images for this episode can be found on CISO Series How do you begin building a cyber security culture for the whole company? And more importantly, how do you maintain that? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series , and Geoff Belknap ( @geoffbelknap ), CISO, LinkedIn . Our guest is Mike Hanley ( @_mph4 ), CSO, GitHub . Thanks to our podcast sponsor, Anju...
Feb 17, 2022•27 min
