All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-proactive-security/ ) How proactive should we be about security? What's the value of threat intelligence vs. just having security programs in place with no knowledge of what attackers are trying to do? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @A...
Aug 15, 2019•29 min
All images and links for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-attck-matrix/ ) Is the ATT&CK Matrix the best model to build resiliency in your security team? What is the best way to take advantage of the ATT&CK framework and how do you square away conflicting data coming in from your tools. What can you trust and not trust? And is the disparity of results the fault of the tool, the user, or neither? Check out this post and this post for the discussion...
Aug 08, 2019•25 min
All images and links for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-hacker-culture/ ) The hacker community needs a new PR campaign. Far too many people equate hacker with criminal. But hacker is a mindset of how one approaches security. What is that approach and why are CISOs so attracted to hiring hackers? Check out this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and A...
Aug 01, 2019•25 min
All images and links for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-bad-best-practices/ ) All professionals like to glom onto "best practices." But in security, "best" practices may be bad out of the gate, become useless over time, or they're not necessarily appropriate for all situations. Stay tuned, we're about to expose some of the worst "best" practices. Check out this post for the discussion that is the basis of our conversation on this week’s episode...
Jul 25, 2019•24 min
All images and links are available on CISO Series ( https://cisoseries.com/defense-in-depth-cyber-harassment/ ) Whether a jilted lover or someone trying to wield their power over another, cyber harassment takes many forms and it doesn't stay in the digital world. It comes into our real world and gets very dangerous. What is it and how can it be thwarted? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creat...
Jul 18, 2019•24 min
Links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-ciso-series-one-year-review/) The CISO/Security Vendor Relationship Podcast is now more than a year old. On this episode, the hosts of both podcasts, reflect on the series and we respond to listeners critiques, raves, and opinions. Check out this post and this post for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and ...
Jun 25, 2019•28 min
All images and links for this episode available at CISO Series ( https://cisoseries.com/defense-in-depth-economics-of-data/) Do we understand the value of our data? Do our adversaries? And is the way we're protecting it making it too expensive for them to steal? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our sponsored guest for this episode ...
Jun 25, 2019•28 min
All links and images can be found on CISO Series ( https://cisoseries.com/defense-in-depth-tool-consolidation/ ) While cybersecurity professionals always want more tools, more often than not they're dealing with too many tools delivering identical services. The redundancy is causing confusion and more importantly, cost. Why should you pay for it? How does it happen and how do InfoSec leaders consolidate tools? Check out this post and discussion for the basis of our conversation on this week’s ep...
Jun 19, 2019•24 min
Links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-camry-security/ ) The Camry is not the fastest car, nor is it the sexiest. But, it is one of the most popular cars because it delivers the best value. When CISOs are looking for security products, are they also shopping for Camry's instead of "best of breed" Cadillacs? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @ds...
Jun 12, 2019•22 min
All links and images can be found on CISO Series ( https://cisoseries.com/defense-in-depth-amplifying-your-security-posture/) In security, you never have enough of anything. But the scarecest resource are dedicated security people. When you're running lean, what are some creative ways and techniques to improve overall security? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan...
Jun 04, 2019•27 min
All images and links for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-erp-security/ ) For most organizations, their ERP solution holds its crown jewels. Should custom and complex applications that trade such vital customer and corporate data be secured any differently? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlford...
May 30, 2019•22 min
All links and images from this episode can be found at CISO Series ( https://cisoseries.com/defense-in-depth-managing-obsolete-yet-business-critical-systems/ ) Obsolete systems that are critical to your business. They're abandoned, unpatchable and unmanaged. We've all got them, and often upgrading is not an option. What do you do? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Al...
May 22, 2019•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-cybersecurity-hiring/ ) Everyone needs more security talent, but what kind of talent, how specialized, and what kind of pressure is hiring requirements putting on security professionals? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our g...
May 16, 2019•26 min
Find images and links for this episode on CISO Series ( https://cisoseries.com/defense-in-depth-how-cisos-discover-new-solutions/ ) Are security professionals so burned out by aggressive cybersecurity marketing that they're giving up on discovering new and innovative solutions? What are the best ways for cyber professionals to discover new solutions? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator o...
May 09, 2019•29 min
Find all links and images from this episode on CISO Series ( https://cisoseries.com/defense-in-depth-is-the-cybersecurity-industry-solving-our-problems/ ) Is the cybersecurity industry solving our problems? We've got lots of new entrants. Are they doing anything new, or just doing the same thing slightly better? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @Allan...
May 01, 2019•30 min
This is a special episode of Defense in Depth being shared on this feed. Find the full post with links and images on the CISO Series site here ( https://cisoseries.com/defense-in-depth-vulnerability-management/ ) So many breaches happen through ports of known vulnerabilities. What is the organizational vulnerability in vulnerability management? Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the cr...
Apr 25, 2019•21 min
If you can't see all the show notes (with images and links) head here: https://cisoseries.com/defense-in-depth-privileged-access-management-pam/ Where does privileged access management (PAM) fit in the order of operations? Check out this post and discussion and this one for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our sponsored guest for this episode is Tim Keel...
Apr 17, 2019•25 min
Full post for this episode ( https://cisoseries.com/defense-in-depth-machine-learning-failures/ ) Is garbage in, garbage out the reason for machine learning failures? Or is there more to the equation? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest for this episode is Davi Ottenheimer ( @daviottenheimer ), product securi...
Apr 10, 2019•32 min
The full post (if you're not seeing links and images) can be found here ( https://cisoseries.com/defense-in-depth-software-fixing-hardware-problems/ ) As we have seen with the Boeing 737 MAX crashes, when software tries to fix hardware flaws, it can turn deadly. What are the security implications? Thanks to this week’s podcast sponsor, Unbound Tech Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of ...
Apr 04, 2019•23 min
To see all the notes and links for this episode, go here ( https://cisoseries.com/ defense-in-depth-tools-for-managing-3rd-party-risk / ) Are there any good tools that really help to manage third-party risk? Can tools alone solve this problem? What else is required? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest for thi...
Mar 28, 2019•25 min
Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest for this episode is Gary Hayslip ( @ghayslip ), CISO, Webroot . Thanks to this week’s podcast sponsor, Praetorian As a professional services company, Praetori...
Mar 21, 2019•27 min
Is the RSA Conference a must attend for security professionals? Or is it enough to "just be in San Francisco that week"? Check out this post and discussion for the basis of our conversation on this week's episode co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest for this episode is Tyson Martin , CISO for Lumber Liquidators . David Spark, producer of CISO Series, Tyson Martin, CISO, Lumber Liquidators, and Allan ...
Mar 14, 2019•30 min
If a company's brand and value is built on trust, then your security department is critical to building the value of the company. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest for this episode is Scott McCool ( @McCoolScott ), former CIO of Polycomm. Thanks to this week’s podcast sponsor, SpyCloud Learn more a...
Mar 07, 2019•26 min
Do companies who deliver "threat intelligence" deliver on that promise, or is there more the customer needs to bring to the table to be able to take action? Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our sponsored guest for this episode is Eric Murphy ( @_EricMurphy ), VP, security research, SpyCloud . Thanks to this...
Feb 27, 2019•21 min
Defense in Depth is available at CISOSeries.com . Is the "free to use" Secure Controls Framework the one meta-framework to rule them all? Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest is Tom Cornelius , founder and contributor of the Secure Controls Framework (SCF) ( @scf_support ). Thanks to this week’s podca...
Feb 21, 2019•25 min
Defense in Depth is available at CISOSeries.com . Is your own staff the greatest threat to the security of your company? On this episode of Defense in Depth we discuss protecting your business from itself. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest is Vijay Bolina ( @_jamesbaud_ ), CISO, Blackhawk Network ....
Feb 14, 2019•21 min
Defense in Depth is part of the CISO Series network, which can be found at CISOseries.com . Security for the business affects everyone and all departments. On this episode of Defense in Depth we discuss the values and difficulties of building an information security council. Check out this post and discussion for the basis of our conversation on this week's episode which is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel ....
Feb 07, 2019•24 min
Will the privacy outcry and new regulations limit companies’ abilities to do business, or will it span a whole new industry? We discuss building a business in the new age of privacy regulations on this week’s Defense in Depth . Chris Jordan, CEO, Fluency Security This episode of Defense in Depth is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our sponsored guest is Chris Jordan , CEO of Fluency Security . Thanks to th...
Jan 31, 2019•29 min
Defense in Depth is part of the CISO Series network which can be found at CISOSeries.com . What are the most important metrics to measure when building out your security program? One thing we learned on this episode is those metrics change, as your security program matures. This episode of Defense in Depth is co-hosted by me, David Spark ( @dspark ), the creator of CISO Series and Allan Alford ( @AllanAlfordinTX ), CISO at Mitel . Our guest is my co-host of the other show, Mike Johnson , CISO of...
Jan 23, 2019•24 min
Just a quick welcome message to this weekly show covering controversial and confusing topics in cybersecurity.
Jan 21, 2019•34 sec
