All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-securing-digital-transformations/ ) Digital transformation. It's definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized. Check out this post for the basis for our conversation on this week’s episode which features me, David Sp...
Oct 29, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-leaked-secrets-in-code-repositories/ ) Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What's their danger? And how can they be found and removed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series...
Oct 22, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/ ) How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark...
Oct 15, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/ ) Privacy is an uphill battle. The problem is those gathering the data aren't the ones tasked with protecting the privacy of those users for whom that data represents. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and o...
Oct 08, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-legal-protection-for-cisos/ ) What's the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk? Check out this post for the basis for our conversation on this week’s episode which features me, David Sp...
Oct 01, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-xdr-extended-detection-and-response/ ) Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what's going on in your environment. Check out this post for the basis for ...
Sep 24, 2020•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-calling-users-stupid/ ) Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn't foster a stronger security culture. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( ...
Sep 17, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-is-college-necessary-for-a-job-in-cybersecurity/ ) Where is the best education for our cyber staff of the future? Where does college fit in or not fit in? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and our guest Dan Walsh , CISO, Rally Health . ...
Sep 10, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-when-red-teams-break-down/ ) What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it's not closed? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalford...
Sep 03, 2020•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-what-cyber-pro-are-you-trying-to-hire/ ) Do companies hiring cybersecurity talent even know what they want? More and more we see management jobs asking for engineering skills, and even CISO jobs with coding requirements. What's breaking down? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co...
Aug 27, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-junior-cyber-people/ ) There are so few jobs available for junior cybersecurity professionals. Are these cyber beginners not valued? Or are we as managers not creating the right roles for them to improve our own security? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( ...
Aug 20, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-trusting-security-vendor-claims/ ) Do security vendors deliver on their claims and heck, are they even explaining what they do clearly so CISOs actually know what they're buying? Check out this post and the Valimail survey for the basis of our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), ...
Aug 13, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-how-vendors-should-approach-cisos/ ) "How do I approach a CISO?" It's the most common question I get from security vendors. In fact, I have another podcast dedicated to this very question. But now we're going to tackle it on this show. Check out this post for the basis of our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Al...
Aug 06, 2020•30 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-secure-access/ ) What is the Holy Grail of secure access? There are many options, all of which are being strained by our new work from home model. Are we currently at the max? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CISO Series and Allan Alford ( @AllanAlfordinTX ). Our spo...
Jul 30, 2020•23 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-infosec-fatigue/ ) Have we reached peak InfoSec fatigue? Revolving CISOs and endless cyber recruitment OR the fact that we're spending more money to reduce even greater risk. Is it all leaving our grasp? Check out this post for the basis of our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ),...
Jul 23, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-securing-a-cloud-migration/ ) You're migrating to the cloud. When did you develop your security plan? Before, during, or after? How aware are you and the board of the cloud's new security implications? Does your team even know how to apply security controls to the cloud? Check out this post for the basis of our conversation on this week’s episode which features me, David Spark ( @dspark ),...
Jul 16, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-api-security/ ) APIs are gateways in and out of our kingdom and thus they're also great access points for malicious hackers. How the heck do we secure them without overwhelming ourselves? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and sponsored ...
Jul 09, 2020•23 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-shared-threat-intelligence/ ) We all know that shared intelligence has value, yet we're reticent to share our threat intelligence. What prevents us from doing it and what more could we know if shared threat intelligence was mandated? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host All...
Jul 02, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-drudgery-of-cybercrime/ ) Why does the press persist on referring to all cyber breaches as sophisticated attacks? Is it to make the victim look less weak, or do they simply not know the tedium that's involved in cybercrime? Check out this post by Brian Krebs for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-hos...
Jun 25, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-security-budgets/ ) How do you calculate a security budget? Is it a percentage of the IT budget? Something else? And why does it grow so drastically after a breach? Thanks to this week's podcast sponsor, IronNet Cybersecurity. To combat sophisticated cyber threats, companies are increasingly adopting collective defense strategies to actively share intelligence with peer organizations to im...
Jun 18, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-role-of-the-biso/ ) What is a business information security officer or BISO? Do you need one? Is it just an extension of the CISO or is it simply taking on the business aspect of the CISO role? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and gues...
Jun 11, 2020•29 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-shared-accounts/ ) As bad as all security professionals know, shared accounts are a fact in the business world. They still linger, and from an operational standpoint they're hard to secure and get accountability. Why are they still around and what can be done about them? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark )...
Jun 04, 2020•26 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-bug-bounties/ ) What is the successful formula for a bug bounty program? Should it be run internally, by a third party, or should you open it up to the public? Or, maybe a mixture of everything? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and gue...
May 28, 2020•30 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-data-classification/ ) The more data we horde, the less useful any of it becomes, and the more risk we carry. If we got rid of data, we could reduce risk. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), and guest Nina Wyatt , CISO, Sunflower Bank . T...
May 21, 2020•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-prevention-vs-detection-and-containment/ ) We agree that preventing a cyber attack is better than detection and containment. Then why is the overwhelming majority of us doing detection and containment? Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfordintx ), ...
May 14, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-asset-valuation/ ) What's the value of your assets? Do you even understand what they are to you or to a criminal looking to steal them? Do those assets become more valuable once you understand the damage they can cause? Check out this post for the basis for our conversation on this week’s episode which features me and Allan Alford. Our guest is Bobby Ford , global CISO, Unilever . Thanks t...
May 07, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-devsecops/ ) We know that security plays a role in DevOps, but we've been having a hard time inserting ourselves in the conversation and in the process. How can we get the two sides of developers and security to better understand and appreciate each other? Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, Davi...
Apr 30, 2020•27 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-fix-security-problems-with-what-youve-got/ ) Stop buying security products. You probably have enough. You're just not using them to their full potential. Dig into what you've got and build your security program. Check out this post for the basis for our conversation on this week’s episode which features me, David Spark ( @dspark ), producer of CISO Series, co-host Allan Alford ( @allanalfo...
Apr 23, 2020•28 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-should-risk-lead-grc/ ) Defining risk for the business. Is that where a governance, risk, and compliance effort should begin? How does risk inform the other two, or does calculating risk take too long that you can't start with it? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the producer of CIS...
Apr 16, 2020•25 min
All links and images for this episode can be found on CISO Series ( https://cisoseries.com/defense-in-depth-responsible-disclosure/ ) Security researchers and hackers find vulnerabilities. What's their responsibility in disclosure? What about the vendors when they hear the vulnerabilities? And do journalists have to adhere to the same timelines? Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark ( @dspark ), the produc...
Apr 09, 2020•25 min
