Allan is joined by Yaron Levi, CISO at Dolby, to talk about the SOC and why we are going about it all wrong. Allan and Yaron identify and examine the three main areas of concern: the data, the analyst, the analysis – and how to improve upon them. Lastly, Yaron shares his thoughts on what steps and approaches need to be taken in order to successfully accomplish the SOC’s goal. Key Takeaways: 01:35 Bio 02:36 What are we doing wrong in the SOC? 06:54 Hypothesizing 11:22 How much gets left out when ...
Jan 26, 2022•30 min•Season 1Ep. 54
Allan is joined by Rafal Los, industry innovator, strategist, and personality. His career spans 20+ years while working inside companies from the Fortune 10 to a firm of less than 10. Additionally, Rafal is a founder and host of the Down the Security Rabbithole Podcast - an industry podcast delivering a weekly take on cybersecurity since 2011. Join Allan and Rafal as they discuss cyber security centers of excellence, metrics, marketing and acceptance in this conversation between two friends. Key...
Jan 19, 2022•41 min•Season 1Ep. 53
Join Allan as he discusses investing in cybersecurity startups with the perfect guest for the subject: Kathy Wang, CISO at Very Good Security, investor at Silicon Valley CISO Investments, investor at Firebolt Ventures, and former founder as well! Allan and Kathy talk about investment goals, the process from start to finish, how to get started, the buy-in costs, returns, what to expect, partnering, etc. Join them as they dive into this fascinating topic: DISCLAIMER: NOBODY ON THIS SHOW IS A FINAN...
Jan 12, 2022•34 min•Season 1Ep. 52
In this special episode, Allan invites a few familiar voices back to the show, conducts a countdown of his Top 5 most popular shows, and reviews some of the most common guest responses. Lastly, Allan issues some important thank you's and shares a few comments and feedback from the listeners. Highlights: Top 3 guest answers to "What keeps you going in cybersecurity?" Top 3 guest answers to "What surprises you the most in cybersecurity?" Top 5 shows by download Visits from: Tim Rohrbaugh, CISO - J...
Jan 05, 2022•47 min•Season 1Ep. 51
Allan hosts a live podcast at the August, 2021 CISO XC event in the Dallas-Forth Worth area. He is joined by Chris Roberts, chief geek at Hillbilly Hit Squad, and Cecil Pineda, then head of the vICSO and GRC programs at Critical Start. The topic is Minimum Viable security, tactical frameworks, the challenges with large frameworks, and the challenges of competing frameworks. This show was recorded after happy hour and the audience and participants both imbibed. It's a rowdy show and features some...
Dec 22, 2021•45 min•Season 1Ep. 50
In this episode, Allan is joined by Marnie Wilking, CISO at Wayfair. Marnie has directed Information Security and multi-discipline Risk Management Programs for more than 15 years -- providing a unique set of skills and experience to manage operational risks and improve risk management among diverse businesses. Join Allan and Marnie as they define organizational resilience, discuss its goals and enablers, and analyze the COVID pandemic through its lens. Key Takeaways: 01:26 Bio 03:42 Organization...
Dec 15, 2021•34 min•Season 1Ep. 49
Welcome to another live show of the Cyber Ranch! Allan is joined by Dan Doggendorf, a creative cybersecurity leader with a passion for simplicity, efficiency, accountability, common sense, and honesty. The duo discusses the ins and outs of being a VCISO, how one walks the path and what the industry can do to make this role better. This show was conducted at the Cybersecurity Conference 9 (CSC 9) conducted by the North Texas Chapter of ISSA. All proceeds from the event went directly to scholarshi...
Dec 08, 2021•35 min•Season 1Ep. 48
This week, Allan is joined by Frederick Lee aka “Flee”, Chief Security Officer and Head of IT at Gusto, Jeff Man, host of Security & Compliance Weekly, and notorious infosec curmudgeon, and by Kat Valentine, Security and Compliance Weekly co-host. A few weeks ago Allan appeared on their show to discuss “GRC: ‘What?’ and ‘So What?’. In that episode, found here , they take a deep dive into GRC in terms of understanding is purpose and value. In this crossover episode, the group continues the conver...
Dec 01, 2021•43 min•Season 1Ep. 47
CISOs complain on social media about bad marketing – when they are targeted inappropriately, or with messages that don’t resonate, or with messages that outright lie. This week Allan Alford decides to hear from the other side, and invites his two favorite CMOs to the show. Julie O’Brien, CMO at AttackIQ, and Nathan Burke, CMO at Axonious, sit down with Allan to send a message to cyber security professionals about the vital role marketing plays in the industry, what is good marketing and bad mark...
Nov 24, 2021•39 min•Season 1Ep. 46
Brian Castagna (CISO at Seven Bridges - a genomics company) is a CISO with a proven track record of successfully building information security programs at cloud technology companies. He is on a mission to humanize the new work environment - our own home. Join Allan and Brian as they touch on transitioning from an office environment, both mentally and physically, hiring remotely, work/life balance and much more. Key Takeaways: 01:33 Bio 02:22 Remote work 03:00 Hiring a remote workforce 10:50 What...
Nov 17, 2021•30 min•Season 1Ep. 45
This week, Allan is joined by some serious heavy hitters in cyber. Richard Struse (Director for the Center for Threat-Informed Defense at MITRE Engenuity), Jonathan Baker (Director of Research & Development, Center for Threat-Informed Defense at MITRE Enginuity), and Jonathan Reiber (Sr. Director for Cybersecurity Strategy and Policy @ AttackIQ). The four are here to have a conversation about CISA's new BOD that outlines 290 key vulnerabilities that require focus, the coincidental mapping of the...
Nov 10, 2021•33 min•Season 1Ep. 44
Mustapha Kebbeh, CISO at Brinks and heavy-hitter in the Dallas/Fort Worth Cyber community, joins Allan again this week as they cover a topic Mustapha noted was absent so far in the series… Namely, “What is a day in the life of a CISO?” Mustapha and Allan get into details of what they do and don’t do, what their teams do and don’t do, what bits are boring, what bits are surprising, and what bits are the most fun. Join them as they talk about real situations and practical solutions while describin...
Nov 03, 2021•32 min•Season 1Ep. 43
Omar Khawaja is an experienced CISO with a strong technical background, who managed to find some very creative ways to manage his security program that go against his engineering instincts. Join Allan and Omar as they discuss why trust-based security is the more suitable option to have a fundamentally better security program and team. Hear why Omar and Allan believe that investing in people will pay far more dividends than the latest tech tool. And more importantly, gain some very practical and ...
Oct 27, 2021•35 min•Season 1Ep. 42
Allan is joined this week by Emilio Escobar, CISO at Data Dog and former VP of Information Security at Hulu. He is also a long-term developer of Ettercap, a comprehensive suite for man-in-the-middle attacks. Like many of us, Emilio started his journey in infosec as a hacker kid, exploring the world through modems and BBSs. Emilio is not a security vendor CISO, but is a CISO for a company that is in the supply chain for many other companies. He has to balance internal and external duties as a res...
Oct 20, 2021•31 min•Season 1Ep. 41
Allan is joined by Sounil Yu, one of cybersecurity's most well-known contributors. Sounil has a long history in cybersecurity, and is also the inventor of The Cyber Defense Matrix and the DIE Triad. Sounil and Allan discuss cyber resilience and contrast it with "antifragility", a notion introduced by Nassim Nicholas Taleb. Sounil argues that in cybersecurity, antifragility should be the goal, and not resilience. Antifragility allows for stronger data protection, as it does not just survive stres...
Oct 14, 2021•31 min•Season 1Ep. 40
Allan's guest this week is Erik Bloch. Erik Bloch is a cyber security leader, influencer, and pioneer. He currently sits as Senior Director of Detection and Response at Sprinklr, but has held many rolls in cybersecurity, including being a product manager for SIEM products more than once. This last point is relevant, because it makes it even more surprising that Erik is convinced that the SOC's utility has passed... Join Allan and Erik as they dive deep into why he thinks SOC is failing, the alte...
Oct 07, 2021•31 min•Season 1Ep. 39
Allan's guest is Samara Williams, Manager of Threat Operations at Cardinal Health, speaker, advocate and passionate member of the threat intelligence community. Samara broke into cyber via a rotational program, sampling many cyber jobs at many cyber companies in a short order - a fantastic start in cyber that turbocharged her maturity and experience. She quickly developed a passion for threat intelligence, and has worked in that space ever since. Join Samara and Allan for a deep dive into threat...
Sep 29, 2021•31 min•Ep. 38
This week, Allan is joined by Bryan Hurd. Bryan is a multi-talented cyber security professional who has founded and operated programs dating back to the early nineties. Currently Chief of Office for Stroz Friedberg (AON Cyber), he started his career in NCIS, founding the Navy’s first ever cyber counterintelligence program in 1993. Join Bryan and Allan for a masterclass on ransomware, incident response, and preparedness. Having both consulted on ransomware situations many times, they offer a weal...
Sep 22, 2021•41 min•Ep. 37
In this episode Allan interviews his friend Sameer Sait, former CISO at Amazon, Forcepoint and Arrow Electronics, who joins Allan for a discussion about WHY we measure risk. It is about more than just asking for money. (And who are you actually asking money from? Hint: It is not the Board). How does risk measurement change in the beginning of the CISO’s journey vs. later when the program is more mature? What is the goal of good risk metrics? What is the role of cyber insurance in all this? What ...
Sep 15, 2021•33 min•Ep. 36
Host Allan Alford interviews his friend Helen Patton, advisory CISO at Cisco, and former CISO at Ohio State University. Helen and Allan discuss the career path of the CISO – specifically what comes after the CISO role has been fulfilled - and how there is not a clear path defined for the post-CISO career. Allan and Helen discuss several models for post-CISO life that they themselves have explored, and that other CISO friends have as well, such as: shifting back and forth from CISO to vendor, shi...
Sep 08, 2021•30 min•Ep. 35
Allan is joined by George Finney, CSO at Southern Methodist University and author of the book Well Aware: Master the Nine Cybersecurity Habits to Protect Your Future. George’s mission is clear: unite the cybersecurity community through proven strategy, and help preserve and leverage the humanity within cybersecurity. He believes that the community as a whole under-plays the human role, and he and Allan discuss potential changes to the way we view security awareness training and the role of users...
Sep 01, 2021•28 min•Season 1Ep. 34
Host Allan Alford interviews Benjamin Corll, VP of Cybersecurity and Privacy at Coats, about security orchestration, automation, and response (SOAR). Bejamin and Allan critique SOAR's promises and premises, what else it could be doing, its pricing and overhead, and lack of standards as well. But it is not all negative - Benjamin does share stories as well of SOAR's successes in his shop, and of the things it does do well... Come on down the ranch and give this show a listen! Key Takeaways: 0:09 ...
Aug 25, 2021•29 min•Ep. 33
Host Allan Alford interviews guest James Azar, host of the CyberHub CISO Talk Podcast, and CISO in the financial services space. James and Allan discuss the techniques and approaches of the modern CISO, and contrast this with some of the older approaches of the job. James defines the cultural shift between the old and new as having taken place since September, 2017 (the Equifax breach). James and Allan discuss the impact on the team, business, clients, customers, and shares their thoughts and ex...
Aug 18, 2021•28 min•Ep. 32
In this, the very first LIVE episode, Allan Alford interviews guests Derly Gutierrez, Head of Information Security at 1010Data, Patrick Benoit, BISO at CBRE, and Mustapha Kebbeh, CISO at Brinks, as they discuss the use of security frameworks in general and over time. Regarding framework compliance, do we choose one or do we choose many? Do we embrace them fully or partially? What changes our approach to frameworks over time? Security strategies are explained throughout the episode, along with th...
Aug 11, 2021•31 min•Ep. 31
On this episode, Allan invites Marilise de Villiers, Founder and CEO at ROAR! Coaching & Consulting, to come on down to the ranch and discuss how to deal with toxic situations, how to overcome obstacles in the workplace, how to avoid burnout, and how to spot our own negative behaviors that interfere with our success. Marilise and Allan cover toxic workplaces and bosses, share personal stories, and discuss the internal mechanisms which allow external toxicity to harm us, as well as the internal b...
Aug 04, 2021•26 min•Ep. 30
In this episode, Allan interviews Greg Rogers, CISO at Legal & General America, about migrating legacy, monolithic, internally facing, manually tested, waterfall applications to Cloud, CI/CD with automation, customer-facing applications, all with modern development languages and environments. Greg migrated just about everything legacy to just about everything modern across a series of monolithic applications. In this episode he gives tips on the technical aspects of his journey, tools and techni...
Jul 28, 2021•28 min•Ep. 29
In this episode, Allan's friend Dr. Sam Small, CISO of Zero Fox, joins us to chat about credential stuffing, its implications and the defenses against it. Several statistics are given from a few industry reports on credential stuffing, including the Verizon DBIR and F5's report. Several techniques to foil credential stuffing are explored, as well as common traps when combatting credential stuffing. OWASP provides some guidance in this area. The criminal's abilities vis a vis breach sharing and b...
Jul 21, 2021•27 min•Ep. 28
On today’s episode with Allan, we talk “Ugly Exits” with Naomi Buckwalter, Director of Information Security. Of course, to start the episode, Naomi answers Allan’s question of how she got started in cyber. They circle back to the topic at hand, “Ugly Exits”. Under this umbrella are: being fired, laid off, "burning bridges", or being encouraged to leave in a "voluntary" manner. Allan shares statistics for some of these categories, including a substantial statistic on those who have been outright ...
Jul 14, 2021•30 min•Ep. 27
On today’s episode with Allan, we have Tim Rohrbaugh, CISO at JetBlue, here to talk about Agile methodology and how it can be applied to an entire security program. Tim got into cyber through the military. From the military he went into consulting and ended up at JetBlue. At JetBlue that he is always trying to find ways to invest dollars in security programs to balance what is going on. Along with that, he strives to keep his team motivated and moving forward. Agile is a software programming met...
Jul 07, 2021•26 min•Ep. 26
With us today is Christina Richmond program Vice President at IDC. She's an industry analyst, and she's here to talk to us all about the analyst lifestyle. Allan starts the episode asking Christina to share all about how she got into cyber and what her day job is like. Christina actually began by working in the storage space, and discovered security. To her it was like a drug. What does she do throughout her days? Partakes in hundreds and hundreds of calls with companies who need help with launc...
Jun 30, 2021•28 min•Ep. 25
