Cybersecurity practitioners give back to the community by recording Youtube videos, interviewing in magazines, or creating podcasts— just like this one. However, books remain a fantastic method of delivering info and impacting lives that shouldn’t be forgotten with the rise of social media. Allan tallied it up and thus far, nine of his friends have written books. He has been approached about writing one himself, and he wanted to get the inside track on the process. George Finney, CISO at SMU, an...
Aug 10, 2022•40 min•Transcript available on Metacast Drew Simonis, CISO at Juniper Networks, discusses the debate of doing more by doing less. So often in cybersecurity, practitioners think they have to do it all and view themselves as the smartest people in the room. The fact of the matter is that none of us are the smartest in the room and we have to learn to trust each other. Drew believes a collaborative, trusting environment will bring us to a place of doing less and seeing better results because of it. Timecoded Guide: [00:00] Introducing th...
Aug 03, 2022•37 min•Transcript available on Metacast Sonja Hammond, Vice President & CISO at National Veterinary Associates, brings her love of animals and more importantly her love for security basics down to the Ranch this week. The buzz around new cyber technology and security protocols can easily warp our perspective on what’s most important for CISOs. Sonja spends some time in this episode explaining why cybersecurity organizations instead need to focus on simple tech and strong security processes and training protocols. Timecoded Guide: [00:...
Jul 27, 2022•24 min•Transcript available on Metacast Adrian Sanabria, Director of Product Management at Tenchi Security, arrives at the Ranch this week to debunk cyber myths and expose industry lies. Using his background running Security Weekly Labs at Cyber Risk Alliance, Adrian explains the lack of cohesive product testing happening in the cyber world, and delves into the research he’s done to get to the bottom of cyber’s most elusive statistics. Do 60% of small businesses go out of business after a breach? Adrian has an answer that just might s...
Jul 20, 2022•46 min•Transcript available on Metacast Adam Stone, Chief Privacy Officer at TrustMAPP, brings his decades of security and privacy knowledge to the Ranch this week to talk about the disciplines of security and privacy. Where do they intersect? What makes security professionals and privacy professionals different? And, maybe most important of all: How can these two disciplines work together within an organization without being perceived as useless regulatory headaches? Timecoded Guide: [00:00] Comparing and contrasting security and pri...
Jul 13, 2022•33 min•Transcript available on Metacast Jerry Perullo, former CISO of the NYSE, former chairman of the board off the FS-ISAC, founder, professor, and host of the Life After CISO podcast, comes down to the Cyber Ranch to discuss the many roles he’s had throughout his career and the many highly unique opinions he has on the cyber industry. Together, Jerry and Allan break down what’s overrated in cybersecurity, from patching to dark web to vulnerability departments, and every detail and concept in between. Timecoded Guide: [01:53] Taking...
Jul 06, 2022•41 min•Transcript available on Metacast Tim Silverline, VP of Security at Gluware, joins host Allan Alford on the Ranch this week for a discussion about user awareness training and the latest and greatest (as well as not the greatest) methods around phishing simulations. Tim and Allan get into the nitty gritty of how your company can improve user awareness results through avoiding basic click-through models, considering advanced warning for certain training exercises, and understanding risk quantification when evaluating employee metr...
Jun 29, 2022•28 min•Ep 76•Transcript available on Metacast Allan invites a founder and an angel investor to the ranch this week to talk about how founders and angel investors really connect. Meet Sameer Sait, former CISO at Amazon Whole Foods and now founder of BalkanID, and John Stewart, former CISO at Cisco and investor at Talons Ventures. Together, these gentlemen offer a lot about both sides of the investment story, from evaluation to the decision to work together, and what a mutually beneficial founder and angel investor relationship looks like. Ti...
Jun 22, 2022•27 min•Transcript available on Metacast “When people come to Security and tell you everything they are doing, that’s a real win.” - James Allan-McLean Allan is joined by James Allan-McLean, Group CISO at Soletanche Freyssinet and former Information Security Manager within the British military, to talk about his ‘Open Door Security’ method and the benefits of transparent, no-strings-attached approach to security. In this episode, Allan and James take a deep dive into this methodology and address questions such as: -What is Open Door Se...
Jun 15, 2022•26 min•Ep 74•Transcript available on Metacast Allan is joined by Chris Hughes, CISO & Co-founder at Aquia and adjunct professor at UMGC, to talk about all things DevSecOps (Development, Security and Operations). They explore the DevSecOps phrase itself, as well as why security should be treated as an integral component and not a separate entity. In this episode, Allan and Chris take a deep dive into the subject and bring clarity to questions, such as: -What roles help achieve security in DevOps? -What are the cultural barriers to implementi...
Jun 08, 2022•29 min•Transcript available on Metacast Andy Ellis, CISO at Orca Security, is back for part 2 of this series on Board Reporting Metrics. In Episode 1, Andy and host Allan Alford addressed some of the most common questions posed by the board and shared their perspective on what the board needs to know from a cybersecurity standpoint. In this episode, they continue the conversation by fielding questions from LinkedIn on topics such as: -Vulnerability and threat hunting metrics -Top 3 metrics to report to the board and why -Breach report...
Jun 01, 2022•44 min•Transcript available on Metacast In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some...
May 25, 2022•54 min•Transcript available on Metacast “Having a seat at the table doesn’t mean getting your way all the time. It means having a seat and I think that is very important to understand.” - Brent Deterding In this episode, Allan is joined by the CISO at Afni, Brent Deterding, to explore how CISOs can earn and keep their seat at the executive table. Brent was a fan of the Learned Helplessness episode of The Cyber Ranch Podcast with Steve Mancini, and furthered the conversation as it relates to the often espoused topic of CISOs needing a ...
May 18, 2022•32 min•Transcript available on Metacast “Knowing what’s in your software, in your organization, can help you quickly determine if you are impacted by a new vulnerability.” - Chris Castaldo In this episode, Allan is joined by author and CISO, Chris Castaldo, to share his knowledge on Software Bills of Materials (SBOMs) and their potential implications and use. Chris explains the concept and purpose of SBOMs, his tips for signing and securing SBOMs in terms of the CI/CD pipeline, and his thoughts on SBOMs being a roadmap for “bad guys.”...
May 11, 2022•26 min•Transcript available on Metacast What would you do if you could build your security program from scratch? In this episode, Allan is joined by the Head of Security at Fleet, Guillaume Ross, to talk about his time building out an innovative and out-of-the-box security program and the steps he took to make it all happen. Guillaume walks us through how he developed and maintained a serverless, container based environment, his tips for securing PCs and Macs within a serverless environment, and how to establish department and busines...
May 04, 2022•34 min•Transcript available on Metacast What are the security implications of cryptocurrency and NFTs and what do we need to know in order to transact safely? In this episode, Allan is joined by the Chief Security Officer at Kraken, Nick Percoco, to talk about securing the cryptocurrency and NFT spaces. Allan and Nick reflect on the events of the Mt. Gox bitcoin breach of 2013, address some of the most common misconceptions about crypto assets, and explore the biggest security challenges users and retail investors face when navigating...
Apr 27, 2022•29 min•Transcript available on Metacast Allan is joined by the Vice President of Security at Code42, Tommy Todd, to talk about how the tech stack can “play well with others”. In this episode, Tommy takes a deep dive into exploring how APIs and automation can help solve our needs in cybersecurity – from incident response to the tech stack. The two discuss how to evaluate security products during a Proof Of Concept (POC) for integration capabilities and tips on addressing ROI concerns. Guest Bio: Tommy Todd has over 20 years of cybersec...
Apr 20, 2022•33 min•Transcript available on Metacast Allan is joined by the founder and CEO of Living Security, Ashley Rose, to speak about her experiences as a female entrepreneur and leader in a male dominated industry. She details the story behind her non-traditional route into cybersecurity and how she leverages her unique skills and vision to disrupt and transform the community. Ashley shares how she overcomes bias and business challenges in the field as well as the inspiration behind her creative marketing strategies. Lastly, the two highlig...
Apr 13, 2022•27 min•Transcript available on Metacast This episode of the Cyber Ranch Podcast was recorded LIVE on stage at the CISO 360 Conference in New York City, hosted by Pulse Conferences. Nick Vigier, a seasoned CISO and former CIO, joins Allan in addressing the elephant in the room: Why don’t CISOs and CIOs don’t get along? Nick draws on his experience in both positions to share his unique perspective on the CISO and CIO relationship. In this episode, Allan and Nick highlight the operating differences between the two positions and explore t...
Apr 06, 2022•27 min•Transcript available on Metacast This topic couldn’t be more relevant given recent events in the security community. Allan Alford is joined by Steve Mancini, CISO at Eclypsium, to have a refreshing conversation about the negative messaging, thinking, and tropes in cybersecurity - not just the stuff that the press says about us, or even the stuff we say about each other - but the self-defeating stuff we think and say to ourselves. Steve addresses the reinforcement of negative catchphrases and how it affects the psyche of the com...
Mar 30, 2022•39 min•Transcript available on Metacast There are numerous personality tests available to help identify personality traits, but many of them have very little scientific validity or reliability. Such tests often aspire to explain what you are good at and what you are bad at, and miss the mark. In this episode, Allan is joined by his friend and owner of Rising Tide Security, Nick Vigier, to explore CliftonStrengths – a personality measurement that focuses less on ability, and more upon your predilections - what energizes you, and what a...
Mar 23, 2022•43 min•Transcript available on Metacast In the episode, Allan is joined by the Principal at Teknion Data Solutions, Paola Saibene, to bring clarity to an often misunderstood topic: data governance. Paola helps to distinguish the difference between data governance and data management, examines the intersection between data ethics and cybersecurity, and explores the best methodology for applying risk frameworks. Lastly, she takes time to express the importance of being people focused and “humanizing” cybersecurity. Guest Bio: Paola Saib...
Mar 16, 2022•30 min•Transcript available on Metacast With a looming skills/people gap in cybersecurity and retention at an all time low, it begs the question: Where is everyone? In this episode, Allan Alford and guest Jessie Bolton sit down to discuss the elusive “Great Resignation” and how it is affecting the cybersecurity community. Tune in to get the answers to the questions we are all asking ourselves, like: why are people resigning, how has the pandemic shifted our perspectives on work and boundary setting, how is the “great resignation” impa...
Mar 09, 2022•29 min•Transcript available on Metacast In this episode, Allan is joined by the President at National Security Corporation, Navy veteran, and host of the CISO Tradecraft podcast, G. Mark Hardy. This show takes a fascinating dive into the origins of data risk management, measurement, and quantification. G Mark explores the stories and advice given from some of the greatest leaders in this space – whose advice still rings true today. Key Takeaways: 01:52 G Mark’s bio 06:43 FIPS-65 - the “grandaddy” of risk management 11:34 The ALE metho...
Mar 02, 2022•41 min•Transcript available on Metacast In this episode of The Cyber Ranch Podcast, Allan is joined by the CISO at Real Time Resolutions, Randy Potts. The two sit down to have a refreshing and raw conversation about the caretaking, responsibility, and code of ethics for CISOs - or lack thereof, and how to get back in touch with our “why” and mission. Disclaimer: This episode briefly mentions pornography and gambling within an important and relevant context, and has therefore been categorized as explicit. Key Takeaways: 01:43 Randy’s b...
Feb 23, 2022•33 min•Ep 58•Transcript available on Metacast In this episode, Allan is joined by David Belanger, CISO at Maxor National Pharmacy, to talk about the challenges of breaking into cybersecurity. David discusses the importance of establishing mentor/mentee relationships in the community, why building a personal brand and expanding your network is a must when finding work, and tips for newcomers looking to break into the field. Lastly, the two touch on the power of visualization and staying humble throughout your career journey. Key Takeaways: 0...
Feb 16, 2022•35 min•Transcript available on Metacast In this episode, Allan invites Mark Butler, an Advisory CISO at TRACE3, to talk about tech stack rationalization and how to get the most out of your technology investment. Mark shares advice on everything from how to properly analyze, identify, and consolidate your tools, both in the stack and cloud environment, to coaching your application specialists on embracing change. Key Takeaways 01:10 Bio 02:36 What is tech stack rationalization? 03:46 Where to get started 06:20 Evaluation - a 3 prong ap...
Feb 09, 2022•37 min•Transcript available on Metacast In this episode, Allan is joined LIVE on stage at FutureCon Dallas 2022 by U.S Bank Senior Cloud Penetration Tester, co-author of The Pen Tester Blueprint, podcast host, and college instructor, Phillip Wylie. Phillip journeys into his past to share how he went from pro wrestler to pentester, gives writing advice to future authors in the field, explores the art of pentesting, and the best starter certifications for pentesters. Lastly, Phillip explores the best advice he’s ever received and the da...
Feb 02, 2022•47 min•Transcript available on Metacast Allan is joined by Yaron Levi, CISO at Dolby, to talk about the SOC and why we are going about it all wrong. Allan and Yaron identify and examine the three main areas of concern: the data, the analyst, the analysis – and how to improve upon them. Lastly, Yaron shares his thoughts on what steps and approaches need to be taken in order to successfully accomplish the SOC’s goal. Key Takeaways: 01:35 Bio 02:36 What are we doing wrong in the SOC? 06:54 Hypothesizing 11:22 How much gets left out when ...
Jan 26, 2022•30 min•Transcript available on Metacast Allan is joined by Rafal Los, industry innovator, strategist, and personality. His career spans 20+ years while working inside companies from the Fortune 10 to a firm of less than 10. Additionally, Rafal is a founder and host of the Down the Security Rabbithole Podcast - an industry podcast delivering a weekly take on cybersecurity since 2011. Join Allan and Rafal as they discuss cyber security centers of excellence, metrics, marketing and acceptance in this conversation between two friends. Key...
Jan 19, 2022•41 min•Transcript available on Metacast 
