Howdy, y’all, and welcome to The Cyber Ranch Podcast! Joining Allan this week is Ron Nissim, CEO @ Entitle. Yes, this is one of our rare shows with a vendor as a guest. Why? Because in this case, the vendor was more highly informed than any of Allan’s practitioner friends he was able to query about the subject. And what is that subject? Permissions Management. One that we’ve never done a deep dive into on this show, and one that’s overdue. So without further ado, enjoy hearing Ron chat with Alla...
Sep 27, 2023•31 min•Ep 142•Transcript available on Metacast Allan is joined by AJ Grotto: William J. Perry International Security Fellow and Founding Director of the Program on Geopolitics, Technology and Governance at Stanford University. He also serves as the faculty lead for the cyber policy specialization that the university offers through its master's in international policy program . He’s also a visiting fellow at the Hoover Institution. He’s talking with me today about Cybersecurity spend vs. cybersecurity efficacy. AJ, thanks so much for coming o...
Sep 20, 2023•42 min•Transcript available on Metacast Warning: Some naughty language in this show, but well placed naughty language! Challenge issued!!!! Allan has teamed up with TWO other podcasts to take on the insufferable marketing that floods the cybersecurity industry in the month of October! Who among you will win??? Win? That's right! Allan, along with George K and George A from Bare Knuckles & Brass Tacks joins forces with Aaron Pritz and Cody Rivers of Simply Solving Cyber! Together, this trifecta weighs in on the October bonanza that...
Sep 13, 2023•38 min•Ep 140•Transcript available on Metacast Nearly 43% of cyber-attacks are on small businesses. 82% of ransomware attacks were targeted at companies with less than 1000 employees. 61% of SMBs were the target of a Cyberattack in 2021. 37% of companies hit by ransomware had fewer than 100 employees. And yet... 36% of small businesses have no concern whatsoever about cyberattacks. Another 59% of small business owners who have no cybersecurity believe that their company is too minuscule to be targeted. 47% of businesses that have less than 5...
Sep 07, 2023•37 min•Transcript available on Metacast You know you're being watched, right? Imagine for some reason you needed to bury a treasure where nobody would ever find it. In today's society, how could you even do that? How can you get from Point A to Point B without being observed or tracked in some way? Did you know that you can be listened to through smart lightbulbs? This episode features the infamous and always gracious Chris Roberts, back again on the 'Ranch during this LIVE! recording from the HIP Global 2023 conference in NYC. Chris ...
Aug 30, 2023•32 min•Ep 138•Transcript available on Metacast In this LIVE! show at Black Hat, Allan and his friend George Finney (recurring guest, CISO @ SMU, multi-times author and CEO of Well Aware Security) discuss cybersecurity in popular culture. They talk about the impact on real-world cybersecurity practices of such non-fiction gems as Clifford Stoll's book The Cuckoo's Egg and such cheesy fictional accounts as the movie Swordfish. It might have made you grown, but it might have inspired you and others. It might have represented what we do well eno...
Aug 23, 2023•32 min•Transcript available on Metacast Did you miss Black Hat this year? Well you won't miss the great conversations that were had, as Allan captured so many good ones for this special Black Hat retrospective episode. Did you get to attend Black Hat this year? See if your experience was as amazing as Allan's! This show is LIVE and untarnished. It's the real Black Hat experience! In this episode, Allan talks to (in alphabetical order, with timestamps): 1:02 - Dani Woolf, Founder & CEO at Audience 1st 3:06 - Daniel Blackford, Manag...
Aug 16, 2023•35 min•Transcript available on Metacast A brief thank you to our listeners and a request for feedback on the show. We'll catch y'all next week!
Aug 09, 2023•45 sec•Transcript available on Metacast The OpenSSF is doing invaulable work for the cybersecurity community. And their new managing director happens to be Omkhar Arasaratnam, whose appearance on the show a while back created one of our most popular episodes ever! Omkhar is back to talk about the OpenSSF: What is the OpenSSF and how does it relate to the Linux Foundation? What is the organization's mission? What is the organization's vision? What exciting projects are taking place (and a sneak peek about some upcoming announcements at...
Aug 02, 2023•32 min•Ep 134•Transcript available on Metacast Cloud security remediation can be a daunting task that impacts Dev, Sec and Ops teams all. And it can be a huge, manual, pain in the... You get the idea. But there are techniques to navigate it and to overcome many of the common traps and hurdles. Tunde Oni-Daniel is a grizzled veteran in our industry who has managed to maintain his enthusiasm, passion and energy for the job. Tunde is an expert on cloud remediation and together he and Allan discuss: Cloud lifecycle Challenges when findings happe...
Jul 26, 2023•32 min•Ep 133•Transcript available on Metacast In this episode, Allan and Drew tackle and interesting subject that was suggested by Drew and that Allan posted for the LinkedIn community to gather around: things we believe in cybersecurity that we cannot prove. The LinkedIn conversation was phenomenal, and Drew and Allan do a great job of summarizing it and calling out the underpinnings behind much of what we believe in this industry. Questions Allan asks Drew: What inspired this topic? What were some of your favorites from the LinkedIn threa...
Jul 19, 2023•41 min•Transcript available on Metacast Kate is a legend in our industry, is a multiple times board member herself as well as having reported to boards in a wide variety of roles. She is currently Chief Trust Officer at Aon. Allan and Kate have intended to get her down to The Cyber Ranch for some time, but the stars finally aligned in this fantastic episode jam-packed with great advice. Do please forgive the sound quality on this one. It was recorded on the road, and the conversation was too amazing to re-record despite the quality is...
Jul 12, 2023•34 min•Transcript available on Metacast This week Allan flies solo and tackles a variety of questions that came in from LinkedIn - including his origin story. Allan tackles the following questions: How does a CISO protect themselves from prosecution? How does one get value from a cybersecurity assessment? How should one pick a cybersecurity solution or company? How do you "disconnect" from cybersecurity? How to start and sustain a cybersecurity podcast - why and why not? Allan's orgin story Allan argues with himself over two issues NO...
Jul 06, 2023•30 min•Transcript available on Metacast The MOVEit breach has been top of mind, especially with Solar Winds and Colonial Pipeline and log4j and all the others having been so recent. It is easy to blame the victims. It is easy to make excuses that nobody can defend against a Zero Day. There are a lot of easy responses to these kinds of affairs. But what Allan and Anne Marie Zettlemoyer get into in this episode is a variety of questions around the assumptions: Start with a quick summary of the MOVEit exploit and Clop. How does this atta...
Jun 28, 2023•35 min•Transcript available on Metacast This episode was recorded LIVE at the 2023 Symmetry Systems Unconference on Zero Trust, adjunct to RSAC 2023. Allan is joined by his friend Claude Mandy, former CISO, former analyst, and now Chief Evangelist at Symmetry Systems. Like Allan, Claude is a Zero Trust enthusiast. The podcast was the capstone to a long day of Zero Trust presentations, panels, book reviews and other great topics and conversations. Join Allan and Claude at this live recording that covers: - How does DSPM fit into Zero T...
Jun 22, 2023•22 min•Transcript available on Metacast Money is the hardest thing for a CISO to acquire. As with last week's show on Time, Money has to be spent wisely as well. Perhaps the tricks to spend it wisely directly relate to how we can acquire more the next cycle to achieve the mission we know we need to achieve. In this episode we cover: - What are the best methods for securing a budget? - How do you structure your budget to align with business costs (COGS, R&D, CAC...)? - What are some good ways to save money as a CISO? - How do you best ...
Jun 21, 2023•31 min•Transcript available on Metacast Time is one of our most precious commodities as security practitioners. And yet we have traditional time sinkholes where we waste time, lose time, and spend time. Join Allan and Paul Robinson, Founder and Managing Director at Tempus Network, as they explore several of these areas and give concrete tips on how to save time as security practitioners: - Keeping up with industry trends - Managing cyber incidents - Third-party questionnaires (both directions!) - Vendor onboarding - Work from home vs....
Jun 14, 2023•36 min•Ep 126•Transcript available on Metacast Join Allan and his guest Jay Adams, CISO @ Enchoice and former security architect for several large private and public sector efforts - from M&A activities to massive public portals. Jay is going through TX-RAMP right now, and both he and Allan have done research on FedRAMP and StateRAMP as well. What are the differences? Why might you choose one over the other? What are the gotchas? This is a great show and you'll get to learn a bit about Allan's brief foray into state government as well... Spo...
Jun 07, 2023•29 min•Transcript available on Metacast This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023. Guests include: Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group David Cross, CISO @ Oracle SaaS Cloud Audra Streetman, Security Strategist @ Splunk Adrian Peters, CISO @ Vista Equity Partners Robin Sundaram, CISO @ RELX Merritt Baer, Office of the CISO @ AWS Rob Wood, CISO @ Centers for Medicare & Medicaid Services Bryan Green, CISO Americas @ ZScaler Stephanie Derdouri, ...
Jun 05, 2023•36 min•Transcript available on Metacast This week's show is exciting because Allan has been waiting for Andy's book on leadership to come out for quite some time. The book is called “1% Leadership – Master The Small, Daily Improvements That Set Great Leaders Apart”, and it consists of 54 chapters - each of which presents a specific facet of good leadership in a nearly "buffet style" manner. You can pick and choose topics that resonate with you and dive right in. Allan picked 6 chapters that resonated with him in particular and got And...
May 31, 2023•33 min•Transcript available on Metacast This episode is a bit scary. Adrian Sanabria, who on an earlier show busted many cybersecurity myths, is back again, this time analyzing the impact of Large Language Model Artificial Intelligence on a hypothesized skills gap on the bad guy side. Premise One: Given how many organizations that are vulnerable and that have NOT been breached, the bad guys are suffering the same skills gap we are. Premise Two: Exploit attacks (think of exploits as ransomware, data hostage situations, threats to publi...
May 24, 2023•33 min•Transcript available on Metacast This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023. Guests include: Chris Kennedy, CISO @ Citadel Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group Reet Kaur, CISO @ Portland Community College Rob LaMagna-Reiter, CISO @ Hudl Matthew Lang, vCISO David Cross, CISO @ Oracle SaaS Cloud Audra Streetman, Security Strategist @ Splunk Vishal Amin, General Manager of Security Solutions (Federal) @ Microsoft Adrian Peters, CISO @ Vist...
May 22, 2023•32 min•Ep 121•Transcript available on Metacast Leadership skills, technical skills, cybersecurity skills, pluck, drive and determination are all on display as Allan interviews Merav Bahat, CEO @ Dazz and Mickey Bresman, CEO @ Semperis. Dazz has completed a Series A investment round. Semperis a Series C. It turns out that the skills each CEO needs are still remarkably the same. Saddle up for another episode, where Allan asks his guests: What’s the coolest thing that has happened for you or to you as a startup CEO? What has been the biggest si...
May 17, 2023•30 min•Transcript available on Metacast What is security chaos engineering? You may remember Kelly Shortridge, our very first guest, who came on the show to talk about behavioral economics and cybersecurity. Well Kelly is back to talk about her new book, "Security Chaos Engineering: Sustaining Resilience in Software and Systems". Security chaos engineering is derived from chaos engineering, a relatively new discipline in software development that seeks to test distributed computing systems to ensure that they withstand unexpected disr...
May 10, 2023•41 min•Transcript available on Metacast Bryan Liebert is one smart cookie. Who bakes cybersecurity cakes. But seriously, Bryan has been a CISO, consultant, architect, and has served many other roles in cybersecurity. His specialty is creating simple to digest (we could not help it, sorry!) models for managing and reporting on cybersecurity programs and practices. Join Bryan and Allan as they serve up (we're still doing it!) a lively and informative episode! Sponsored by our good friends at Dazz: Dazz takes the pain out of the cloud re...
May 03, 2023•30 min•Ep 118•Transcript available on Metacast Adrian Wright, "The Cynical CISO" of LinkedIn fame, joins Allan to discuss four areas where cybersecurity is perhaps getting it wrong: Cybersecurity viewed as a necessary evil, related to The Twilight Zone Ownership, Authority, Accountability: Inventory and Means of Control Are WE the baddies? (Largely) Forgotten Security Principles Allan and Adrian dissect cybersecurity practice in this great episode! Sponsored by our good friends at Dazz: Dazz takes the pain out of the cloud remediation proces...
Apr 26, 2023•36 min•Transcript available on Metacast Join us for a SPECIAL EDITON! episode of The Cyber Ranch Podcast LIVE! from CISO XC in Dallas-Fort Worth, Texas! The topic is data security: its challenges and how to overcome them. Joining Allan are Cecil Pineda of R1 ("Cecil the CISO") and Gene Moore of Securiti. The conversation is live and lively, recorded as-is and delivered to you. Enjoy! Sponsored by Securiti - https://securiti.ai/
Apr 24, 2023•35 min•Transcript available on Metacast We always think of cybersecurity startups as companies who contribute to the tech stack in an organizational environment - usually the enterprise. We also think of personal cybersecurity in terms of protecting Grandma or our kids from the bad guys. But these two worlds intersect far more than you would think, and the techniques for addressing these problems intersect as well. This week Allan is joined by Leigh Honeywell, CEO at Tall Poppy, to discuss these intersections. Leigh is uniquely qualif...
Apr 19, 2023•35 min•Transcript available on Metacast Emily Heath is a well-known and well-respected figure in cybersecurity. She has been a CISO three times in a variety of industries, including software and a major airline. She has been in law enforcement, is a partner at a VC firm, and serves on boards of directors as well. With this wealth of experience she has come to value design partnerships - working with small startups to help craft their solutions to meet hers and their needs. But what are some of the challenges in design partnerships? Al...
Apr 12, 2023•33 min•Transcript available on Metacast This week Allan is joined by Karla Reffold, COO at Orpheus Cyber. Yes, that makes her a vendor, but, yes, she follow's the show's rules: She is a friend, not a sponsor; she is not all vendory; and most importantly she is a subject matter expert on this week's topic: advisory boards! In fact, Karla has written an ebook on the subject which is available here: https://karlareffold.co.uk/advisory-boards-guide-book Topics covered in the show: - The ethical entanglements of being on an advisory board ...
Apr 05, 2023•32 min•Transcript available on Metacast 
