All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Joining me is our guest this week, Mike Kelley , CISO, EW Scrips . In this episode: Why do a lot of security professionals feel unheard? Does this frustration lead to some turning into scolds during a security incident, quick to say "I told you so"? How do you manage these security p...
Jan 02, 2024•43 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Joining me is our guest, Richard Ford , CTO, Praetorian . In this episode: Why do many CISOs think adopting new LLM-based tools will make breaches more likely? Why the rush to throw money at them? How do you go about building a security program that doesn't depend on individuals? Tha...
Dec 12, 2023•41 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Joining me is our guest, Suresh Vasudevan , CEO, Sysdig . In this episode: What will the employment landscape look like with Generative AI becoming the next big thing? Will we be hiring prompt engineers in a few years? Or will it become like putting "search engine proficiency" on your resume? Thanks to our podc...
Dec 05, 2023•45 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and sponsored co-host Jason Sabin , CTO, DigiCert . Joining us is our guest, Alexandra Landegger , executive director of security, Collins Aerospace . In this episode: Are CISOs prepared for the legal surprises that can come in the aftermath of a cyberattack? What about the legal fallout that can occur afterward? How does a security team work w...
Nov 28, 2023•44 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Joining me is our guest, Kurt Sauer , CISO, Docusign . We recorded in front of a live audience at Microsoft’s offices in Mountain View, CA as part of the ISSA-Silicon Valley chapter meeting. Check out all the photos from the event . In this episode: Is a high profile cyberattack the best time for salespeople to...
Nov 21, 2023•45 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Joining me is our guest, Arvin Bansal , former CISO for Nissan Americas . In this episode: Why are so many companies unprepared for phone-based social engineering? Why do many orgs not give this attack surface the attention it deserves? Are we doing enough to support whistleblowers i...
Nov 14, 2023•44 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Adam Zoller , svp, CISO at Providence . Joining me is our guest Sam Jacques , vp of clinical engineering, McLaren Health Care . In this episode: When should cybersecurity be brought into the discussion when a merger is underway? Why is security always going to be an issue in a merger or acquisition? If we know it's so important, why does it...
Nov 07, 2023•44 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . In principle, we can generally all agree that security theater is a waste of time for security teams. But the reality is that these are things that look good, so it can be hard to justify to non-technical leadership why you’re eliminating something they see as secure. So how can we positively identify actual security theater practices and how do we communicate that to the rest of the organization? This week’s episode is hosted b...
Oct 31, 2023•39 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Usually the buck stops with the CEO. But for a CISO, what do you do when a CEO wants to exempt themselves from your security program? Whether it's granting privileged network access or just ignoring protocols, it can put a CISO in a tough spot. So how do you deal with a leader that thinks they're above the controls you have in place? Is it enough to document your disagreement or is there anything else you can do in that position...
Oct 24, 2023•44 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . When it comes to security awareness, the advice generally doesn't change. There are a set of best practices that have proven to be effective. So we know what we want to tell people. Communicate it consistently. So how do we relay that information without sounding like a broken record? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Steve Zalewski . Joining us is our sponsored guest, Dani...
Oct 17, 2023•38 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Organizations know that securing SaaS is vital. But polls consistently show they also know their current security isn’t cutting it. With security teams acting more as SaaS supervisors than app owners, how can we reduce the glaring gaps in our SaaS defenses? This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored gue...
Oct 10, 2023•37 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . If you search online, you'll find no dearth of lists claiming to rank the top security leaders. The question is, how do these actually get created? Most of the time, these lists include CISOs from the biggest companies, or the ones with the best name recognition. But is that any kind of objective criteria? These lists generally serve the interest of boosting the credibility of the publisher, rather than being based on any kind o...
Oct 03, 2023•38 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . CISOs are common among the Fortune 500. But it remains rare to see them listed in executive leadership. Given that every company says security is of prime importance, why aren’t CISOs named within the top company echelons? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series, and Allan Cockriel , CISO of Shell . Joining us is our special guest, Mary Rose Martinez , CISO, Marathon Petroleum . Than...
Sep 26, 2023•43 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . We’ve heard a lot of talk about the security risks with emerging AI technologies. A lot of these center around employees using large language models. But what about the potential benefits of this technology for cybersecurity? Could we eventually see a de facto AI CISO on the job? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Rob Duhart , deputy CISO, Walmart . Joining us is our special...
Sep 19, 2023•42 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . In everyday life, it's often clear when to call in the authorities. Someone egging your house might not rise to the occasion, but a break-in gets a call to the cops. It's less clear when it comes to a cyberattack. What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO ...
Sep 12, 2023•39 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Even before the pandemic, we've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Joining us is our sponsored guest, Rich Dandliker , chief strategist, Veza . Tha...
Sep 05, 2023•38 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Every company deals with off-boarding employees. Yet it feels like many organizations make basic security mistakes in this process. Is it just a case of HR and IT being out of sync, or is this an inevitably leaky process? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ), operating partner, YL Ventures . Joining us is our special guest Lorna Koppel , CISO, Tufts Uni...
Aug 29, 2023•40 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Seri...
Aug 22, 2023•39 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . We're seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience. But how do you create job posts to encourage that? And how do applicants even show that on a resume? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Joining us for the episode is our special guest TC Niedzialkowski , CISO, Nextdoor . Thank...
Aug 15, 2023•45 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . For some security problems, it can be tough to know when to try to fix the problem yourself or turn to a vendor. Deciding this shouldn't start with talking to someone that wants to sell you something. But how do you determine when it's time to call in a vendor? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Joining us for this episode is our special guest, ...
Aug 08, 2023•42 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Shifting Left is so five years ago. Advice and best practices are great, but context is king. Is there a mixture of best practices AND doing what's right for your business that's actually practical? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Steve Zalewski . Joining us for the episode is our sponsored guest Gaurav Banga , CEO, Balbix . Thanks to our podcast sponsor, Balbix Balbix is...
Aug 01, 2023•36 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . There are so many third party vendors we want to work with, but uggh, their security and privacy is so troublesome. Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security? This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Our guest is Phil Beyer , former head of security, ...
Jul 25, 2023•39 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Do you know what security categories were created this year? I have no idea. Do you know which ones were deleted? I don't think any. Is category growth designed to make more money for the industry? Does it help customers build a better security strategy? It seems like a necessary evil that just confuses customers. The number of categories never decreases or replaces old categories. This week’s episode is hosted by me, David Spar...
Jul 18, 2023•42 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and guest co-host Jesse Whaley , CISO, Amtrak . Our guest was Paul Branley , CISO, TSB Bank . We recorded this episode in front of a live audience in Tel Aviv as part of Team8’s CISO Summit 2023. CISO Series is honored to have been invited to record our show at the event. Thanks to our podcast sponsor, Team8 Team8 is a global venture group that...
Jul 11, 2023•42 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Troy Hunt's new site, "Dumb Password Rules," demonstrates yet another slice of security theater. Rules designed to make the creator believe they're making the business more secure, but appear to do nothing more than create unnecessary roadblocks and confusion. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Mike Johnson , CISO, Rivian . Our guest is Dave Hannigan ( @davidhannigan ), CISO...
Jun 27, 2023•38 min•Transcript available on Metacast This week’s episode was recorded in front of a live audience at the Colorado Convention Center in Denver as we kicked off the Rocky Mountain Information Security Conference ( RMISC ). See the blog post for this episode here. Joining me, David Spark ( @dspark ), producer of CISO Series , on stage was my guest co-host, Jay Wilson , CISO for Insurity . Our guest is Michelle Wilson , CISO, Movement Mortgage . HUGE thanks to our sponsor, Trend Micro The stakes are high for cybersecurity decision make...
Jun 20, 2023•46 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . Why does it seem that the only time we hear about a company’s concern about security and privacy is after they’re compromised. It is only at that moment they feel compelled to let us know that they’re taking this situation very seriously because as we’ve ll heard before “security and privacy are very important to us.” This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @csoandy ...
Jun 13, 2023•40 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . There is a long history of security professionals complaining about the insecurity of new technologies. When new technologies take off, they rarely have lots of great security built in. The populace never comes around and says, "Security is right. We should stop using this thing we love." The popular technology ALWAYS wins. This week’s episode is hosted by me, David Spark ( @dspark ), producer of CISO Series and Andy Ellis ( @cs...
Jun 06, 2023•38 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . When cybersecurity needs to cut budget, first move is to look where you have redundancy. That way you're not actually reducing the security effort. But after that, the CFO needs to know what are the most important areas of the business to protect. Where will they be willing to take on more risk? Because, with less security, the chances of failure increase. This show was recorded in front of a live audience in New Orleans as part...
May 30, 2023•46 min•Transcript available on Metacast All links and images for this episode can be found on CISO Series . As children, we don't dream of becoming a CISO, but yet we still have them. What is it a security professional can learn or even show, to demonstrate that they're getting ready for the position of a CISO? This week’s episode is hosted by me, David Spark , producer of CISO Series and Andy Ellis , operating partner, YL Ventures . Our guest is Paul Connelly , former CISO, HCA Healthcare . Thanks to our podcast sponsor, Nightfall Ni...
May 23, 2023•38 min•Transcript available on Metacast 
