Afleveringen
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Shawn Bowen, svp and CISO, World Kinect Corporation.
In this episode:
Is it true that CISOs feel their jobs are harder than ever with higher levels of stress?
Yet why does research also show that CISO job satisfaction increasing?
How do we make sense of this contradiction?
Thanks to our podcast sponsor, Silk Security
Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Nadav Lotan, product management team leader, Cisco.
In this episode:
How can security teams do their jobs without seeming like an impediment to developers?
Why can this relationship seem oppositional?
How can both sides work together to better secure software without seeming like a road block?
Thanks to our podcast sponsor, Panoptica, Cisco’s Cloud Application Security Platform
Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.
-
Zijn er afleveringen die ontbreken?
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Jamil Farshchi, evp and CISO, Equifax.
In this episode:
Data leaks are hard enough to deal with when caused by threat actors, but how bad is a self-inflicted data leak?
Why do these types of incidents happen?
How should an organization assess the risk it introduced?
Thanks to our podcast sponsor, Varonis
Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Yoav Nathaniel, co-founder and CEO, Silk Security.
In this episode:
Why does it seem like securing APIs is so hard? Is it just a matter of complexity?
Why does it seem like we can’t go a week without hearing reports of a data leak caused by a failure in API security?
Why do organizations struggle with API security?
Thanks to our podcast sponsor, Silk
Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Jay Trinckes, director of compliance, Thoropass.
In this episode:
Why do credential stuffing attacks put organizations in such a tricky spot?
Why is blaming the victim rarely the right move?
What kind of reasonable expectations can companies have about how much users will do to protect themselves?
Thanks to our podcast sponsor, Thoropass
Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest Kelly Haydu, vp, infosec, technology, and enterprise applications, CarGurus.
In this episode:
What other career fields are rife with talent that could successfully transition into our industry?
What kind of framework do we need to surface a more diverse array of talent?
Also, what happens when a vendor goes over your head to the CEO?
Thanks to our podcast sponsor, Panoptica, Cisco’s Cloud Application Security Platform
Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Grant Anthony, CISO, Orion Health.
In this episode:
Why getting buy-in to your security awareness program is so critical?
Why do so many organizations get it so wrong?
What framework can we apply to actually build trust with security awareness?
Thanks to our podcast sponsors, Varonis
Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Brett Conlon, CISO, American Century Investments. Joining me is our guest, Mical Solomon, CISO, Port Authority of NY and NJ.
In this episode:
Does the hype around generative AI tools make it seem like these are a totally new technological challenge for cybersecurity?
Are many of the challenges with securing them the same that we've seen from the rise of SaaS and proliferation of shadow IT?
What lessons from that transition can we apply to AI?
Thanks to our podcast sponsors, Living Security & KnowBe4
Living Security is the global leader in human risk management. Our HRM platform Unify transforms human risk into proactive defense by quantifying human risk and engaging the workforce with relevant training and communications proven to change human behavior. Living Security is trusted by security-minded organizations, including Mastercard, Verizon, Biogen, AmerisourceBergen, and Hewlett-Packard. Learn more at www.livingsecurity.com.
KnowBe4's SecurityCoach enables real-time security coaching of your users in response to risky behavior. Based on the rules in your existing security software stack, you can configure your real-time coaching campaign to determine the frequency and type of SecurityTip that is sent to users at the moment risky behavior is detected.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Shyama Rose, CISO and head of IT, Affirm.
In this episode:
What is the impact of burnout to your security team directly?
Does burnout directly play a role in how an organization can respond to security incidents.?
All jobs involve dealing with stress, but what should we consider normal in cybersecurity? And when does that stress endanger your security mission?
Thanks to our podcast sponsors, Panoptica, Cisco’s Cloud Application Security Platform
Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Trina Ford, CISO, iHeartMedia.
In this episode:
Why has the landscape for CISOs seemed particularly perilous in the past year?
Does there seem to be more responsibilities with very real legal consequences attached to the role?
There is a lot of guidance out there for CISO candidates negotiating for a new position, but what can a current CISO do once they are already in the role?
Thanks to our podcast sponsors, Thoropass
Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Bob Schuetter, CISO, Ashland.
In this episode:
What should a company do when their name is in the press, but they didn't actually suffer a security incident?
How much difference is there in responding to a fake data breach versus a real one?
How would you handle responding to a fake breach claim?
Thanks to our podcast sponsors, Thoropass
Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Billy Norwood, CISO, FFF Enterprises. Joining us is our guest, Joshua Barons, head of information security at San Diego Zoo Wildlife Alliance.
In this episode:
Wasn't single sign-on supposed to solve all of our security woes?
So why are we still seeing everything from phishing to session hijacking with SSO?
Is this just growing pains for SSO or does this hint at a persistent problem?
Thanks to our podcast sponsors, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest this week, Mike Kelley, CISO, EW Scrips.
In this episode:
Why do a lot of security professionals feel unheard? Does this frustration lead to some turning into scolds during a security incident, quick to say "I told you so"? How do you manage these security pros when they don't feel heard, both before and during a crisis?Thanks to our podcast sponsors, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Richard Ford, CTO, Praetorian.
In this episode:
Why do many CISOs think adopting new LLM-based tools will make breaches more likely? Why the rush to throw money at them? How do you go about building a security program that doesn't depend on individuals?Thanks to our podcast sponsors, Praetorian
Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Suresh Vasudevan, CEO, Sysdig.
In this episode:
What will the employment landscape look like with Generative AI becoming the next big thing? Will we be hiring prompt engineers in a few years? Or will it become like putting "search engine proficiency" on your resume?Thanks to our podcast sponsors, Sysdig
For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and sponsored co-host Jason Sabin, CTO, DigiCert. Joining us is our guest, Alexandra Landegger, executive director of security, Collins Aerospace.
In this episode:
Are CISOs prepared for the legal surprises that can come in the aftermath of a cyberattack? What about the legal fallout that can occur afterward? How does a security team work with legal beforehand to address these issues when drawing up incident response?Thanks to our podcast sponsors, DigiCert
DigiCert is a leading global provider of digital trust, the infrastructure that enables individuals and businesses to have confidence that their digital interactions are secure. DigiCert’s award-winning solutions enable organizations to establish, manage, and extend public and private trust across their digital footprint, securing users, servers, devices, software and content.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Kurt Sauer, CISO, Docusign.
We recorded in front of a live audience at Microsoft’s offices in Mountain View, CA as part of the ISSA-Silicon Valley chapter meeting. Check out all the photos from the event.
In this episode:
Is a high profile cyberattack the best time for salespeople to come out of the woodwork asking if the affected CISO would like to see their product, which would have helped prevent the attack? Is there any way for a vendor to positively reach out to victims after a cyberattack? Also, what could be some effective ways to invest IP with generative AI to create value for the organization?Thanks to our podcast sponsors, Veza, Sysdig, and SlashNext
75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Arvin Bansal, former CISO for Nissan Americas.
In this episode:
Why are so many companies unprepared for phone-based social engineering? Why do many orgs not give this attack surface the attention it deserves? Are we doing enough to support whistleblowers in cybersecurity?Thanks to our podcast sponsor, Palo Alto Networks
As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.
-
All links and images for this episode can be found on CISO Series.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Adam Zoller, svp, CISO at Providence. Joining me is our guest Sam Jacques, vp of clinical engineering, McLaren Health Care.In this episode:
When should cybersecurity be brought into the discussion when a merger is underway? Why is security always going to be an issue in a merger or acquisition? If we know it's so important, why does it always feel like we're reinventing the wheel each time?Thanks to our podcast sponsor, Claroty
Claroty enables varied sectors to protect their cyber-physical systems, known as the Extended IoT. The platform integrates seamlessly, offering comprehensive controls for visibility, risk management, network protection, and more. Trusted by global leaders, Claroty operates in hundreds of organizations worldwide. Headquartered in NYC, it spans Europe, Asia-Pacific, and Latin America.
-
All links and images for this episode can be found on CISO Series.
In principle, we can generally all agree that security theater is a waste of time for security teams. But the reality is that these are things that look good, so it can be hard to justify to non-technical leadership why you’re eliminating something they see as secure. So how can we positively identify actual security theater practices and how do we communicate that to the rest of the organization?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Davi Ottenheimer, vp of trust and digital ethics, Inrupt.
Thanks to our podcast sponsor, Sysdig
For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.
In this episode:
Is security theater a waste of time for security teams? Why can it be hard to justify to non-technical leadership why you’re eliminating something they see as secure? How can we positively identify actual security theater practices and how do we communicate that to the rest of the organization? - Laat meer zien