CISOs insiders is open conversations I’m having with leading CISOs in the industry. We’ll be talking about what makes them ticks, their biggest accomplishments and flagrant failures, their favorite drinks and what it is they like in vendors as well as dislike in vendors. We’ll try to tap into the mind of the person behind the role and hopefully have some fun while doing so. Join us for a light talk.
In this special episode of CISO Insiders, we welcome Jason Wolpow, the head of cybersecurity recruitment at Lawrence Harvey. Jason Wolpow, together with Ben Ben Aderet, tackle key challenges while sharing key insights on the recruitment side of the cybersecurity industry. This special episode will tackle the following topics:The need for more cybersecurity practitioners.Positive and optimistic trends for the cybersecurity job market this year.Lowering and breaking down the barrier of entry into the cybersecurity industry.Encouraging professionals from all backgrounds to get into cybersecurity.Career progression in Governance, Response, and Compliance (GRC).Here are some highlights from the podcast: ”If you're listening to this and looking for your first job within cybersecurity, please don't box yourself out and limit yourself, because there's so much more.” “At the end of the day, whether you are at the very technical domain of cybersecurity or the less-technical domain, there will still be opportunities to move up and turn into a leader.” “One of the most important things in a CISO's seat is that board interaction and the executive buy-in.” “Stay persistent. It's going to be tough; it's not always going to be fun. Some people do have very high expectations. But stick with it, because it's very rewarding.”00:36 Guest Introduction and professional journey02:46 Icebreaker questions03:58 What do you do as the head of cybersecurity recruitment?05:20 Biggest failure and key learnings07:42 What is the biggest accomplishment in your career?09:01 What is your high-level view of the cybersecurity industry as of the moment?10:32 What is your view on the barrier of entry to the cybersecurity industry?13:05 What is the most common entry level position that you're able to recruit for?14:20 What are your thoughts on what would be the career path of a SOC analyst compared to an entry level position in GRC?16:38 Advice to newcomers and anyone that wants to pursue a career in cybersecurity18:21 What are some of the current trends in the cybersecurity industry?20:04 What's the most crucial skills a CISO should have?22:19 Do CISOs report to an IT organization or outside of it?25:15 What are some key characteristics that you are looking for in different roles as compared to recruiting a CISO?27:11 What is your advice to people taking their first steps into the industry?29:04 What are some helpful tips to individuals that are trying to gain a foothold in the industry?33:02 What's the best way to connect with you?33:41 Final question and closing comments - If money was not an issue, what would you do with your life? Get ahead in your professional journey and gain valuable cybersecurity insights.Follow GRSee Consulting and GRSee University on LinkedIn to stay updated.#cybersecurity #podcast #careeradvice #cybersecurityawareness #cybersecuritycommunity #cybersecurity #cybersecuritypodcast #cybersecuritysolutions #cybersecurityjobmarket #jobmarket #recruitment #specialepisode
In the latest episode of CISO Insiders, we welcome Eduardo Ortiz Romeu| Global Head of Cybersecurity at Techtronic Industries, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in future.00:35 Guest Introduction and professional journey02:24 Icebreakers05:30 Is there one thing you wish you had known before starting your career?07:43 Biggest failure and accomplishment11:46 What advice would you give to a young cybersecurity professional17:47 The role of the CISO vs CIO in an IT organization20:50 What are the best resources that helped getting ahead in your career?24:28 Debunking common myths about cybersecurity27:00 What are the main concerns of CISOs nowadays29:19 What are the most important skills a CISO should have?31:41 How the role of the CISO will evolve in the next decade?35:55 What is innovation in cybersecurity38:15 What would be a good way for a vendor to reach out to you?45:55 Closing comments
In the latest episode of CISO Insiders, we welcome Jim Baskin | Director of Cybersecurity and Compliance at GigNet, for an eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in future.Timestamps:00:00 Guest Introduction and professional journey02:10 Icebreakers03:44 What's the one thing you wish you had known before starting your career.04:41 Biggest failure & success in your career08:52 What advice would you give to somone who wants to become a CISO14:04 Do CISOs belong in IT?15:38 What did you do in order to learn more about cybersecurity?19:35 Debunking one common myth about cybersecurity20:30 What are the main concerns of CISOs nowadays24:57 How the role of CISO is evolving?31:50 What is innovation in the cybersecurity space?34:25 Advise for cybersecurity vendors?38:32 Closing commentsHighlights:What is one thing you wish you knew before beginning your career?You want to be completely prepared for any job you take on. Someone believes in you enough to challenge you for something you may believe you are not prepared for; I would say go for it and be honest and transparent about your ability and experience in that domain.What advice would you give to someone interested in becoming a CISO?Go deep or wide, but at least one of these. You can discover that cybersecurity has numerous dimensions. You can take classes, webinars, and certifications, which are all excellent ways to broaden your perspective and add value to your career. There are some things that you must continue to learn as time passes. Because cybersecurity changes so quickly, you must stay current and engage in some self-directed learning.
In this episode of CISO Insiders, we welcome Shane Molinari | Principal, Data Privacy and Protection at BCMpros, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and the evolution of the role of CISO.--Highlights:What is one thing you wish you had known before starting your career?Effective communication is one of the biggest challenges that I faced. Soft skills are what you need when it comes to driving expectations from your team & translate the technical aspects from the gearheads to business executives.What resources helped you to learn cybersecurity in your careerThe people were my biggest & best resource when it comes to learning about cybersecurity. I learned from mentors that I had at the early phase of my career and their perspective on cybersecurity & the professional world, in general, was a great resource. The people that are around you can be your best resource when it comes to learning cybersecurity.What cybersecurity vendors should not be doing?Vendors should stop acting like a business & start acting like a partner. They should put themselves into their clients' shoes and think about how can we provide benefits from their technology or service. When you do that, you're not just a cybersecurity vendor but a trusted advisor who's nurturing a relationship for a long-term game.--00.36 Guest Introduction and professional journey04:23 Icebreakers05:12 What is one thing you wish you had known before starting your career08:46 Biggest failure & accomplishment18:04 Career advice for young cybersecurity professionals22:45 The role of the CISO in the IT organization27:20 What resources helped you to learn cybersecurity in your career32:36 Debunking one common myth about cybersecurity36:16 The most important skills a CISO should have42:58 How will the cybersecurity industry might evolve47:39 What cybersecurity vendors should not be doing50:20 Closing comments--Connect with Shane: https://www.linkedin.com/in/smolinari/Connect with Ben: https://www.linkedin.com/in/benbenaderet/
In this episode of CISO Insiders, we welcome Ross Leo, Master Consultant in Healthcare Information Security, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and the evolution of the role of CISO.--Podcast highlights:What advice would you give to someone who wants to pursue a career similar to yours?You have to explore your undiscovered passion in life & find things that excite you. For me it was solving problems, bringing in solutions & finding new ways to put things together. If you follow your passion, the results can be very rewarding. What I would recommend is to have a passion & not have a rigid mindset and focus on solving certain kinds of cybersecurity problems that our society faces today.Thoughts on the role of the CISO in the IT departmentIf you really want to protect the information, you will need a broader vision that goes beyond being stuck in the IT department. A CISO being stuck in the IT department might limit the way you tackle the problem at hand. The role of a CISO is business oriented. It's all about the business & the information that the particular business holds. Being focused on the business itself & knowing its value tackles a wider range of concerns.--00:35 Guest Introduction and professional journey02:04 Icebreakers03:36 What's one thing you wish you would have known before starting your cybersecurity career?05:30 Your biggest failure & accomplishment.12:06 What advice would you give to someone who wants to pursue a cybersecurity career similar to yours?17:24 Thoughts on the role of the CISO in the IT department23:44 What were the resources that worked for you when it comes to learning cybersecurity?26:03 Debunking one common myth about cybersecurity30:38 The main concerns of CISO & focus points36:36 How the role of the CISO is evolving?39:28 What should cybersecurity vendors stop doing?43:00 Closing comments--Connect with Ben Ben-Aderet: https://www.linkedin.com/in/benbenaderet/Connect with Ross Leo: https://www.linkedin.com/in/ross-a-leo-1503a31/
In this episode of CISO Insiders, we welcome Jay Trinckes, Interim CISO at Laika, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in 2022 and beyond.--Podcast highlights:If there is one thing you wish you had known before starting your careerThe hardest thing I overcame while beginning my career is to convince our executive leadership that cybersecurity is really important & is here to stay.Cybersecurity budgeting pre & post-pandemic.Cybersecurity is expensive and companies never have enough resources to allocate funds to it. But as breaching is making headlines, we are seeing more funding coming out and leadership is becoming a little more aware of the importance of it.One common myth about cybersecurityWe're not all hackers. Some of us might have done penetration testing, but people tend to assume that everyone in cybersecurity must be a hacker.--00:35 Guest Introduction and professional journey 03:25 Icebreakers 05:15 If there is one thing you wish you had known before starting your career 06:56 Biggest failure & accomplishment 10:24 Advice for people starting their career in cybersecurity 13:38 The role of a CISO & their position in the company 19:08 One common myth about cybersecurity 20:00 What are the main concerns CISOs nowadays have? 23:39 What are the areas CISOs should be focusing on? 24:46 What are the core skillsets CISOs should have? 26:50 How will the CISO role evolve in the next decade? 29:20 Cybersecurity budgeting pre & post-pandemic. 33:15 How vendors should work with security leaders. 35:47 Closing comments--Connect with Jay: https://www.linkedin.com/in/jay-trinckes/Connect with Ben Ben-Aderet: https://www.linkedin.com/in/benbenaderet/
In this episode of CISO Insiders, we welcome Paz Shwartz, Co-Founder & CEO of Persist Security, for an exciting and eye-level conversation about his journey into cybersecurity, the difference between a vCISO & a CISO, and how to work with competitors.--00:35 Guest Introduction and professional journey02:54 Icebreakers04:21 If there's one thing you wish you knew before you started your career.05:28 Single biggest failure and key takeaway from it.08:48 Biggest accomplishment10:30 What were the best resources that helped you learn and grow yourself.13:16 Debunking one common myth about the cybersecurity profession.17:40 How Persist Security is helping SMBs with tailor-made cybersecurity solutions.24:15 How to play well with a potential competitor27:33 The difference between the role of CISO & a vCISO34:14 What do customers of Persist Security says about the level of services received?40:20 Closing comments
In this episode of CISO Insiders, we welcome Zlatko Unger, Head of Security & Privacy at Alation, for an exciting and eye-level conversation about her journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in 2022 and beyond.--00:36 Guest Introduction and professional journey02:30 Icebreakers04:25 The importance of having interactions with professional individuals in your domain.08:28 Learning cybersecurity from social media platforms like Twitter and Reddit.11:07 The single biggest failure and key takeaway from that journey.14:05 Biggest professional accomplishment.15:10 Advice for someone who's getting started in a cybersecurity career.16:33 Pros and cons of CISO reporting to IT department.20:30 The best learning resources one can use to move forward in the industry.22:30 Debunking one common myth about cybersecurity.24:20 What are the main concerns CISOs nowadays have?30:40 How the role of the CISO is evolving?42:08 What should cybersecurity vendors stop doing?43:10 Closing comments--Podcast highlights:What's the one thing you wished you knew before you started your journey?When you're starting your career in the cybersecurity domain, there are so many factors involved that you wish you knew before you started your journey. One of those is having more interactions with the individuals that are in your domain that can show you what's on the other side of the curtain and who can give you clarity into the sort of works that you will be doing. It is very important to connect with people who have walked the walk before.What are the main concerns CISOs nowadays have?Every CISO I talk to has ransomware buried somewhere in their mind as a concern. It doesn't matter what's the size of the organization and which system they use, the problem of ransomware is still unresolved.Connect with Zlatko: https://www.linkedin.com/in/zlatkounger/Connect with Ben: https://www.linkedin.com/in/benbenaderet/
00:35 Guest Introduction and professional journey02:40 Icebreaker04:00 How did the incident response domain evolve in the last decade06:33 Timeline of a cybersecurity security incident. Timeline for a company that suffers a security incident.10:50 The number 1 cause of most cybersecurity incident15:30 What should a company prepare for a cybersecurity incident & attacks17:50 How important are compliance standards in building a resilient & secure environment?25:47 Are there ongoing threats and data exploitation that companies don't know about?27:50 A case study for incident response project32:32 The initiative for cybersecurity incidents from the U.S government.36:43 What actions you should take after experiencing a cybersecurity incident?Description Summary:All the early-stage companies react differently to a cybersecurity incident but mostly this is how it goes in the most casesAn employee starts to report an issue in the network. Perhaps he or she cannot access a file on the network.The issue gets reported to the IT department.The IT department would diagnose the issue and realize that there's a larger problem at hand.From this stage, the information escalates to the boardroom.The number one & most common cause of cybersecurity incidents is open RDP or a phishing attack if you're not keeping up with the patches or you have unpatched VPNs & unpatched exchange servers. Mainly, The unpatched environment is the predominant method of intrusion for ransomware.The threat actors which perpetrate the attack use free tools which are available online and conduct an external scan very quickly and exploit the findings. These tools are available online and they cost nothing.This is what you should do to reduce cybersecurity incidents in your business:Ensure multiple-factor authentication on all your accounts like emails, VPN, etc.Regularly test backups, and be sure to keep them off the domain.Have an incident response plan, review it every quarter, and regularly update it.Introduce the principle of less privilege to make sure you're limiting the number of people who have domain access & leading accounts.If you just realized that you've experienced a cyberattack,Preserve all evidence, because if you wipe or change any evidence, it'll be hard to trace how the threat actor was able to get inside your environment.Don't turn off any devices, just disconnect them from the internet.Don't engage in communication with the attackers.Connect with Ben Ben-Aderet: https://www.linkedin.com/in/benbenaderet/Connect with Nicholas: https://www.linkedin.com/in/nsteinmann/
In this episode of CISO Insiders, we welcome Lisel Newton, Senior Director, Information Security, Risk and Compliance at Gossamer Bio, for an exciting and eye-level conversation about her journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in 2022 and beyond.⏱️
In this episode of CISO Insiders, we welcome Jack Freund, VP, Head of Cyber Risk Methodology at BitSight, for an exciting and eye-level conversation about his journey into cybersecurity, advice for young cybersecurity professionals just starting out, and how the industry will evolve in 2022 and beyond.⏱️
Today I had the opportunity and privilege to speak with Harshil Parikh. Harshil is a CISO turned founder. He is currently the CEO & Co-Founder of Tromzo - an Application Security Management Platform that helps organizations orchestrating their SDLC.We spoke about the commonalities between being a CISO and being a founder, about how challenging an environment the Silicon Valley is and much more.Join us to learn more
It was a pleasure to host Praj this time around. Praj is the Cyber Risk & Compliance director at Horizon media. We've spoken about so many things, from people skills to the importance of certification to negotiation techniques with vendors.Tune in to learn more.
Today I had the pleasure of talking to Andrew Nuxoll from UNICEF USA. We spoke about the journey, as always. Andrew was brave enough to share some of his mistakes as well as successes. He spoke about the importance of soft skills, about his biggest failure that set him back but also about the good stuff.Tune in to hear more.
In this episode, I've interviewed "Olu" Olusegun Opeyemi-Ajayi. Olu is the CISO of NYC Department of Transportation.Olu walks us through his career path and shares some insights about what it is he's looking for in vendors, reveals his successes, failures, and more. Join us to learn more.
This is our 50th episode anniversary to CISOs Insiders!!This time I had the pleasure the interview the first interviewee ever on this series, Mr. Hanan Scwarzbord – currently the CISO of Micron. We touched on his growth as a leader, shifting market trends and market collaborations as well as on the cyber talent shortage and much more. Join us to learn more”
In this episode, I had the opportunity to tap into veteran physicist / CISO Robert "Rob" Roser at Idaho National Lab.Rob has a unique position where he gets to combine his passion for science and his passion to cyber security. Join us to learn more about his journey.Key takeaways – Move really fast but have the ability to roll back fast. Study everything. Find your passion.
In this episode, I've interviewed Noam Broash, director of IT and Security at Seeking Alpha.Noam has been in the cyber security industry for a decade and a half now and had many experiences under his belt. In our talk we've discussed the merit of broadedning your knowledge foundation as a key to a succesful career in the Cyber Security world.Join us to learn more.
Today I spoke with Neal, the CISO at Query.AI. Neal has over 20 years of expertise in the field of cybersecurity. Neal is a podcaster as well and has a succesful YouTube Channel called CyberInsecurity (https://www.youtube.com/c/CyberInsecurity).In today's call, we talked about what it means to be a CISO in the digital age and how to monetize the CISO experience and convert it into thought leadership.
Today I had the opportunity and privellege to speak with Thomas Kinsella, Co-Founder and COO of Tines and previously a senior director at DocuSign that was instrumental in building up the DocuSign security team and global operations.A security professional turns founder, I thought I could pick the brain of Thomas and get some insights.Join us to learn more
In this episode of our CISO insiders, I met with Jeremy Dodson, a veteran CISO had an interesting career working for the US govertment for a while before moving into the civilian world. Jeremy is the CISO of NextLink Labs, a professional services company heavily focused on providing software solutions and supporting services.In our discussion, we touched on the a few milestones and discussed some of the challenges and opportunities that lead Jeremy to his current role.
In this episode of our vCISO series I met with Brian Grayek from Cosant Cyber Security.Brian had transitioned from a full time CISO to a fractional CISO and is super happy about his decision. He was also able to debunk a long time myth about the cyber security industry.Join us to find out why.
In this episode, I had the great pleasure of interviewing Barak Engel, the Co-Founder of Eammune, highly acclaimed CISO, and the author of two books (‘Why CISOs fail?' and the recent publication ‘The Security Hippie'). We've had a blast speaking about Barak's ideas of what being a CISO actually is, who is the best leadership partner for a CISO, why CISOs fail, and much more. Barak has made a tremendous taking a stab at the industry and addressed some built-in failures it has.
In this episode of our CISO insiders, I met with Steve Cobb, a veteran CISO who started his own company back out of college. Spent a few years with the business before deciding to go into the corporate world.In our discussion, we touched on some important milestones in Steve's professional career and his journey to the CISO seat. We've spoken about recent challenges the industry has been dealing with, talked about passion as the main driver, and more. Join us to learn more about Steve and his path to success
Our guest today is Zachery Mitcham. Zach is the CISO at Surge Professional Service Group, a disabled veteran-owned and operated multi-faceted, Commercial/Personal Goods and Services company. In today's episode, Zach shared the career path from an army veteran to a leading CISO in the industry. In our talk, he was grateful about his experience he gained in the military that made him a better person in every aspect. He was also kind enough to share some valuable tips with our listeners. Zachery also provided some insights about the work force we have nowadays in the cyber security space.Join us for a light and fruitful talk with Zach.
In this episode, I had the opportunity to tap into highly productive- Wolfgang Goerlich. Where it is in his heart, giving the community knowledge about Cyber Security through his blog and helping aspiring CISO live on their dream and make it a reality.Join us to learn more about his journey and discover what makes him tick.
In this episode, I have had the opportunity to meet with Greg Edwards, an expert in his field. We had the opportunity to talk about recent ransomware attacks, how they could have been prevented, and review some of the asymmetries between state actors and private organizations.
In this episode, I had the opportunity to talk with Darrel Bateman, the CISO of Citybank. Darrel was kind enough to share about his experience with me and provide some insight around various topics, such as killware, collaborating with peers and the value of hard work.Key takeaways – You don't have to be the smartest person in the room. Threats are evolving and we need to be prepared. Vendors should really change the way the go about pitching to CISOs.
This is a special edition. In this episode, I spoke to a subject matter expert - Steve Ginti. We did a deep dive into the threat landscape.
In this episode, I had the opportunity to tap into veteran CISO Richard Rushing at Motorola Mobility.Richard has a very busy and productive schedule. He always got his backup plan for everything. Join us to learn more about his journey and discover what keeps pushing him forward.Key takeaways – Move really fast but have the ability to roll back fast. Study everything. Find your passion.
Today I had a talk with Philip Burnett, the CISO at High wire Networks. Philip has more than 15 years cyber security field.In today's call we've discussed some of the daily challenges CISOs are faced with and we touched a bit about his own journey.Key takeaway – get the formal education. Don't get complacent. Keep up with technology.