CISO Talk

Immediately following his AWS re:Inforce 2024 Keynote talk, AWS CISO Chris Betz joins Mitch Ashley on CISO Talk. Chris shares his comprehensive approach to security, including creating a culture of security, AWS chip security, secure programming languages like Rust, securing AI and the data AI uses, and more. Mitch considers Chris Betz an example of the modern-day CISO, a CISO for 2024 and beyond. https://reinforce.awsevents.com/

Recent collaborative actions by U.S. and international law enforcement against ransomware rings such as LockBit, BlackCat, and Ragnar Locker serve as a critical wake-up call for CISOs and security leaders. These operations highlight ransomware's sophistication and pervasive nature, emphasizing the need for robust incident response measures that may involve law enforcement. In this special edition of CISO Talk, hosts Mitch Ashley and JJ Minella are joined by Caroline Wong (Cobalt) to discuss how to understand the evolving threat landscape, foster international collaboration and implement comprehensive security strategies.

CISO Talk finishes 2023 with a year-end review hosted by Mitch Ashley (Techstrong Research) and Jennifer Minella (Viszen Security), joined by Allison Miller (executive security leader) and Dan Glass (CISO, NTT DATA). Our cyber leaders reflect on the rapid rise of generative AI (and whether it lives up to its billing), the career and legal risks of CISO following the SEC's actions, security as a product feature, where we are with zero-trust and more.

Anton Chuvakin, security advisor at Office of the CISO at Google Cloud and former Gartner distinguished analyst, joins Mitch and JJ to discuss AI and its security implications, software supply chain security and moving and securing workloads in the cloud, including its similarities and differences from operating in traditional data centers.

In episode two of a two-part series, CISO Talk hosts Mitch Ashley and Jennifer "JJ" Minella, continue their conversation with Andy Ellis, former CISO at Akamai and current operating partner at Weill Ventures. They delve into topics like building security teams, adapting to change and the impact of AI on the security landscape. Andy emphasizes the need for organizations to understand the value they aim to produce and to align their security efforts with that objective. He discusses how AI, particularly large language models (LLMs), can change the dynamics of software development and security, ultimately advocating for a shift toward safety engineering to minimize attack surfaces and improve defenses. Andy also shares insights from his book and offers guidance on how to navigate the evolving cybersecurity landscape. For more information and to follow Andy Ellis's insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

In episode one of a two-part series, CISO Talk hosts Mitch and Jennifer "JJ" Minella introduce Andy Ellis, a renowned figure in the security industry with a long tenure at Akamai and currently an operating partner at Weil Ventures. Andy shares insights into the role of a CISO, particularly focusing on whether they belong in the boardroom and the challenges associated with their role(s). They discuss the SEC's new four-day breach disclosure requirement and delve into the intricacies and nuances of materiality in cybersecurity. They emphasize the importance of building relationships and effective communication to ensure that security concerns are adequately addressed at the executive level. The conversation also touches on liability and insurance considerations for CISOs, highlighting the need for personal insurance coverage due to potential gaps in company-provided policies. For more information and to follow Andy Ellis' insights, you can visit his LinkedIn or Twitter profiles (@CSOAndy) and subscribe to his newsletter at https://duhaone.substack.com/ . Andy's book "1% Leadership: Master the Small, Daily Improvements that Set Great Leaders Apart" can be found at various book retailers, and he also has an audiobook version, narrated by himself, which offers an enriching experience for the readers.

Third-party software and services, including SaaS applications, are integral to our everyday operations. But this widespread dependency on third parties also introduces risk and vulnerabilities, and cyberattacks and breaches continue to surge -- the MOVEit breach being a relatively recent vulnerable service of note. In this episode of CISO Talk, host Mitch Ashley and JJ Minella are joined by Eve Maler (ForgeRock) and Steve Benton (Anomali) We'll delve into the root causes behind this surge of vulnerabilities and discuss the potential security lapses that allow cybercriminals an edge. Beyond understanding these vulnerabilities, our conversation will explore actionable steps organizations can take to manage and mitigate these security risks, ensuring a robust defense mechanism against unforeseen cyberthreats. And, of course, with artificial intelligence's rapid evolution and adoption, its role in the future of cyberattacks cannot be underestimated. We'll also discuss how AI is weaponized and used in cyberattacks, the implications and the preemptive measures we can adopt in the face of AI-enhanced cybersecurity threats.

There's a lot going on in the cybersecurity industry today -- new SEC incident and security program reporting requirements, the discovery of pervasive Chinese malware in critical infrastructure systems and the wild west of generative AI adoption. In this episode of CISO Talk, Jennifer Minella and Mitch Ashley discuss security topics that are top-of-mind for security leaders.

Ever wondered what it's like to lead product security at a massive, global, name brand enterprise technology company? Now's your chance! Lisa Bradley, senior director, product & application security at Dell Technologies, brings you into her world as a product security leader. Bradley explores her experiences as a security leader across technology products and software initiatives and discusses leading vulnerability and incident management, security champion initiatives, bug bounty programs and SBOM initiatives at Dell.

Today's highly distributed workforce is introducing new challenges for CISOs who must carefully navigate the journey from traditional perimeter-based network security to, well, the exact opposite. Securing remote work and managing BYOD on top of the usual challenges of protecting the software development life cycle (SDLC) means CISOs need to strike a balance between strong security policies and developers' preferences, work location(s) and work style(s). It's enough to make anyone crazy! Gal Shpantzer, IANS faculty member, CISO advisor and security consultant joins CISO Talk hosts Jennifer (JJ) Minella and Mitch Ashley to discuss these issues and more, as well as how to avoid the "C-S-No" approach, overcome resistance to necessary security and how to implement alternative strategies.

Every CISO knows it's not a matter of 'if' a cybersecurity incident will occur, but 'when.' Fortunately, there's one name at the top of every CISO's incident response list: Stephen Reynolds, partner in Baker McKenzie's Intellectual Property & Technology Practice. Reynolds built a well-deserved reputation as a bulwark between organizations and the cybercriminals who attack them, and he is rightly seen as the man who can make the difference between an organization living on to fight another day and total devastation. In this episode of CISO Talk, Stephen shares his experience responding to cybersecurity threats with hosts Mitch Ashley and JJ and talks about how decisions made early on can have a significant impact later in a security incident, when to call your cyberinsurance provider, when to involve law enforcement, what to communicate and what to keep to yourself and how to successfully negotiate with cybercriminals in ransomware situations.

Whether on-premises, cloud-based or cloud-native, the basics of securing digital systems are similar. In this episode of CISO Talk, Chuck Kesler, CISO at Pendo.io, shares his journey from a sysadmin, IT leader and CISO at Duke University Health System and his CISO role today with Pendo.io. Chuck works with software leaders and developers to secure software pipelines, remote development, infrastructure-as-software, adopt new development technologies and practices and more. Chuck discusses what he's learned from bringing traditional security skills such as identity, device security and zero-trust (just to name a few) into a business which natively began in the cloud and never had a private data center.

RSA Conference 2023 is fast approaching, and the conference organizers are hard at work putting together an amazing lineup of keynotes, speakers, sessions and events. If you just can't wait to find out what's in store, join CISO Talk hosts Mitch Ashley and JJ Minella along with Britta Glade, VP, Content & Curation at RSA Conference and Kacy Zurkus (Senior Content Manager, RSA Conference, for a sneak preview of RSA Conference 2023. They will announce some exciting keynote speakers and give you an inside look at some great content that's coming for this year's event.

Dan Glass, vice president and CISO with NTT DATA (previously CISO at American Airlines), joins CISO talk co-hosts Jennifer (JJ) Minella and Mitch Ashley to talk about what really grinds his gears lately. Glass discusses the latest LastPass breach disclosure, what security vendors need to do to keep pace with IT, pursuing zero-trust in small-to-medium-sized businesses and hiring strategies for entry-level security talent.

They might be leaders in the cybersecurity industry and top of the ladder within their organization, but CISOs still need advice! And when they do, they often turn to trusted advisors to help them with strategy, product, network and vulnerability decisions. So, who are these CISO advisors? How did they achieve their 'CISO whisperer' status, and what role do they play? New co-host, cybersecurity expert, speaker and CISO advisor Jennifer “JJ” Minella joins Mitch Ashley on CISO Talk. JJ and Mitch explore the role advisors play in helping guide cybersecurity leaders and their organizations across diverse subjects, including network technologies, governance and compliance, AppSec and securing cloud-native infrastructure and applications. Mitch and JJ also discuss plans for future episodes including discussions with security practitioners about the cybersecurity challenges organizations face and best practices for addressing those challenges.

Host Mitch Ashley is joined by Jennifer Leggio (Netography) and Mike Rothman (Techstrong Research) to discuss the best ways CISOs can keep key stakeholders properly informed about threats, risk and security programs and why proactive communication is an essential part of high-performing teams and the foundation of a solid security strategy.

In this episode, ours hosts Mitch Ashley and Mat Newfield are joined by Mike Rothman (Techstrong Research) and Miranda Ritchie (Orbia) to discuss how to test your cybersecurity readiness and what are the most effective methods of communication for organizations to collectively improve their security posture.

In this episode, Mitch Ashley and Mat Newfield are joined by Anthony Johnson (Delve Risk) and Joel Fulton (Lucidem) discuss the key elements of an active response strategy, how to test the readiness of an organization if a breach occurs and the best way to identify gaps in your process.

In this discussion, Mitch Ashley and Mat Newfield are joined by Beth-Anne Bygum (Acxiom) and Mike Rothman (DisruptOps) to discuss the importance of adopting frameworks and having a foundation that establishes a common understanding for managing risk across the organization in an efficient and effective manner.

Join Mitch Ashley, Jennifer Minell (Viszan Security), Anthony Johnson (Delve Risk) and Allison Miller (Reddit) at RSAC 2022. The role of the CISO has not only changed, it is evolving by the day and will be completely different moving forward. We will discuss this shift as well as how we keep the lights on while getting rid of our corporate networks and using managed solutions instead of internally-operated software or hardware. We'll also explore how to not just survive, but thrive as our evolving security strategy is informed by the business and business is informed by IT and security strategy.

Join host Mitch Ashley, Anthony Johnson (DelveRisk) and Mike Rothman (Securosis) as we discuss the changing role of CISOs, how they balance business and security needs and how CISOs are bridging the communication gap between the executive team and IT teams.

Mitch Ashley and Mat Newfield welcome Wendy Reynolds-Dobbs (Unisys) and Nicole Dove (WarnerMedia) to discuss the meaning and importance of diversity, equity and inclusion, and how to create meaningful change in the workplace.

Mitch Ashley and Mat Newfield are joined by Larry Whiteside (Cyversity), Karen Moore (Unisys) and Michelle Beistle (The Nature Conservancy) to discuss the bias and ethics in biometrics.

Jennifer Minnela (Viszen Security), Julian Waits (Rapid7), Richard Stiennon (IT-Harvest) join hosts Mitch Ashley and Mat Newfield to discuss what to do once your data has been compromised, new security measures beyond an IRP, and how to avoid future breaches.

Although CISOs talk about security to board members, sometimes they fail to translate the security language into a business language that C-level executives understand. Once they speak the same language, they will be able to build a collaborative workplace, increase productivity, accelerate decision making, avoid miscommunication and improve governance.In this episode, hosts Mitch Ashley and Mat Newfield talk to Larry Whiteside (CyberClan) and Anthony Johnson (Delve Risk) about the communication gap between C-level executives and IT teams, and how they can overcome those language barriers.

As more educational opportunities in IT and cybersecurity become available to today's students are we really preparing the workforce to take on tomorrow's cyber challenges? How do we enhance cyber with skills from other disciplines to develop well-rounded cybersecurity leaders. Nicole Dove from WarnerMedia, JJ Minella from Viszen Security, and Rob Lee from the SANS Institute join hosts Alan Shimel and Mitch Ashley to share their advice for the next generation of cyber professionals and discuss what kind of skills they look for when recruiting individuals to join their teams.

Hosts Alan Shimel and Mat Newfield are joined by Mitch Ashley of Accelerated Strategies Group, Karen Moore of Unisys and Larry Whiteside of CyberClan to discuss how they are embracing and strengthening their company culture, what to consider before moving to a new work model, what are the new practices companies should adopt to bring teams closer together and enhance collaboration and how to keep employees both happy and productive post-COVID-19.

Hosts Alan Shimel and Mat Newfield are joined by Miranda Ritchie of IBM, Jesse Carrillo of Hines and Mitch Ashley of Accelerated Strategies Group, to discuss why building a culture of defensibility is paramount, especially as we move into the cloud and continue to work remotely.

Larry Whiteside Jr. of ICMPC, Nicole Dove of Warner Media and Mitchell Ashley of Accelerated Strategies Group join our hosts, Mat Newfield and Alan Shimel, for a new CISO Talk episode to discuss why best practices are just the starting point, and why continuous improvement of people, processes and tools is so essential for success.

In this weeks CISO Talk Episode: “Why You Need to Prepare for the next Supply Chain Breach” hosts Alan Shimel and Mat Newfield are joined by Anthony Johnson of Delve Risk, Joel Fulton of Lucidum, Nicole Dove of Warner Media, Mike Rothman of DisruptOPS and Mitch Ashley of ASG/MediaOps for an insightful discussion on supply chain breaches and data protection. They will talk about data visibility and the strategies you need to implement in order to manage and mitigate supply chain risks.

Our hosts Alan Shimel and Mat Newfield are joined by Karen Moore of Unisys, Michelle Beistle of the Nature Conservancy and Mitch Ashley of MediaOps/ASG for a discussion on Women In Tech. The best cybersecurity leaders know the value of gender diversity, how to attract and develop top talent, how to create opportunities for growth and advancement, and how to recognize, uncover and remove hidden biases. But our objective is not only to improve diversity, we must also focus on removing gender issues. Our goal should be to achieve “people” in tech where gender issues are eliminated from the equation, where our differences are appreciated rather than labeled.

Our hosts Alan Shimel and Mat Newfield are joined by Cristine Gollayan, Karen Moore, Joel Fulton, and Mitch Ashley to discuss how the new normal for cybersecurity professionals is anything but normal and the many challenges the come with it. Is our cybersecurity risk insurance adequate? How secure is the home network of an employee? How can we be sure we aren't negatively impacting other devices on the home network? How do we, or should we, enforce policies such as keeping routers, Wi-Fi access points, computers, gaming devices, tablets, IoT devices, and more? Join our panel of cybersecurity leaders and experts as we examine these questions and more.

Our hosts Alan Shimel and Mat Newfield are joined by Julie Cullivan, Board member at Heartflow and Prasad Ramakrishnan, CIO & CISO at Freshworks and Mitch Ashley, ASG/MediaOps to discuss the transformative roles that CISOs are increasly being propelled into, often taking on responsibilities well outside the traditional boundaries of cybersecurity. This panel of security leaders and experts are living the journey of cybersecurity in enterprise organizations and they discuss the evolution of the CISO and how the role will evolve in this period of disruption and rapid transformation.

Chenxi Wang…Had a lot of fun moderating a CISO talk today for MediaOps with Rinki Sethi (CISO, Twitter), Marcia Main, CISA, HCISSP (CISO, Rally Health), and Algirde P. (Cybersecurity lead, The World Economic Forum) discussing “Security beyond COVID”. “Never let a crisis goes to waste” — these leaders are turning COVID into opportunities for innovation and growth.

Alan Shimel and Mitch Ashley are joined by Mat Newfield of Unisys, Olivia Rose of Mailchimp, Heather Ricciuto of IBM Security, Larry Whiteside Jr. of ICMCP and Julian Waits of DEVO for a brand new episode on “Diversity in Security and Cyber.”

Mat Newfield, Mike Murray, Miranda Ritchie and Mitch Ashley continue the discussion of healthcare and Cyber.

Julian Waits of Devo, Ben Carr of Qualys and Wendi Whitmore of IBM, join Mitchell Ashley, Mat Newfield and Alan Shimel to discuss ransomware in healthcare.

Julian Waits of Devo and Ben Carr of Qualys join Mitch Ashley, Mat Newfield and Alan Shimel to discuss the CISO responsibility to disclose breach data.

Miranda Ritchie of IBM joins Mat Newfield and Mitch Ashley for an interview on healthcare and cyber in a COVID-19 world.

In this episode, Mat Newfield, Mitchell Ashley and Alan Shimel are joined by Chenxi Wang and Richard Stiennon for a great discussion on what security technologies are winners and losers with the COVID-19 environment.

Mike Rothman, Mitchell Ashley, Matt Newfield and Alan Shimel come together to discuss the human side of cybersecurity.

In this CISO Talk, Alan Shimel and Unisys CISO Matt Newfield talk about cyber challenges in the time of COVID-19.

The Unisys Security Index is out for this year and as might be expected, COVID19 has had an impact. We speak with Unisys CISO Matt Newfield about the findings.