#CISOlife

Follow #CISOlife
Share on
Copy link to clipboard

Cybersecurity and risk podcast. From the CISOs at SideChannel, we tackle discussions from the industry and the threat landscape. Host Brian Haugli, former Fortune 500 CISO, lead for Pentagon's information assurance program, and now managing partner for SideChannel, sit down with guests to discuss the current focuses for businesses around cybersecurity. Support this podcast: https://anchor.fm/cisolife/support

Brian Haugli


    • May 2, 2024 LATEST EPISODE
    • monthly NEW EPISODES
    • 18m AVG DURATION
    • 33 EPISODES


    Search for episodes from #CISOlife with a specific topic:

    Latest episodes from #CISOlife

    Going to RSA? Nope. So let's talk about Tik Tok and Kaspersky

    Play Episode Listen Later May 2, 2024 21:01


    In this episode of #CISOLife, hosts Brian Haugli and Dmitriy Sokolovskiy, delve into the dynamics of the RSA Conference, exploring its evolving relevance and the broader implications for cybersecurity. They discuss the nature of cybersecurity events, the benefits of smaller, local conferences like Secure World, and the importance of vendor relationships and ROI in cybersecurity. The conversation also touches on recent news involving TikTok and Kaspersky, highlighting the cybersecurity and geopolitical concerns associated with these companies.Key Points Covered:RSA Conference Overview:Brian and Dimitri discuss the RSA Conference's shift from a must-attend cybersecurity event to one that may not offer the same value for everyone. They note that while the conference was previously a hub for significant industry insights, it now serves more as a networking event.Local vs. Global Conferences:The hosts compare the benefits of global conferences like RSA to regional events like Secure World in Boston, which offer more focused networking opportunities and potential for local partnerships.Cybersecurity Event ROI:Discussion on the return on investment for companies participating in cybersecurity conferences, emphasizing the strategic considerations for both established companies and startups.TikTok and Cybersecurity Risks:The episode addresses the security risks associated with TikTok, including data privacy concerns and the potential for foreign influence, reflecting on recent U.S. government actions to potentially restrict the app.Kaspersky's Scrutiny:They also cover concerns around Kaspersky, given its Russian roots and the potential risks this poses in terms of data privacy and national security.Call to Action:Encouragement for viewers to engage with the topics discussed by commenting on their experiences with cybersecurity events, and sharing their perspectives on TikTok and Kaspersky.Conclusion:The episode wraps up with a discussion on the importance of understanding the sources of one's information and the implications of misinformation online, stressing the need for vigilance in digital consumption.Engagement: Viewers are invited to subscribe for more insights from CISOLife, share their experiences, and follow the discussion on various social media platforms using the hashtag #CISOLife. Follow us - Website - https://sidechannel.com Podcast - https://anchor.fm/cisolife LinkedIn - https://www.linkedin.com/company/sidechannelsecurity/ Twitter / X - https://twitter.com/sidechannelsec --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

    D&O Insurance Overview for CISOs

    Play Episode Listen Later Apr 16, 2024 18:35


    "#CISOlife" is a podcast that explores the challenges and strategies of cybersecurity leadership. In a compelling episode, host Brian Haugli welcomes Andrew Pendergast, Managing Director at NFP, to delve into the intricacies of Directors & Officers (D&O) Insurance. This episode provides a thorough breakdown of how D&O Insurance operates and its significance for Chief Information Security Officers (CISOs). Pendergast, with his extensive expertise in insurance and risk management, discusses the coverage aspects that are particularly relevant to CISOs, highlighting how this type of insurance can protect against personal liabilities that may arise from the decisions and actions taken in their professional capacities. This discussion is invaluable for CISOs and other executives who want to understand the protective measures available to safeguard their personal and professional interests. --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

    Triangle InfoSeCon Keynote - ISSA Raleigh 2023 - Brian Haugli - What does good look like? #CISOlife

    Play Episode Listen Later Dec 10, 2023 35:08


    What does good look like? ISSA Keynote by Brian Haugli, CEO, SideChannel Cybersecurity program goals are often centered around the comparison to sector peers, “best practices”, and “reasonable controls”. These terms and approaches leave much ambiguity in an industry that's seeking defined, focused expectations on outcomes. While most acknowledge the existence of frameworks like NIST CSF or CIS Controls, many programs are not actually built to them. We see them, yet we do not use them. This keynote will discuss the pragmatic approach to building frameworks backed and standards-based cybersecurity programs while not campaigning for purely compliance. It will cover the areas required to prioritize within an open framework, govern after it's implementation, and how to report its effectiveness to leadership in a way they will understand the risks addressed. Slides: https://sidechannel.com/wp-content/uploads/ISSA-Keynote-2023-Brian-Haugli.pdf --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

    Mastering the CISO Role: Insights and Career Advice from Joe Head | #CISOlife

    Play Episode Listen Later Nov 4, 2023 23:03


    Welcome back to #CISOlife with your host, Brian Haugli! In this episode, we dive deep into the world of CISO searchability, placement, and the evolving landscape of cybersecurity leadership.

    SEC Overview of Final Rule Impact

    Play Episode Listen Later Nov 2, 2023 6:22


    The world of finance and cybersecurity has entered a new chapter with the U.S. Securities and Exchange Commission's (SEC) recent final rule on cybersecurity disclosure. Effective September 5, 2023, this new regulation requires public companies to enhance transparency around cybersecurity risks and incidents. We will delve into the details of the final rule, discuss its impact on registrants, and explore how companies can turn this regulatory requirement into a strategic advantage. --- Support this podcast: https://podcasters.spotify.com/pod/show/cisolife/support

    Reasons to build Cybersecurity Program | vCISO Engagement | Cyber Risk Assessment | Gap Analysis

    Play Episode Listen Later Oct 24, 2022 7:01


    Review of an engagement and initial work as the CISO or a vCISO. More at SideChannel Why do organizations start a cybersecurity program? 1. Customer demands 2. Board or C-suite requests 3. Regulation requires it 4. Right thing to do 5. Post post breach Assess against a cybersecurity standard, framework or regulation Build cybersecurity roadmap to address gaps --- Support this podcast: https://anchor.fm/cisolife/support

    American Airlines Breach Explained | How did American Airlines O365 get hacked? #CISOlife

    Play Episode Listen Later Sep 26, 2022 6:43


    A #CISOlife overview of the public information of the recent American Airlines breach by Brian Haugli, CEO, SideChannel. Brian presents an explanation and walk through of how an O365 tenant can be hacked where legacy authentication methods are still available; specifically with IMAP. The info released so far shows a series of steps: American Airlines has a breach of O365 Still using legacy protocol IMAP Microsoft instructs to remove legacy protocols Attacker can pull down all emails Steps to stop this attack --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - What is a vCISO? Experience, Policy, & Programs needed in Cybersecurity from SideChannel

    Play Episode Listen Later Aug 22, 2022 16:42


    vCISO provider SideChannel's approach to building a cybersecurity program for startups and mid-market companies. [2:15] The vCISO should be able to do the following (part of the #cisolife) [3:30] Develop, or mature currently existing, documentation for the following: [4:30] Information Security Strategy (3 to 18 months) - taking into account information from Risk Assessment and Gap Analysis [5:15] Enterprise Information Security Policy, including, but not limited to; -Acceptable Use Policy -Data Governance & Classification Policy -Asset Inventory & Device Management Policy -Incident Response Policy -Remote Access & Identity Management Policy -Mobile Security Policy -Vulnerability Management Policy -Third Party Risk Management Policy -Disaster Recovery Plan -Incident Response Plan [9:15] Risk Assessments - guided by the organization's overall risk management process or previous risk assessment activities. [9:45] Determine, Analyze, and Prioritize Gaps - compare the current profile and the target profile to determine gaps [10:00] Information Security Governance - using the NIST CSF v1.1 framework; provide oversight to ensure that risks are adequately mitigated, and then support management to ensure that controls are implemented to mitigate risks. [11:40] Managed Security Services - support the implementation of end-point detection and response (EDR) capabilities and mature to a 24/7/365 monitoring and response function via internal or external resources. [12:00] Incident Response - outline and develop incident response functions for the enterprise to respond to cyber events, incidents, and crises. [12:45] Vulnerability Management & Secure Configuration - structure function for the discovery and remediation of vulnerabilities discovered from lack of patching or unknown vulnerabilities in accordance with severity established in Vulnerability Management Policy. [13:35] Third Party Vendor Risk Management (TPRM) - provide resources to respond to third-party risk assessment questionnaires (incoming) and conduct third party risk assessments of vendors (outgoing); [13:50] Cybersecurity Training and Awareness - identifying and aligning security and training awareness topics to focus on where security intersects with the business mission and aligns content to ensure the goals and objectives of the program are met. Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com Podcast - https://anchor.fm/cisolife Spotify - http://spotify.sidechannel.com iTunes - http://itunes.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Technology & Privacy Concerns - Post Roe v Wade Overturned

    Play Episode Listen Later Aug 19, 2022 24:07


    Brian Haugli & David Chasteen discuss potential impacts on privacy post Roe v Wade being overturned by the Supreme Court. Both share ideas and concerns that could have negative impacts on privacy and personal data usage by companies using big data analytics. #cisolife #cybersecurity #privacy --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Access Control Zero Trust Tips with Micro-segmentation Software Defined Networking (SDN)

    Play Episode Listen Later Aug 3, 2022 9:29


    Overview of Access Control & Zero Trust concepts, specifically with system to system & user to system access. Ideal outcomes for micro-segmentation using software defined networking (SDN) include: Reduced costs for management Reduced costs for licensing Reduced costs for hardware Increased security and control of accesses across end-points, users, and systems --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife Daily Discussion - 07.26.22

    Play Episode Listen Later Jul 26, 2022 14:28


    Review of 4 articles - https://feedly.com/i/subscription/feed%2Fhttps%3A%2F%2Ffeedly.com%2Ff%2FqCoqRqeJcihgymBxwp6qby2x SecurityWeek Analysis: Over 230 Cybersecurity M&A Deals Announced in First Half of 2022 What to look for when taking out a cyber insurance policy Cyber insurers split on what's most important in a security posture assessment Virtual ciso services platforms --- Support this podcast: https://anchor.fm/cisolife/support

    Cybersecurity is treated as an operational risk within the business

    Play Episode Listen Later Mar 24, 2022 9:21


    #Cybersecurity has an ability now within the new CISO paradigm to lead and help maintain trust with an organization's customers. Video from CISOlife™ about how cybersecurity is treated as an operational risk within the business. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Delisha Hodo Interview - SANS Institute HBCU Chair & Senior Student Advisor

    Play Episode Listen Later Mar 20, 2022 16:26


    Interview with Delisha Hodo, SANS Institute Historically Black Colleges and Universities (HBCU) Chair & Senior Student Advisor Nowhere is the workforce skills gap more pronounced than in cybersecurity, as the U.S. continues to endure a severe cybersecurity workforce shortage amidst an onslaught of sophisticated attacks. This is exasperated by the lack of diversity in the field—according to research conducted by the Aspen Institute, only 22 percent of the cybersecurity workforce are BIPOC. Covering Black History Month, we speak to a SANS representative, Delisha Hodo, to discuss: - Her own personal experiences of entering the cyber field and challenges they faced - SANS recently announced a new nationwide initiative to provide access to cybersecurity training and certifications to historically black colleges and universities (HBCU) students and alumni. #cisolife --- Support this podcast: https://anchor.fm/cisolife/support

    CMMC - CoE Fireside Chat with John Weiler, Leslie Weinstein, Mike Waters & Brian Haugli #CISOlife

    Play Episode Listen Later Mar 19, 2021 27:28


    Join us for a Fireside chat on CMMC, brought to you by the CMMC-CoE Honest Broker of Cyber Capabilities that leverages standards, design expertise, and lessons learned from leading industry groups, standards bodies, public sector leaders and cyber communities of practice to improve and enhance the overall security and resilience of the supply chain for the defense industrial base and the U.S. Department of Defense. John Weiler - Chairman, CMMC Center of Excellence (CMMC-COE.org) Leslie Weinstein - CMMC Consulting LLC & Creator of dodcui.com Mike Waters - Principal Consultant, SideChannel Brian Haugli - Managing Partner, SideChannel & Host of #CISOlife The CMMC Center of Excellence ( cmmc-coe.org ) is an IT-AAC sponsored and hosted public – private partnership that will be the focal point for coordination, communication, and collaboration in support of entities seeking to achieve the Cybersecurity Maturity Model Certification requirements, to improve and enhance the cybersecurity and overall security of the supply chain for the defense industrial base and the United States Department of Defense. The CMMC COE is forging a variety of partnerships, alliances, and affiliations committed to the mission of meeting the requirements of the Cybersecurity Maturity Model Certification. These engagements include industry groups and organizations; standards bodies; NGO's; academic institutions and leaders; government entities; FFRDC's; and more. The COE also serves in an industrial advisory capacity for the Congress and the Executive Branch. Through the various strategic engagements, the CMMC COE supports the entities seeking to achieve the appropriate level of certification mandated by the CMMC, so they remain eligible to participate in DoD acquisitions as a prime contractor; subcontractor; supplier; or vendors of information and communications technology products and services. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife Industry-leading coaching techniques | HR, Talent Management & Organizational Development

    Play Episode Listen Later Jan 24, 2021 29:11


    Industry-leading coaching techniques and assessments supported by expertise in Human Resources, Talent Management and Organizational Development We talk with Christine Bilotti Peterson about applying best practices to being an executive. She's offering a free consult to discuss your goals! Schedule on her website here: https://whatsyourlongview.com/ "I founded Longview Consulting because I've been working on ways to make a significant impact on people and in organizations for almost 30 years. It's my passion, my purpose and I've never been more excited about it. I love helping companies and executives level up, exceed their goals and lead authentically" — Christine Bilotti-Peterson #cisolife --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - The InfoSec Ratpack - Dom, Dutch, & Brian

    Play Episode Listen Later Jan 7, 2021 35:22


    A very light CISOlife with return guests Dom Vogel and Dutch Schwartz. What happens when we get together and openly discuss the cyber industry? Tune in to find out. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Dutch Schwartz Interview cybersecurity risk management

    Play Episode Listen Later Jan 6, 2021 19:02


    Join Dutch Schwartz and Brian Haugli as they discuss pre COVID cyber risks, being the business enabler and risk management. They also cover what the new water cooler talk and best way to kick back on a Friday is. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Dominic Vogel | Canadian SMB markets | reactive vs proactive | company mindsets

    Play Episode Listen Later Aug 13, 2020 38:02


    Dominic Vogel sits down with me to talk the Canadian SMB markets, how companies are still reactive vs proactive in addressing their #cybersecurity posture, and his views on company mindsets. #CISOlife --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Vacation Thoughts & 3rd Party Vendor Risk Problems

    Play Episode Listen Later Jul 21, 2020 12:39


    #CISOlife - Off the top of the head thoughts and back from #vacation. Here I overview why vacation's are much needed to avoid burnout and how most organizations are causing issues with their 3rd party vendor #cybersecurity risk assessment questions. Help the supply chain and help yourself on this episode of CISOlife YouTube and Podcast from SideChannel Security. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Yaron Levi, CISO at Blue Cross Blue Shield Kansas City

    Play Episode Listen Later Jun 11, 2020 27:59


    Welcome back to CISOlife. I sit down with Yaron Levi, CISO at Blue Cross Blue Shield Kansas City (not just Kansas! Thank Yaron) We talk about his view on small businesses working with larger enterprises, the effects of 3rd party vendor risk management and how the cyber community can work with law makers on better policy. Enjoy! #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com Podcast - https://anchor.fm/cisolife Spotify - http://spotify.sidechannel.com iTunes - http://itunes.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Jennifer Pilat, VP Strategy at MxD | National Center for Cybersecurity in Manufacturing

    Play Episode Listen Later Jun 1, 2020 17:22


    Interview with Jennifer Pilat, VP Strategy at MxD. MxD is the Department of Defense's National Center for CyberSecurity in Manufacturing (NCCM). MxD (Manufacturing x Digital) is where innovative manufacturers go to forge their futures. In partnership with the Department of Defense, MxD equips U.S. factories with the digital tools and expertise they need to begin building every part better than the last. As a result, our approximately 300 partners increase their productivity and win more business. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Allan Alford | NIST CSF Control War Stories from CISOs

    Play Episode Listen Later May 29, 2020 48:11


    Recorded from the 5/27/2020 LinkedIn Live stream. Allan Alford and I sit down to discuss examples from our past of where NIST CSF controls were missed or not implemented. Listen as we trade war stories on failures and successes. --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife Full Discussion - Leslie Weinstein of CMMC Consulting LLC and the US Army joins me to talk #CMMC

    Play Episode Listen Later May 19, 2020 14:37


    #CISOlife Full Discussion Video - Leslie Weinstein of CMMC Consulting LLC and the US Army joins me to talk #CMMC, #cybersecurity efforts, DoD standards, Cybersecurity Maturity Model Certification Accreditation Body (CMMC AB) opportunities, Defense Contract Management Agency (DCMA) reviews and much more! --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Full discussion with Karl Sharman at BeecherMadden on job hunting and recruiting!

    Play Episode Listen Later May 11, 2020 37:26


    #CISOlife - Full discussion with Karl Sharman at BeecherMadden on job hunting and recruiting! --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Chris Tillett interview - Surviving COVID Support from cyber & healthcare communities

    Play Episode Listen Later May 11, 2020 22:07


    Chris Tillett interview - Surviving COVID Support from cyber & healthcare communities --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Guest Ron Ford, DHS & CISA Cybersecurity Advisor - New England

    Play Episode Listen Later Apr 28, 2020 23:26


    Ron Ford of U.S. Department of Homeland Security & Cybersecurity and Infrastructure Security Agency sat down with me on #CISOlife to discuss all things CISA, #cybersecurity tools, work during pandemic, and risk management. #cmmc --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - APEC, Singapore and US cybersecurity alignment w/ Dr Magda Chelley

    Play Episode Listen Later Apr 17, 2020 25:26


    Special guest Dr Magda Chelley joins me to discuss US and Singapore cyber alignment on implementations and adoptions. How risk management plays into the supply chain and the role of the CISO. Dr Magda Chelley CEO Responsible Cyber https://www.responsible-cyber.com/ https://www.linkedin.com/in/m49d4ch3lly/ --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - College Degrees vs Passion - Why are you requiring a degree for cybersecurity jobs?

    Play Episode Listen Later Mar 5, 2020 1:25


    Why do we require a college degree for all cybersecurity jobs? Why not remove the requirement and see what the candidate pool looks like then. #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Remote Access amid the Coronavirus and Pandemics

    Play Episode Listen Later Feb 28, 2020 4:41


    How will CISOs and CIOs respond when there's a decision to force full remote work at the company? When will the Board start asking about how well protected the company is with a more remote workforce? #cisolife Follow us - Website - http://www.sidechannel.com LinkedIn - http://linkedin.sidechannel.com YouTube - http://youtube.sidechannel.com Facebook - http://facebook.sidechannel.com Twitter - http://twitter.sidechannel.com --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Top tips for the aspiring cybersecurity professional coming out of college with Taylor

    Play Episode Listen Later Feb 27, 2020 1:15


    #CISOlife - Top tips for the aspiring cybersecurity professional coming out of college with Taylor Lehmann & SideChannel Security 1) Local meetups 2) Internships 3) Mentor What do the veterans in the space have to say? What tips can you share for the early in career or soon to graduate cybersecurity professionals? --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Left of Boom with Taylor Lehmann

    Play Episode Listen Later Feb 27, 2020 27:52


    I sit down with Taylor Lehmann, CISO athenahealth and partner at SideChannel, to discuss cybersecurity evolution, progress, FInOps, cloud security, IoT, OT, medical device security, and design thinking. Follow Taylor on Twitter @BostonCyberGuy and LinkedIn at https://www.linkedin.com/in/tpain/ --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife - Communication with the SOC

    Play Episode Listen Later Feb 27, 2020 1:02


    #CISOlife - what makes a good Security Operations Center? Who has seen great communication between the SOC and the rest of the org? What was it that made it so good? --- Support this podcast: https://anchor.fm/cisolife/support

    #CISOlife (Trailer)

    Play Episode Listen Later Feb 26, 2020 0:30


    --- Support this podcast: https://anchor.fm/cisolife/support

    Claim #CISOlife

    In order to claim this podcast we'll send an email to with a verification link. Simply click the link and you will be able to edit tags, request a refresh, and other features to take control of your podcast page!

    Claim Cancel