The CISO's Gambit

In a room of 50 CISOs, if only one said we're winning the war against cyber threats, what does it tell us? Tony Fergusson, CISO in Residence at Zscaler, and Casper Klynge, newly appointed Vice President and Head of EMEA Government Partnerships at Zscaler, unpack the quandary facing Europe and other regions where bold ambitions to adopt security and privacy by design collide with grim cybersecurity statistics and trends. By listening to this insightful episode, you'll better understand what public organisations can learn from private enterprises to achieve a brighter and secure digital future, including technologies to reduce attack surfaces, fight AI-based threats, modernize cyber hygiene with zero trust, plus the key role of supportive regulatory measures like NIS2 and DORA. 

Factories face unique and seemingly insurmountable cybersecurity challenges in the increasingly digitalized landscape, but there is a light at the end of the tunnel where leaders can deliver reliable production, secure supply chains, and availability of products and services. Discover how zero trust fits in a world of operational tech, legacy processes, and methodologies like Six Sigma.

"How do you drive trust in a digital first or software first world?" This is the question that Francis Ofungwu, Global Field CISO at GitLab, helps customers answer every day. Securing software development is unlike enterprise security, where CISOs have strong visibility into the environment and can exercise direct control. To secure software, leaders must convince those outside of their department to buy-in on their strategy and implement needed changes. Learn Francis' secrets for winning support and securing the SDLC in this episode of The CISO's Gambit.   

 GRSA/Compass Group is a global provider of food services and support operating in over 50 countries. How does CISO Adriano Lima, ensure his company remains secure while serving companies, schools, hospitals, oil platforms, and customers in remote locations around the world? Discover his secrets for success as he shares his experiences with Zscaler CISOs in Residence, Sean Cordero and Brad Moldenhauer. 

Darin Hurd, EVP and CISO at Guaranteed Rate, explains the value of zero trust security in the financial sector. Lenders cannot control the federal funds interest rate or the state of the economy, which can change rapidly. However, they must respond and adapt to these variables and others while ensuring their infrastructure remains secure. Darin explains how grit, partnerships, and clear communication are key factors in bringing zero trust to financial organizations.

Brent Deterding, CISO of Afni, knows focusing on empathy yields benefits for his personal, and professional life.  Whether raising foster children, meeting with vendors, or analyzing cyber attacks, his policy of treating others with dignity opens new doors and creates opportunities. Learn how being transparent in conversations helps him avoid costly mistakes, discover solutions, and maximize discussions. 

 Board-Level Cyber Risk OversightNew regulations are elevating cybersecurity issues to the attention of the boardroom, is your organization prepared? Board member Helmuth Ludwig and Zscaler Sr. Director of Global Executive Advisory, Lauren Wise, wrote the book on board-level cyber risk oversight. Listen to their discussion on defining material breaches, knowing the right questions to ask, and the board's crucial role as cyber risk managers.

The SEC is requiring organizations to report material cyber incidents within four days. What makes an incident “material”? Brad Moldenhauer, VP & CISO in Residence at Zscaler offers his insights.

Elena Elkina, Partner at Aleada Consulting, uses her legal and technical background to help organizations explore the treacherous intersection of privacy and security. Are your security processes compliant with privacy regulations? If your cybersecurity posture meets security regulations, have you met your privacy obligations? Elena shares her insights with CISO in Residence, Sean Cordero, on this episode of The CISO's Gambit.

Challenge yourself, get uncomfortable, scale up, and learn the language of business. Discover the vital steps CISOs take to stay sharp, mentor tomorrow's leaders, and secure a global organization. 

Shannon Lietz is an award-winning security professional, patent-holder, visionary innovator, and industry leader. She joins host Sean Cordero for an in-depth discussion on lucky vs. good cybersecurity, passion-based hiring, DevSecOps, and our industry's need for accountability and metrics. 

Jack Leidecker oversees the security of an AI-driven revenue platform that derives advanced revenue and sales insights. Hear his insider's view on AI's current trajectory and the importance of remembering one's roots in a high-tech world.

Lance Dubsky talks about securing everything from orbital technology to the ocean floor in his compelling description of the ambitious goals of Quintillion Subsea Operations.

The nexus of cyber, AI, and education is getting more complex, but CISO and polymath Sam Curry delivers sharp insights and memorable anecdotes for leaders facing asymmetric threats from a borderless offense.

For many organizations, data backups are not treated as something that may ultimately determine the survivability of the company. Avoid making this mistake, listen to W. Curtis Preston's (a.k.a. “Mr Backup”) sobering stories of businesses destroyed in a single day due to poor data resiliency practices and how the 3-2-1 backup rule can help fend out off the fallout of ransomware and other catastrophic events.

Zscaler CISO-Americas Benjamin Corll and Brad Moldenhauer join host Sean Cordero to discuss the hottest cybersecurity topics at Miami's recent Global CISO Exchange. Sean delves into their experience to uncover what security executives are discussing today. What problem has CISOs brainstorming in their hallway conversations? Where do industry leaders believe AI/ML is headed? Why are some businesses still afraid of the cloud? Discover these answers, then hear what Zscaler CEO, Jay Chaudry, and Crowdstrike CEO, George Kurtz, said about partners, integration, and the future of cybersecurity.

Is a CISO's ascent to industry stardom less about passion for technology and more about overall C-suite business acumen? That holds true for award-winning CISO at BAT, Dawn-Marie Hutchinson. Discover how an MBA, effective presentation skills (Toastmasters anybody?), and keeping your company's annual reports own your nightstand can be a turning point for your career.

Joseph Drasin, assistant vice president for planning and continuous improvement at the University of Maryland, College Park's Division of Information Technology, is a faculty fellow in the Honors College, and a technology leadership expert. A software engineer turned academic, Drasin specializes in organizational development, change management, and process engineering. His research-driven business and people management lessons will open your eyes to a world often missed by well-intentioned executives.

In the final episode of CISO's Gambit for this year, host Sean Cordero is joined by colleagues Brad Moldenhauer, Mark Lueck, and Ben Corll, members of the office of the CISO at Zscaler, for a look back on 2022. They discuss the year's cybersecurity happenings, the evolving role of security leadership, and what trends they anticipate continuing into 2023.

In a first, host Sean Cordero welcomes accomplished venture capitalist to the show, Marcus Bartram, General Partner at Telstra Ventures. Marcus has backed investments in such recognizable security ventures as CrowdStrike (a Zscaler partner). Throughout their conversation, Bartram explains what he looks for in an attractive cybersecurity investment, what startups look for in CISO and external advisors, and how to scale great ideas into a successful business.

Not everyone arrives at work in the morning to advance humans' understanding of our place in the universe. But David Liska does. As the Associate Director of Engineering & Technology at the Space Telescope Science Institute, he's been integral in launching and operating one of humanity's most ambitious astronomical projects to date: the James Webb Telescope. In this episode, learn what it takes to manage such a massively complex undertaking, Liska's lessons for working on public sector projects, and what about the universe still fills him with wonder.

Does academia take the right approach to producing tomorrow's cybersecurity leaders? What role should private sector leaders play? JP Saini, Chief Digital & Technology Officer at Sunbelt Rentals joins host Sean Cordero to discuss how mentorship directly contributes to better business outcomes, the importance of soft skills, and the fundamentals necessary to find success in a cybersecurity career.

Get up to speed on the art and science of training models, big data sets, and limitations and possibilities for AI in cybersecurity and beyond. Zscaler Vice President of AI and Machine Learning Howie Xu has been a pioneer in applying AI and ML to cybersecurity since the late 1990s. In this episode, he is joined by VP and CISO AMS - Brad Moldenhauer, and host Sean Cordero to discuss the state of applied ML and AI and the future.

After the RSA showroom floor proved zero trust's popularity as a buzzword, how will its tenants be solidified and standardized to separate true adherents from charlatans? To find out, host Sean Cordero welcomes John Yeoh, global vice president of research at the Cloud Security Alliance, and Lauren Wise, senior director, global executive advisory at Zscaler to discuss the recently announced Zero Trust Advancement Center and its mission to become the vendor-agnostic industry "North Star" for the strategies and solutions that make up zero trust cybersecurity.

Zscaler VP & CISO Brad Moldenhauer joins host Sean Cordero for a deep dive into new phishing data and tactical analysis provided by the Zscaler ThreatLabz team. They cover why political turmoil tends to correlate with rising phishing rates, phishing attack vectors like browser-in-the-browser (BitB) that are gaining steam among adversaries, supply chain risk, and why spear phishing is still a whale of a problem. Listen now to learn more about the latest developments in phishing tactics.

There is no one path to the top security role, but once there, the challenges for newbie CIOS are familiar. What are the keys to success? What kind of background and skill set is best? How do you pick up an inherited tech stack and budget and run with it? What is the right organizational structure given how infrastructure and risk management have evolved? To answer these top questions and more, host Sean Cordero, Zscaler CISO - Americas goes deep with Heng Mok, Zscaler CISO - APJ, a relative newcomer to the team with a prolific career journey.

The global M&A market is on a record-setting pace with trillions of dollars in transactions every year. With that comes a lot of success stories and unfortunate failures. In this episode, CISO-Americas and host Sean Cordero and Zscaler guests Sami Ramachandran, Managing Director, M&A, Divestiture, Private Equity, and Pam Kubiatowski, Field CTO, detail how the strategic use of cybersecurity and networking can be the linchpin for successful and rapid IT integration and separation for mergers, acquisitions, and divestitures.

Sean welcomes Bryan Green, former Business Information Security Officer (BISO) at Salesforce, and Brad Moldenhauer, former CISO at Steptoe & Johnson, as guests in this stage-setting discussion into trends and concerns that will occupy the minds and focus of cybersecurity leaders the world over. Listen for perspectives and insights you can use in your planning and strategies for ransomware, cryptocurrencies, cyber-insurance, and critical infrastructure. 

CISO - Americas, Sean Cordero, a newcomer to the Zscaler team, picks up the reins as host and interviews Deepen Desai, the Global CISO and Head of Security Research at the company about the most pressing cybersecurity topic this month, Log4j. Listen in for insights into how attackers can and have been exploiting the massive vulnerability, prevention measures, and if we're headed toward a world where every day seems like Patch Tuesday.

The Zscaler CISO team is joined by their esteemed colleague, Sahir Hidayatullah, to investigate the capability known in the cybersecurity industry as Active Defense. The Zscaler CISO team has been actively engaged with customers on various threat prevention and detection strategies for SecOps maturity. The problem in this area today is apparent: alert fatigue, false positives, data paralysis, complexity, ineffectiveness. This suggests transformational change is required to protect against the threatscape that continues to expand the sophistication of its arsenal. Enter Active Defense (aka Adversary Engagement) and its human threat focus, to proactively combat the threat through engagement, disruption, and asymmetry.  The Zscaler CISO team is joined by one of the pioneers in the Active Defense space, Sahir Hidayatullah, to investigate this capability and how he sees this capability working in a zero-trust environment. Discussion topics include: The current shortcomings or gaps with conventional threat detection capabilities and techniques Active Defense and MITRE Engage Active Defense disrupting the cyber kill chain Active Defense case studies What if Active Defense was in place at Colonial Pipeline? 

CISA TIC Program Manager, Sean Connelly, speaks with our Federal CISO, Danny Connelly, about the game changing aspects of TIC 3.0 and what it means for the federal government.The Office of Management and Budget (OMB) Memorandum M-19-26, “Update to the Trusted Internet Connection (TIC) Initiative”, provides agencies a modernized approach to implement the TIC initiative (TIC 3.0).The initial implementation of Trusted Internet Connections (TIC), as mandated by OMB in 2007 required agencies to consolidate external connections and deploy common tools to enhance network security across the Federal Government. This required “agency traffic to flow through a physical TIC access point, which has proven to be an obstacle to the adoption of cloud-based infrastructure.”On this episode of the CISOs Gambit, Zscaler Federal CISO, Danny Connelly speaks with Sean Connelly, CISA TIC Program Manager about TIC 3.0 and the game changing aspects that enable federal agencies to move away from legacy network security solutions and modernize cybersecurity. What is TIC 3.0?  What's different from previous iterations of the TIC requirements and what are the benefits of leveraging the TIC 3.0 framework?  What is the Cloud Log Aggregation Warehouse (CLAW)? TIC 3.0 and NIST 800-207 (Zero Trust Architecture) go hand in hand, can you share some perspective on how those critically important standards and TIC 3.0 requirements were developed?  The Presidential Executive Order highlighted significant cyber security enhancements needed across the federal government, what is your perspective on the EO and how does TIC 3.0 help agencies meet the intent of the EO. Can you share some observations on use cases agencies have implemented and have proven to be successful? Basically who would you say has done it well and can you share any lessons learned that might help other agencies? What's the best way for agencies to get up to speed on TIC 3.0 and the various components of the framework like, PEPs and how to leverage the security capabilities matrix? Where can an agency start?

The Zscaler CISO team has been hearing the same question in their day-to-day interactions: should I deploy zero trust: at the edge or at the endpoint? In this podcast, they share their perspectives on why a layered defense is critically important to protect organizations from today's threats.  SASE + EDR = “Better Together”, and the team clears up some uncertainties about things like: Is the endpoint a realistic option to base your security stack? What gaps are created if an organization focuses their security strategy exclusively around endpoints and Zero Trust? What is the ideal reference security architecture for the future given what we've seen with a company's digital transformation program?

The Zscaler CISO team looks at the inherent tension between business enablement and cyber security that plays out in many organizations. How do you balance the need for strong security AND still adopt cloud-and mobile-technologies that allow for business agility, resiliency, and user productivity? Why is user experience important to successful enterprise security? What are the common challenges for a CISO to simultaneously deliver risk reduction and employee productivity outcomes for the business? How do you bridge the gap between security concerns and business needs? Control Freak overview - Preventive, Detective and Response

The Zscaler CISO team delves into what happened at Colonial Pipeline, and the federal government's response to the attack in the form of the Executive Order on Improving the Nation's Cybersecurity.  What the Colonial Pipeline attack was The nature of ransomware attacks The issues with Colonial Pipeline's response Some details on how the the new EO addresses Colonial Pipeline reporting failures 

The Zscaler CISO team looks at the 25-year-old technology of Virtual Private Networks (VPN), and recent VPN vulnerabilities that have hit the news. In this episode, they cover: DHS CISA's Emergency Directive 21-03 VPN's diminishing legacy Modernized remote access with Zero Trust

The Cloud Act is a 2018 set of regulations that impact enterprise and network security. How is it important to CISOs, enterprises, and organizational security? The team looks at: What is the Cloud Act? CISO experiences with the Cloud Act How we are helping customers with Cloud Act challenges

In this episode, Brad Moldenhauer, Marc Leuck, Nicolas Casimir, and Danny Connelly of the Zscaler CISO team cover the ins and outs of SSL inspection for enterprise cybersecurity posture. They review: The importance of SSL inspection  The implementation challenges of SSL inspection Privacy and legal challenges associated with SSL inspection Encrypted traffic threat landscape

The COVID-19 crisis was a massive shift for how enterprises looked at security, and more importantly, acceptance of risk. Brad and Danny discuss how the change impacted: Risk and threat exposure for cybersecurity postures Role of the CISO as a thought leader COVID-19 cybersecurity concerns Zero Trust as a remedy