Abnormal Security is revolutionizing cloud email security with its behavioral AI-based platform. Using machine learning, the platform detects and stops sophisticated inbound email attacks and dangerous email platform attacks that traditional solutions often miss. The anomaly detection engine analyzes the risk of every cloud email event, preventing inbound email attacks, detecting compromised accounts, and remediating emails in milliseconds, all while providing visibility into configuration drifts across your environment. The company has recently launched Security Posture Management, a product that monitors each entity for potentially risky configuration changes. This includes changes like the escalation of administrator privileges or the integration of new unverified applications with read-write access to mailboxes. When changes occur, Security Posture Management alerts administrators so they can understand the impact and take appropriate downstream action to protect their cloud email platform from insider threats or attacker infiltration. CISO at Abnormal Security, Mike Britton, shares the company's mission to redefine cloud email security and protect against email platform attacks. Mike shares why he belives that with Abnormal Security, organizations can have peace of mind knowing their cloud email platform is protected from sophisticated attacks.
All links and images for this episode can be found on CISO Series. Tabletop exercises are critical procedures to learn how everyone will react during an actual attack. Panic is usually the first response, so why don't we do that when we're playing our pretend game of getting our business compromised by a nefarious hacker? This week's episode of CISO Series Podcast was recorded in front of a live audience in Clearwater, Florida for the Convene conference produced by the National Cybersecurity Alliance (AKA StaySafeOnline.org). Joining me on stage for the recording was my guest co-host, Hadas Cassorla, CISO, M1 and our guest, Kathleen Mullin (@kate944032), CISO, Cancer Treatment Centers of America. Thanks to our podcast sponsors, Cofense, KnowBe4 & Terranova Cofense is the only company to combine a global network of 32 million people reporting phish with advanced AI-based automation to stop phishing attacks. Our global phishing defense centers work 24/7 to support more than 2,000 enterprise customers, providing the technology and insights needed to identify & block threats. KnowBe4 is the world's largest integrated Security Awareness Training and Simulated Phishing platform. KnowBe4 helps organizations manage the ongoing problem of social engineering through a comprehensive new-school awareness training approach. Tens of thousands of organizations worldwide use KnowBe4's platform to mobilize their end users as a last line of defense. Get free phishing benchmarking data to drive effective behavior change and grow your organization's security-aware culture with the latest edition of the Phishing Benchmark Global Report! Taken from this year's Gone Phishing Tournament, this report gives security and risk management leaders the insight they need to strengthen data protection. More at terranovasecurity.com. In this episode: Where do you see tabletops coming apart and being ineffective and what are the core elements that truly make them succeed? Have you ever seen a real incident play out where you can point to the tabletop as the reason you were able to handle the incident? Are people the safety net for your security controls OR should security controls the safety net for your people?
Guest: Matthew Rosenquist, CISO at Eclipz.ioOn LinkedIn | https://www.linkedin.com/in/matthewrosenquist/On Twitter | https://twitter.com/Matt_RosenquistOn Medium | https://matthew-rosenquist.medium.com/____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva: https://itspm.ag/imperva277117988HITRUST: https://itspm.ag/itsphitweb___________________________Episode NotesIn the last episode on this topic, Matthew gave us some insights into how and where he expected cybersecurity to take us in 2022. During the conversation he said, “Cybersecurity will continue to rapidly gain in both relevance and importance in 2022 as the world relies more upon digital technologies and unknowingly embraces the increasing accompanying risks of innovation. 2022 will see the rise of government orchestrated cyber-offensive activities, the growth of cybercriminal impacts at a national level, and the maturity of new technology used as powerful tools by both attackers and defenders. Overall, 2022 will be a more difficult and trying year for cybersecurity than its predecessors.”In this episode, we take a look back at the year of cybersecurity that was 2022, including the predictions, the outcomes, and the misses. It's a wild ride that you won't want to miss, even if you experienced some of it first-hand in your own InfoSec programs.____________________________ResourcesPrevious Episode #844 - It Is 2022: Here Are Some Cybersecurity Predictions And Their Impact On Business, Governments, Citizens, And Society: https://itsprad.io/redefining-security-844Original 10 Predictions: https://www.linkedin.com/pulse/10-cybersecurity-predictions-2022-matthew-rosenquist/____________________________To see and hear more Redefining CyberSecurity content on ITSPmagazine, visit:https://www.itspmagazine.com/redefining-cybersecurity-podcastWatch the webcast version on-demand on YouTube: https://www.youtube.com/playlist?list=PLnYu0psdcllS9aVGdiakVss9u7xgYDKYqAre you interested in sponsoring an ITSPmagazine Channel?
Guest: Michael Goetzman, CISO at Solano Security and Founder of CypherCon [@cyphercon]On Twitter | https://twitter.com/GoetzmanOn LinkedIn | https://www.linkedin.com/in/goetzman/________________________________Host: Ben SchmerlerOn ITSPmagazine
Today on the Social-Engineer Podcast: The Security Awareness Series, Ryan and I will have a special discussion of the 2023 security landscape. [Jan 27, 2023] 00:00 – Intro 00:27 – Intro Links: Social-Engineer.com- http://www.social-engineer.com/ Managed Voice Phishing- https://www.social-engineer.com/services/vishing-service/ Managed Email Phishing- https://www.social-engineer.com/services/se-phishing-service/ Adversarial Simulations- https://www.social-engineer.com/services/social-engineering-penetration-test/ Social-Engineer channel on SLACK- https://social-engineering-hq.slack.com/ssb CLUTCH- http://www.pro-rock.com/ innocentlivesfoundation.org - http://www.innocentlivesfoundation.org/ 04:25 – Don't Forget Ryan 05:11 – What Are We Talking About: 2023 Edition 05:39 – 2022 Was Rough! 07:09 – Getting Everyone Else Up To Speed 09:24 – Hackers for Hire? 12:58 – Economic Crisis = Rise in Cybercrime 15:10 – Emotional Victimizing 18:08 – Losing the Teachable Moment 20:42 – Ransomware as a Growth Industry 24:20 – MFA for All! 27:15 – There is Hope 28:40 – Make It Personal 30:47 – A Tool is Just a Tool 33:25 – Don't Recycle 34:53 – Make it Hard! 36:29 – Gotta Get it Tailored 37:47 – Trust the Process 39:40 – Wrap Up & Outro social-engineer.com innocentlivesfoundation.org
Link to Blog Post This week's Cyber Security Headlines – Week in Review, January 23-27, is hosted by David Spark with our guest, Kathleen Mullin, CISO, Cancer Treatment Centers of America Thanks to our show sponsor, SafeBase If a prospective customer asked about your trust program or security policies, where would you send them? Chances are, you'd need to send an NDA, hunt down documentation, go back and forth via email, and answer a litany of questions. SafeBase is the better way. SafeBase's Smart Trust Center allows you to send *one link* to customers or buyers, so they can easily access the security and compliance information they need. Meanwhile, you get more control over who has access to your documents, and for how long. Build customer trust the smart way with SafeBase – learn more at safebase.com All links and the video of this episode can be found on CISO Series.com
Guest: Tricia Howard, Senior Technical Writer II at Akamai Technologies [@Akamai]On Mastodon | https://infosec.exchange/@triciakickssaasOn Twitter | https://twitter.com/TriciaKicksSaaSOn LinkedIn | http://linkedin.com/in/triciakickssaasWebsite | https://triciakickssaas.com/________________________________Host: Alyssa MillerOn ITSPmagazine
In this episode of The New CISO, Steve is joined by returning guest Mark Weatherford, CSO and SVP of Regulated Industries at AlertEnterprise.In last week's episode, Mark shared how he set the foundation for his incredible career, from his start in the Navy to his time working for Governor Arnold Schwarzenegger. Today, Mark delves into his lasting legacy in the cyber security field. Listen to part two of this episode to learn more about being the plus one at security meetings, Mark's mentorship perspective, and putting in the work to succeed.Listen to Steve and Mark discuss what it means to be coachable and the importance of experience:The White House Basement (1:33)Host Steve Moore presses his guest Mark Weatherford on a meeting he attended in the White House basement.Mark was initially instructed to use this meeting as a learning experience to see how things worked. Unexpectedly, John, the National Security Advisor, asked Mark his thoughts on an issue, and Mark answered on the spot. Strong Leadership (6:44)John asking Mark a security question showed strong leadership because it allowed Mark, who was new to the team, to be included.When you're the CISO in charge, you should bring a team lead or a middle manager to meetings, so they can learn and provide input. This type of experience will allow them to build skills and develop confidence, which they will need as they climb the cyber security ladder. Mentorship Advice (10:29)Mark advises the younger leader to always look for opportunities to mentor people. Generally, Marks tries to be available to those who ask him to chat about leadership and security. On the other side, younger people need to be willing to ask for help.The Mentorship Exchange (16:10)Steve asks Mark what people should expect from mentorship lunches. Is it just lunch or something more pressing?Mark explains how in his case, he was friends with his mentor, so they mostly just enjoyed meals together. However, his mentor would ask him questions about work to see how he could help. Of course, different dynamics operate differently, but the main thing mentees should consider about themselves is, “am I coachable?”Steering The Mentee (19:47)Mark and Steve discuss how to guide mentees away from vanity. Nowadays, new security professionals may focus too much on the job title than becoming a leader. Mark then further explains what it means to be coachable: a willingness to take in the tough feedback to improve.In the Meeting (21:24)When Mark meets with potential mentees, he'll give them a homework lesson and ask them what their goals are. He will also ask them what efforts they've made to achieve their goals.With so many CISO opportunities out there, people are getting jobs without putting in the hard work, though having experience is essential.The New CISO (24:08)To Mark, being a new CISO is a wide-open field. One must understand the job's responsibilities and be creative with their resources. Ultimately, being a new CISO is having the experience that validates your position in the role.Links mentioned:LinkedIn
All links and images for this episode can be found on CISO Series. Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? Check out this post for the discussions that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jason Kikta (@kikta), CISO, Automox. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Given that your company's security is dependent on the security of your partners and others, what can we do to get more organizations above the security poverty line? How can we give them guidance towards working on priorities in cybersecurity? How are the Vendors handling this? Can we create an "Adopt a Highway" program for cybersecurity?
At the 2022 Cyber Marketing Con, the CyberWire presented a CISO Q&A panel session on how to help cyber marketers reach CISOs and other security executives in the industry. The panel included Rick Howard, CSO of N2K Networks, Jaclyn Miller, Head of InfoSec and IT at DispatchHealth, Ted Wagner, CISO of SAP NS2, and was moderated by board director & and operating partner, Michelle Perry. Listen in as the panel discusses: What works and doesn't work in getting a security executive's attention. Message trust, message fatigue, and what you can do about it. Trusted information sources and how security executives use them. Positioning and messaging that is actually meaningful to decision makers. The security executive's purchasing behavior and why skepticism is the driving force. Stay tuned until the end to hear us answer some additional bonus questions submitted by attendees.
Would you pay the ransom if you were hit with ransomware? Leaders and their companies are targets. Cyberthreats are on the rise and many companies have fallen victim. They can actually reflect what our weaknesses are when it comes to leading people and how you react under pressure. For most people, this is a really stressful time but it can also be a great opportunity to see how you handle difficult situations.I host Dan Lohrmann, Field CISO for Presidio, who shares a vital strategy for how to respond to a cyber ransom threat.Presideo is a global digital solutions and services provider delivering software-defined cloud, collaboration and security solutions to customers.Dan started his career at the National Security Agency (NSA), and has over 30 years of professional experience – including Chief Security Officer and Chief Technology Officer roles.He's also an award winning blogger and global speaker on a wide range of technology and cybersecurity topics. Best selling author of “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” LinkedIn Profile https://www.linkedin.com/in/danlohrmann/Company Link: https://www.presidio.com/Link to Dan's Book: “Cyber Mayday and the Day After Dan: A Leader's Guide to Preparing, Managing and Recovering From Inevitable Business Disruption.” https://www.amazon.com/Cyber-Mayday-Day-After-Disruptions/dp/1119835305 What You'll Discover in this Episode:The story of the turning point of his career.How he accelerated his learning as a writer.A vital cybersecurity tip for leaders.How to be prepared for AI and cyber risks.The first step you should take if you receive a cyber ransom note.The role of cybersecurity for the next five years.What happened with the $28.75M ransom note.-----Connect with the Host, #1 bestselling author Ben FanningSpeaking and Training inquiresSubscribe to my Youtube channelLinkedInInstagramTwitter
This episode is sponsored by RoundTable Technology - the Nonprofit IT Partner. On January 26, they are offering a free webinar on the exact steps required to secure and protect your nonprofit IT in the New Year. RoundTable Technology is a managed IT and cybersecurity services organization focusing on the nonprofit sector, with over 200 nonprofit clients. Head over to NonprofitIT.com/best-ever to save your seat now.Maybe you've heard of chatbots, the Lensa app (for all those futuristic selfies filling up your feed), or even played around with ChatGBT. AI is one of the fastest growing technologies of our time, and nonprofits need to start paying attention. My guest this week is Joshua Peskay, 3CPO (CIO, CISO & CPO) at RoundTable Technology. Joshua has spent the better part of three decades helping nonprofit organizations make better use of technology in support of their missions. In addition to leading RoundTable's security team and providing vCIO services to numerous organizations, Joshua is a national leader in helping improve cybersecurity in the nonprofit sector. We discuss:The benefits of AI for nonprofitsHow to use this powerful tech to grow our audiencePitfalls to avoid when using AIJosh's favorite AI toolsWhere to start, especially if you are a small shopLearn more about RoundTable Technology:Website: roundtabletechnology.com Twitter: @RoundTableITFacebook: @roundtabletechnologyLinkedIn - RoundTable TechnologyWebinar: NonprofitIT.com/best-ever Connect with Joshua: LinkedIn - https://www.linkedin.com/in/joshuapeskay/About Julia Campbell, the host of the Nonprofit Nation podcast:Named as a top thought leader by Forbes and BizTech Magazine, Julia Campbell (she/hers) is an author, coach, and speaker on a mission to make the digital world a better place.She wrote her book, Storytelling in the Digital Age: A Guide for Nonprofits, as a roadmap for social change agents who want to build movements using engaging digital storytelling techniques. Her second book, How to Build and Mobilize a Social Media Community for Your Nonprofit, was published in 2020 as a call-to-arms for mission-driven organizations to use the power of social media to build movements.Julia's online courses, webinars, and keynote talks have helped hundreds of nonprofits make the shift to digital thinking and how to do effective marketing in the digital age.Take Julia's free nonprofit masterclass, 3 Must-Have Elements of Social Media That ConvertsConnect with me on LinkedIn: https://www.linkedin.com/in/juliacampbell/
In this episode Rob talks about a recent event discussing the State of Cyber into 2023 Hosted by Dave DeWalt (founder & MD of NightDragon, one of the most successful business leaders in the cybersecurity industry) the event promised to take "a unique look at what products are really being adopted by cybersecurity buyers, what financial analysts are watching around skyrocketing valuations and what investors are watching for the next frontier of innovation. We'll also look at the state of the cyber talent gap, public-private partnership efforts and how CISOs are responding to the latest threats."Rob reacts to the thoughts of organisations such as EY, Kyndryl, Citi, Piper Sandler, AllegisCyber Capital, Team8, ForgePoint."What I took away as an extreme positive is the consistency of the CISOs on the panel, talking about how the shift in their approach and model is very much centered around how they're actually aligning with what the business needs from the cyber organization"[Regarding the Wall Street perspective] "2023 could be the biggest opportunity for investing in the cyber market because of what those returns are going to look like going forward, because the reality of the business delivering on what they market has to come to fruition.""The event and the timing of the event was very effective. The format of the event and the audience and the different segments and perspectives, I thought was a really nice balance."
In this episode of Hacker Valley Studio, Rob Wood, Chief Information Security Officer (CISO) at CMS, discusses the challenges of data silos within organizations. Rob explains that security teams often operate in silos, with different departments focusing on various aspects of security, such as incident management, compliance, and penetration testing. One way to improve this is by flattening the organizational structure and finding ways to work together in the same data environments, using the same data tools. This would allow teams to collaborate better and share information, improving overall security. In the episode, Rob also highlights the importance of supportive leadership and culture in driving change and the impact of the mission in his work. Ron picks up on two key elements - people and communication - as important in cybersecurity and business, as breakdowns often happen due to lack of communication. Chris mentions how he is hard on leaders who create toxic environments or use fear and intimidation to lead their teams. He also notes that he is starting to see a different kind of leader in the technical space, one that knows a lot, and is intelligent but also knows how to talk to people and make them feel seen. The conversation then shifts to where this change in leadership is coming from. Rob Wood suggests that it is the next wave of leaders coming in, as there are more leadership opportunities available. He also notes that there are many people moving into security from diverse fields, creating a polymath effect of blended disciplines. This helps humble people and allows them to be more human. He also mentions that his own career path was not traditional, as he studied sports management in college and transitioned into an internship in cybersecurity. -------------- Links: Stay up to date with Rob Wood on LinkedIn Join our Patreon monthly creative mastermind Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
All links and images for this episode can be found on CISO Series. Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International. Thanks to our podcast sponsor, SlashNext With today's transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies' most valuable assets. Check out the report. In this episode: Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? How do we make our security teams more productive? The cost of getting and paying for cybersecurity insurance is so darn high. Would it be worth it to just self-insure?
Cybercrime Magazine CISO Minute host Theresa Payton, Former White House CIO, discusses the healthcare industry's predicted cybersecurity spending, how these organizations can protect themselves from the growing threat, and more. The CISO Minute is sponsored by https://knowbe4.com/ • For more on cybersecurity, visit us at https://cybersecurityventures.com/
Two or three healthcare organizations a day are falling victim to a ransomware attack, according to Esmond Kane, chief information security officer (CISO), of Steward Health Care and former CISO for Harvard. The way to fight that is to use creativity, perseverance and innovation, he says. And keep in mind, the bad guys are also innovating at the same time you are. In this interview with healthsystemCIO Founder and Editor-in-Chief Anthony Guerra, Kane discusses the increasingly challenging role of the CISO and how he uses behavioral questions to find the right candidates for his team. Credentials and HR screening will not always reveal the best choice, but finding out how passionate someone is at their hobbies just might. And when it comes to the board, never tell them you can keep your institution 100% safe, because that's not reality, Kane says. Source: Q&A with Steward Health Care CISO Esmond Kane: “Ransomware Actors Are Also Innovating” on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.
Guest: Indus Khaitan, CEO and Founder at Quolum [@QuolumHQ]On LinkedIn | https://www.linkedin.com/in/khaitan/On Twitter | https://twitter.com/1ndusHost: Brendon RodOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/brendon-rod____________________________This Episode's SponsorsAre you interested in sponsoring an ITSPmagazine Channel?
Link to Blog Post This week's Cyber Security Headlines - Week in Review, January 16-20, is hosted by Rich Stroffolino with our guest, George Finney, CISO, Southern Methodist University Thanks to our show sponsor, Cerby Did you know that over 60% of the cloud applications used by your company don't support identity standards like single sign-on? And that these applications are the leading cause of breaches? Cerby can help. Cerby discovers new applications, eliminates manual security tasks like offboarding, and addresses misconfigurations like disabled 2FA while increasing employee productivity. Wait. A security tool that increases productivity? Yup. Learn more at cerby.com. All links and the video of this episode can be found on CISO Series.com
In a startup, the CISO role is far more intense and it's more intense for a whole slew of reasons. Startups don't have a lot of money. But knowing that we're building a product, it is really important to have security built in from the ground up, because it is a priority. So you're a CISO but you're a security architect and you're security engineer and you're analyst. And your ability was compliance and privacy. And you're doing everything and you're trying to do it on a shoestring budget and the creativeness and your ability to squeeze the lemon for every single last piece of dues is so critical. Brutally honest insights from James J Azar, CISO/CTO and a host of Cyber Hub podcast, CISO Talk, Good by Privacy and Daily Cyber Hub podcast. In this episode, Dani Woolf had a conversation with James about his challenges, goals, what vendors do that piss him off, and the alternatives, along with: The difference between a startup CISO and a CISO within an enterprise organization Why is the maturity of security teams a real thing? Why defining security maturity in larger enterprises is difficult What is a startup CISO's bleeding neck challenge? The main factors in the decision-making process that trigger a startup CISO to buy a cybersecurity tool, product or service What are differences or anomalies in the cybersecurity market that partners can take advantage of to stand out? Why is podcasting still valuable in the cybersecurity community? Cardinal rules cybersecurity vendors are breaking in the eyes of a security practitioner Join Audience 1st Today Join 750+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/newsletter Whenever you're ready, there are 3 ways I can help you and your go-to-market team: 1. Conduct a one-to-one interview with an existing or ideal customer and extract the most useful insights and recommendations for action. 2. Connect you with our CISO Panel to validate an idea, trend, message, service or product. 3. Plan and facilitate a customer advisory board (CAB) with your key customers to drive loyalty for your company's brand.
There are 44 countries and over 200 languages spoken in Europe, making for a complex place for organizations doing trade, complying with data privacy laws, and architecting a zero trust models. In this episode, returning guest Martyn Ditchburn, director of transformation strategy at Zscaler, says thinking globally but implementing locally while solving for real business challenges is what matters to success regardless of the economic climate.
In this episode of Conversations With Leaders, we're focusing on security as a critical component of digital transformation. Join Clarke Rodgers, director of AWS enterprise strategy as he interviews amazon's chief security officer, Steve Schmidt about what it takes to establish a security culture, scale securely, and continuously adapt to changing circumstances.
We're going to take a breath on the CTO Connection podcast for the next 3-4 weeks. When we first started the podcast, it was a “startup CTO podcast”. We've really enjoyed sharing the wisdom and experience of our guests on building and managing engineering teams at startups. However, we've seen over time that the challenges of running (say) a 5-20 person engineering team are very different from those involved when running a 200+ person org. And as many of our original startup CTOs have scaled their orgs to 200 people and beyond, we've decided to follow them.Because of that, we're going to refocus the podcast, the content, the summits, and the community on “geeks who lead at scale” - senior engineering leaders in larger companies with 200+ full-time employees in product/engineering. In that way, we'll be able to provide information that is more consistently tuned to one of the most challenging tasks out there - leading engineering orgs at scale.At the same time as we make the community more exclusive, we're also going to make it more inclusive. Whether you're running data, security, IT, or software development, there are many similarities when you're working within a company of around 500 - 10,000 employees. I've been involved with a number of “CTO” clubs across the US and in each case, I've seen the benefits of having a range of roles (from CIO and CISO to CDO and CTO - as well as directors and VPs of Software, Platform, Data/Analytics, and Security), as many of the challenges are the same, and it means the community has deeper expertise in a number of key topics if a CDO wants to learn more about engineering best practices for their data team or a CTO needs a hot take on an AppSec challenge they're facing.I am disappointed that - given our limited resources - we won't be able to continue the focus on content specifically tailored to startup CTOs, but I look forward to refining our focus so we can scale our ability to share experiences and insights from and between geeks who lead at scale.
My guest on the Business, Brains & The Bottom Line Podcast is CISO Ron Sharon. In addition to discussing cybersecurity, we discuss the best ways to go about creating relationships and how to proactively interact with folks on LinkedIn. As a CISO, Ron is approached by a ton of salespeople, and with that, he shares what he feels are the best ways to add value without constantly trying to sell him something all the time. Playing the long game and building relationships is the way to go if you're looking to create a brand and sell in the long run.
In today's cyber landscape, business leaders and security professionals need every edge they can gain to better protect their organizations and plan their defense against attackers. . Why do hackers do what they do? What are they trying to steal from you? Who do they partner with to make money and avoid getting caught? In this episode, hosted by John Verry, CISO and Managing Partner at Pivot Point Security, sits down with Raveed Laeb, Vice President of Product for KELA, who provides answers and explanations to explain the cybercrime business models, supply chains, and operational strategies. Join us as we discuss: · How understanding your financially motivated adversaries can directly benefit your cybersecurity posture, incident response, and executive decision-making · “Business models” and “supply chains” that hackers use to monetize your assets (which can be a lot more than just your data) · What you need to hear to dispel any lingering notion that your org has nothing hackers want · How and why bad actors are increasingly specializing based on skill sets, and where and how they choose their business partners · How forward-looking businesses are using cyber threat intelligence (CTI) to reduce cyber riskTo hear this episode, and many more like it, we would encourage you to follow the Virtual CISO Podcast here. You can find all our full length and short form video episodes on our YouTube here. To Stay up to date with the newest podcast releases, follow us on LinkedIn here. Listening on a desktop & can't see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
All links and images for this episode can be found on CISO Series. What happens when you want to adhere to more secure behavior, but the tool you're using forces you to be less secure, solely because they didn't architect in more stringent security when they created the program. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Terrance Cooley, CISO, Air Force JADC2 R&D Center. Thanks to our podcast sponsor, Varonis Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren't needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries. In this episode: What is the worst security behavior you've seen from an IT vendor? Are you applying talent-to-value recruiting techniques to reduce corporate risk? What are your predictions for the evolution of cyber threats?
CISOs often have a love/hate relationship with auditors, as it is the auditors that are placing judgment on the adequacy of company cybersecurity controls. Join this session from the perspective of an IT Audit leader and former CISO, as to how to view the auditors and strengthen the cybersecurity program amid adversity. Show Notes: https://securityweekly.com/csp105 This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
Taylor Lehmann, Director of Office of the CISO at Google Cloud, has made it his mission to make healthcare and life sciences more secure and strategic for everyone. Joining the pod this week, Taylor talks about how security and strategy have to start with people— from properly managing them to realistically motivating them. Healthcare is in need of some serious security TLC and Taylor is ready to tackle the difficult questions about how personal medical data can stay safe in a constantly evolving environment. Timecoded Guide: [01:47] Motivating your team & understanding your real cyber constraints [06:19] Creating a shared, measurable goal for every team [14:26] The haves and have-nots of healthcare security [22:08] Revolutionizing the security standard of healthcare [25:16] How to not fail your future self You're frequently brought into situations that are hard for security teams. Could you walk us through your process of dealing with interpersonal conflicts at work? Rarely is a conflict amongst team members about the technology itself, but is instead about how a team is working together. To combat team conflicts at work, Taylor first focuses on kindness and thankfulness. When a team can create a kind environment, trust flows much easier and the team can focus more on what the real constraints of their situation are (i.e. time and deadlines) vs their perceived constraints and tension points (i.e. assumptions around budget). “What I end up finding out in more cases than not is it's not about a tool, it's not about a security control you don't understand, it's usually not a technical issue, it's almost always getting teams aligned to working together towards a shared outcome.” What is the common slowdown or hiccup when it comes to security practitioners working together? The biggest and most detrimental slowdown amongst team members in cybersecurity is the lack of a shared goal. Without a united effort towards security and a measurable outcome to achieve, team members throughout your organization won't work effectively or efficiently together. When the goal to be more secure can be understood by everyone within the organization, team members won't get stuck on the whys or hows of the work they're doing. “Is the security department the only one who wants to be secure, or does everybody? The second you create a goal where teams are effectively working together to get that outcome, that's when you know you're there.” When you look at the maturity of health organizations in being more security-minded, what are some of the things that you're seeing in the industry? Like many industries, security in healthcare is divided into “have”s and “have not”s. Large, sophisticated, extensive, public health organizations have a high level of security maturity, while smaller organizations fall behind in technology and cybersecurity. While organizations like the FDA are working hard to make the medical field a more secure place, modern tech platforms need to be integrated at every level to keep patients and practitioners safe. “It's tough to tell as a patient if a health system invests in security or not. No one is yet making decisions on where they go to get healthcare based on security. I think if they knew they would suffer something negative due to an under-invested system, that would change things.” Was there a turning point in your life that made you the leader that you are today? After an extensive shoulder surgery left Taylor laid up in a hospital bed, he realized that some of the equipment being used on his own body couldn't be trusted to keep information secure. Having such an eye-opening patient experience after working in security in the medical field, Taylor realized that other patients wouldn't know how to verify or protect themselves from these issues. Something had to change, and Taylor understood that he had to become a leader and advocate in this space to make a difference in our current reality. “This cannot be the standard of care. My life, in effect, depended on medical equipment that couldn't be trusted. I needed to do something about it, not just for myself, but for the next person who's gonna lie in a hospital bed.” -------------- Links: Keep up with our guest Taylor Lehmann on LinkedIn and Twitter Connect with Ron Eddings on LinkedIn and Twitter Connect with Chris Cochran on LinkedIn and Twitter Purchase an HVS t-shirt at our shop Continue the conversation by joining our Discord Check out Hacker Valley Media and Hacker Valley Studio
The CyberPHIx Roundup is your quick source for keeping up with the latest cybersecurity news, trends, and industry-leading practices, specifically for the healthcare industry. In this episode, our host Britton Burton highlights the following topics trending in healthcare cybersecurity this month: New FDA authority granted by December's omnibus bill is a big step towards better medical device security HITRUST teases their new CSF v11 release CommonSpirit Health class action lawsuit The fallout from the LastPass follow-on breach The possibly similar situation that might be occurring at Okta JAMA Health Forum's outstanding metrics study on ransomware attacks in healthcare from 2016 – 2021 The nefarious use cases of OpenAI's ChatGPT Clop ransomware group's tactics for taking advantage of Telehealth appointments to deploy malware An apology from LockBit ransomware group for an attack on a children's hospital (really!) Healthcare CISOs collaborating thru Healthe3PT to solve the third-party risk problem A major precedent-setting breach settlement order from FTC against Drizly and its CEO
Cybercrime Magazine CISO Minute host Theresa Payton, Former White House CIO, talks about the recent insider threat incident at Deloitte India, how this can be a learning experience for other organizations, and more. The CISO Minute is sponsored by https://knowbe4.com/ • For more on cybersecurity, visit us at https://cybersecurityventures.com/
Insurance for information security is changing. Recently some reports came out that there were moves by insurance companies to leave the cybersecurity insurance market - that it was uninsurable. Dan, Brian, and Erik discuss on this week's Great Security Debate: What happens now that cybersecurity insurance is built into contracts and requirements by customers doing business with other companies? Are the carveouts such that it's easier to just pay and not inform insurance that you want them to pay for the incident? Does having “easy” insurance give too many orgs a pass on having to actually improve their security control sets? How do insurance “formularies” make companies less secure by not letting them buy the newer, better technologies? Conversely, how does the formulary of products help prevent from buying junk tech that calls itself “security”? How does the threat of nonpayment of expenses and losses by insurance companies after the fact affect organisational security decisions for or against the formulary? How is relying on insurance to determine tech standards the same as the EU demanding all chargers be USB-C? Does insurance go away altogether? Do we want it to go away? What is the law of the horse and how does it apply to insurance in information security? Can shifting downstream supplier risk into insurance really work to reduce risk? Is security a cost centre, a cost of doing business, or a potential profit centre for orgs? Should we shift from insurance mandate to “figure it out” How does the conscious decision not to patch because the patch causes worse issues affect the insurance coverage? How can we balance the expectation with our technology suppliers to maintain support longer, especially on IOT or high-cost, long life devices? Can a move toward clear, yet broad expectations on controls be enough to meet security expectations for insurance without prescriptive formularies of technology and process? We also have a video channel on YouTube that airs the "with pictures" edition of the podcast. Please head to https://youtube.com/@greatsecuritydebate and watch, subscribe and "like" the episodes. Some of the links in the show notes contain affiliate links that may earn a commission should you choose to make a purchase using these links. Using these links supports The Great Security Debate, so we appreciate it when you use them. We do not make our recommendations based on the availability or benefits of these affiliate links. Thanks for listening!
Guest: Gary Hayslip, CISO at Softbank Topics: "So we're talking about your journey as a CISO migrating to Cloud. Could you give us the 30 second overview of What triggered your organization's migration to the cloud? When did you and the security organization get brought in? How did you plan your security organization's journey to the cloud? Did you take going to cloud as an opportunity to change things beyond the tools you were using? As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? Let's shift to some tactical gears: How did you design security controls for the cloud? Did your data security practice change? Did your detection / response practice change? How has the CISO role evolved and is evolving due to the cloud? Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be? Resources: “CISO Desk Reference Guide” book by Gary Hayslip “The Essential Guide to Cybersecurity for SMBs” book by Gary Hayslip “Develop Your Cybersecurity Career Path” book by Gary Hayslip
Rather than thinking outside of the box, Greg Garneau, CISO at Marshfield Clinic Health System, believes it's simply time to “start thinking in ways you've never thought before.” In this podcast, he talks about the “talent war” facing healthcare organizations – especially those in rural areas, and the decentralized leadership approach. Source: Q&A with Greg Garneau, CISO, Marshfield Clinic Health System: Your Team is Your Greatest Asset on healthsystemcio.com - healthsystemCIO.com is the sole online-only publication dedicated to exclusively and comprehensively serving the information needs of healthcare CIOs.
In this episode of Life of a CISO, Dr. Eric Cole's aim is to enlighten the audience on how a CISO can help other business units rather than have an adverse almost unapproachable relationship with other C-level executives. He focuses on the importance of listening to what the problems are and combating them.
As part of our ongoing coverage on the cybersecurity market, host Steve Morgan recently spoke to several top experts about how they see it. On this episode, Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, is joined by Laura Deaner, CISO at Northwestern Mutual; Jason Rader, VP and CISO at Insight Enterprises; Teresa Zielinski, Global CISO at GE Gas Power; and Paul Connelly, Chief Security Officer at HCA Healthcare. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
Link to Blog Post This week's Cyber Security Headlines – Week in Review, January 9-13, is hosted by Rich Stroffolino with our guest, Shaun Marion, CISO, McDonald's Thanks to our show sponsor, AppOmni Can you name all the third party apps connected to your major SaaS platforms like Salesforce and Microsoft? What about the data these apps can access? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. With AppOmni, you get visibility to all third party apps and SaaS-to-SaaS connections — including which end users have enabled them, and the level of data access they've been granted. Visit AppOmni.com to request a free risk assessment. All links and the video of this episode can be found on CISO Series.com
All links and images for this episode can be found on CISO Series A good high profile security threat seems like a good time to alert potential customers about how your product could help or even prevent a breach. Seems like a solid sales tactic for any industry that is not cybersecurity. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Angela Williams, CISO, UL. Thanks to our podcast sponsor, Automox Are you ready to ditch manual patching? With Automox, you can automatically patch your third-party applications, Windows, macOs, and Linux devices with one easy-to-use, cloud-native platform. Try for yourself with our free 15-day trial and have all your endpoints safe and secure in just 15 minutes. In this episode: Is tying your product to a high profile event a good sales tactic for vendors? How can vendors best help cybersecurity professionals during emergency situations? Is there a correct way for vendors to capitalize on a high profile event?
David Jemmett, CEO and founder of CISO Global Inc. (NASDAQ: CISO) joins Sergio Tigera on Gamechangers LIVE® to discuss the massive cyber security war taking place right now, and how you and your company can protect themselves. Coming to you live from our FIU-CARTA Studio in beautiful Miami, FL. Carta.fiu.edu. Be sure to like and subscribe for more game changing videos. David has more than 35 years of executive management and technology experience with telecommunications, managed services, and cybersecurity consulting services. He previously held positions as CEO of GenResults, a leading provider of security consulting services and technology solutions, and as CTO and founder at ClearData Networks, a HIPAA-compliant HealthDATA cloud hosting platform. CISO Global, Inc. (NASDAQ: CISO) is an industry leader in cybersecurity and compliance services. The company leverages an integrated approach to reduce noise and bridge common silos that often limit the effectiveness of cybersecurity programs. Pulling disparate technologies, teams, and vendors together, CISO helps its clients enjoy a simpler and more successful journey to cyber resilience.David Jemmett, CEO and founder of CISO Global Inc. (NASDAQ: CISO) joins Sergio Tigera on Gamechangers LIVE® to discuss the massive cyber security war taking place right now, and how you and your company can protect themselves. Coming to you live from our FIU-CARTA Studio in beautiful Miami, FL. Carta.fiu.edu. Be sure to like and subscribe for more game changing videos. David has more than 35 years of executive management and technology experience with telecommunications, managed services, and cybersecurity consulting services. He previously held positions as CEO of GenResults, a leading provider of security consulting services and technology solutions, and as CTO and founder at ClearData Networks, a HIPAA-compliant HealthDATA cloud hosting platform. CISO Global, Inc. (NASDAQ: CISO) is an industry leader in cybersecurity and compliance services. The company leverages an integrated approach to reduce noise and bridge common silos that often limit the effectiveness of cybersecurity programs. Pulling disparate technologies, teams, and vendors together, CISO helps its clients enjoy a simpler and more successful journey to cyber resilience. --- Support this podcast: https://anchor.fm/gamechangerslive/support
Chip Gibbons, CISO at Thrive, sits down with Dave to talk about how to defend against social engineering attacks in banking. Dave starts us off this week with a story about Amazon opening up its selling market to Pakistani residents, and what consequences that led to for the organization's business. Joe's story follows a scam targeting soldiers in the Army. The Army warns against unknown individuals purporting to be noncommissioned officers that are calling said soldiers and asking them for money to fix a "pay problem" and, if questioned, threatening them with a punishment. Our catch of the day comes from listener Manie who writes in about a scam found when trying to download a HDRI (High Dynamic Range Image). The scam involves a fake ad asking for people's cell phone numbers as soon as they click on a button that reads "download here". Manie shares how after she clicked the ad, she realized the mistake and immediately researched more before proceeding further. Links to stories: Amazon finally authorized Pakistani sellers. A wave of scammers followed Army Warns of Scam Targeting New Soldiers Have a Catch of the Day you'd like to share? Email it to us at firstname.lastname@example.org or hit us up on Twitter.
Summary/AbstractIn today's conversation, Terrance Cooley discusses how resilience, adaptability, and a minimalist lifestyle is the key to seizing opportunity and success in life. Terrance is chief information security officer (CISO) and the CPO for the US Air Force. In his previous role, he was a cyber threat hunter for the Air Force. He has also worked as a IT systems program manager for logistics in Europe. In his current role, he is responsible for the security of the information systems and ensuring that they are compliant with regulations. He is also responsible for the diversity, equity and inclusion (DEI) program.Terrance talks about how he is responsible for driving the culture of the organization and ensuring that it is aligned with the strategic mission. He has extensive experience in leadership and management, and he is passionate about creating a positive and productive culture within the Air Force.Terrance talks about how his early life was very challenging, with his family moving around a lot and him having to restart his life multiple times. He also talks about how his mother had to bring him to her college classes in order to continue her courses. He talks about how he attempted suicide when he was 12, but it failed and discouraged him from trying again. He talks about how he eventually got more comfortable with change and found his own happiness.Timestamps00:00:00Terrance Cooley: A Resilient Life00:02:00A Career in Technical Management and Diversity, Equity, and Inclusion00:03:29The Air Force's Approach to Innovation and Culture Change00:06:35The Power of Outcomes00:08:36The Importance of a Good Foundation in Life00:09:52Terrance Cooley's Journey from Survival Mode to Success00:12:47The Importance of a Mentor00:18:17My Struggle with Toxic Masculinity00:19:43Experience with Depression00:21:20Failed suicide 00:22:50 Finding His Voice00:24:44The Best Years of Your Life? Terrance Cooley Disagrees00:28:58The Importance of a Good Work Ethic and Quality Character in the Workplace00:30:40The Air Force as a Stepping Stone for Success00:31:53The Importance of a Diverse Education System00:33:27Career Navigation Lessons00:37:06The Career Path 00:38:35Leadership Development in the Military00:45:19The Air Force's Approach to Maintaining Technical Proficiency00:46:37The Benefits of a Minimalist Lifestyle in the Workplace00:47:59The Power of Change: Lessons from Terrance CooleyMusic Credit: Music Credit: Maarten Schellekens - Riviera Follow us at: www.cascadingleadership.comlinkedin.com/in/drjimklinkedin.com/in/1lawrenceobrown
In this episode of The New CISO, Steve is joined by guest Mark Weatherford, CISO and Head of Regulated Industries at AlertEnterprise.After many years in CISO roles, Mark eventually found himself in the White House. Reflecting on his incredible career journey, Marks evaluates the opportunities that led him to success. Listen to part one of this episode to learn more about Mark's navy experience, the importance of delegating in leadership, and how to become the guy who always gets the call.Listen to Steve and Mark discuss when to put the fear aside and embrace the possibility of failure and the willingness to take on new opportunities:Meet Mark (1:51)Host Steve Moore introduces our guest today, Mark Weatherford. The current Chief Security Officer at AlertEnterprise, specializing in IT and OT security.Before starting his cyber security career, Mark wanted to build dams and roads in the navy. Instead, the navy had other ideas and picked Mark to be placed in the advanced electronics program, leading him to the CISO industry. Measuring Your Day (7:21)Mark measures his work day by the goals his team achieved or when a project is done. Although it's a different set of standards than when you see a road or other construction projects completed before you, cyber security work can also be assessed.Life After The Navy (9:08)By the time Mark started his job at Raytheon, the Navy had a contract to complete a security project with them. Already determining when he would leave the Navy, Raytheon called him about a position that fit his skillset: building a security operations center from the ground up.Relying On Your Team (14:14)Steve presses Mark on what he learned from managing the start of the security operations center. Mark gathered that no one can do everything and that it's essential to have a core group of leaders to rely on.Good leadership comes from delegating authority to people without micro-managing, empowering them to excel at their jobs.Working With Fear (22:07)“That's all part of learning. Things are going to break now and then,” Marks explains when expanding on his leadership philosophy.Reflecting on his own experience with gaining new skills, Mark's advice to anyone is that mistakes happen when you're learning. We may be uncomfortable when things are unfamiliar, but as long as we're not doing anything malicious, we can figure things out.What Happens Next (24:14)One day Mark received a call from his boss about a project with the Federal Government in Colorado. A year later, Mark got another call from his next job, leading him to a cabinet position.Through his impressive work experience, Mark was considered for exciting political opportunities impacting our country.That's Politics (28:53)Mark discovered pretty quickly in politics that people aren't always truthful. Unfortunately, he understands that this is the industry's nature, and that is how things are. As a result, it's natural to become wary and not take everything you hear at face value, although Mark still gives people the benefit of the doubt.Working With The Legislature (31:13)Mark's work in government allowed him to influence policy as well. Mark learned about the trade-offs in politics during this experience and why opposition can create barriers to security policy. Becoming The Terminator's CISO (34:58)After leaving Colorado, Mark was called for the opportunity to work for Governor Arnold Schwarzenegger in California. Mark recognizes that the secret to his success derives from being prepared for new positions when they arise. Mark never directly worked with Governor Schwarzenegger, but...
As part of our ongoing coverage on cybercrime, host Steve Morgan recently spoke to several top experts about how they see it. On this episode, Anna Collard, SVP Content Strategy & Evangelist at KnowBe4 Africa, is joined by Adam Keown, Global CISO at Eastman; Laura Deaner, CISO at Northwestern Mutual; Paul Connelly, Chief Security Officer at HCA Healthcare; Teresa Zielinski, Global CISO at GE Gas Power; Ian Anthony Baxter, Chief Information Security Officer, UK, at Bank of Ireland; and Devon Bryan, Global Chief Information Security Officer at Carnival Corp. To learn more about our sponsor, KnowBe4, visit https://knowbe4.com
In this episode of Phishy Business, we honor and recognize the value of the work of those professionals who spend their days defending people and organizations from cyberattacks by taking a close look at one of the biggest problems the industry faces today: worker burnout and the associated mental health issues. Join us as we discuss how while many of us say we are simply “fine” when someone asks how we are, we may, in fact, actually be suffering silently from stress and burn out. Our special guest is cybersecurity expert Peter Coroneos, Founder and Executive Chairman of Cybermindz.org, an organization that recognizes that many cybersecurity professionals are themselves under sustained and increasing stress and sets out to provide direct support to restore and rebuild emotional and cognitive health. Peter has worked in cybersecurity for a long time and was once head of the Internet Industry Association in Australia which gave him special and early insight into how cybersecurity workers can suffer from on-the-job stress. With cybersecurity professionals suffering more and more from stress and burnout, Peter is working to develop and deploy programs that are designed to help. In ‘Cybermindz – Hope in a Burnt-Out Sector', we discuss how: Stressed-out security teams make companies less secure. Hope and reinvigoration through a proven relaxation protocol is the aim of Cybermindz. The brain is not designed for constant periods of stress. The brain can't distinguish between a physical and psychological threat – and how in cybersecurity teams there is a constant sense of being under attack. In preliminary findings, CISOs are polling worse than frontline healthcare workers on their sense of efficacy and ‘doing a good job'. Through research, connecting the dots between cyber teams' mental health and an organization's cybersecurity posture is paramount to bring this issue to the forefront. The huge skills gap is making it impossible to simply throw more resources at the problem. It is a holistic issue, meaning that the skills gap needs to be filled and corporate culture needs to be improved before we see some improvement in CISO burnout. About Phishy Business Fed up with the same old cybersecurity stories? Come with us on a journey that explores the lesser-known side. Whether it's social engineering, taking criminals to court or the journalists hunting down hackers — our new podcast series, Phishy Business, looks for new ways to think about cybersecurity. Mimecast's very own Brian Pinnock and Alice Jeffery are joined by guests from a range of unique security specialisms. Each episode explores tales of risk, reward and just a dash of ridiculousness to learn how we can all improve in the fight to stay safe. For more tales of risk, reward and ridiculousness, subscribe to Phishy Business on iTunes, Spotify, Anchor or wherever you get your podcasts. www.mimecast.com
GuestRishabh JainCo-Founder & CEO @ FERMÀT [@fermatcommerce]On LinkedIn | https://www.linkedin.com/in/rishabhmjain/On Twitter | https://twitter.com/rishabhmjainHostBrendon RodOn ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/brendon-rod____________________________This Episode's SponsorsAre you interested in sponsoring an ITSPmagazine Channel?
This week, Oscar and Brad discuss some ideas for new year's resolutions you can apply to your security program.Give this episode a listen and send any questions, comments, or feedback to email@example.com. Don't forget to like and subscribe!
All links and images for this episode can be found on CISO Series. There is a lot unknown before, during, and after a merger and that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure. What does a proposed merger do to a security program?" This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nicole Ford (@nicoledgray), global vp and CISO, Rockwell Automation. Thanks to our podcast sponsor, Pentera Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale. In this episode: As a security leader, how does your security posture change when you know given your assets you are a specific target vs. just an opportunity? Could similar critical infrastructure agencies be grouped together and therefore share cybersecurity resources? What does a proposed merger do to a security program?