Podcasts about ciso series

  • 14PODCASTS
  • 744EPISODES
  • 20mAVG DURATION
  • 5WEEKLY NEW EPISODES
  • Sep 27, 2022LATEST

POPULARITY

20152016201720182019202020212022

Categories



Best podcasts about ciso series

Latest podcast episodes about ciso series

CISO-Security Vendor Relationship Podcast
I Pity the Fool Who Builds a Homogeneous Cyber A-Team

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Sep 27, 2022 36:57


All links and images for this episode can be found on CISO Series If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It's actually really hard to hire a diverse team because what you want to do is simply hire people who look, talk, and sound like you. People who come from the same background as you. While that may work for building friends, it's not necessarily the best solution when building a team to secure your company. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and "Project Zero Trust." Thanks to our podcast sponsor, Feroot Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Our automated, client-side, data protection capabilities increase web application visibility, facilitate threat analysis, and detect and protect from client-side attacks, such as Magecart, XSS, e-skimming, and other threats focused on front-end web applications. In this episode: What are the personality types you need on your staff? Can you be a vCISO if you're not a CISO first. And if you're a vCISO without ever being a CISO, are you just a cybersecurity consultant? Also, what are some creative uses of honeypots most users don't consider?

Cyber Security Headlines
Uber hacker arrested, Microsoft SQL hacked, CircleCI GitHub hack

Cyber Security Headlines

Play Episode Listen Later Sep 26, 2022 8:31 Very Popular


London Police arrest 17-year-old hacker suspected of Uber and GTA 6 breaches Microsoft SQL servers hacked in TargetCompany ransomware attacks Attackers impersonate CircleCI platform to compromise GitHub accounts Thanks to today's episode sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. For the stories behind the headlines, head to CISOseries.com.

Cyber Security Headlines
MFA fatigue hacking, Senate blasts counterintelligence, Australian telco breach

Cyber Security Headlines

Play Episode Listen Later Sep 23, 2022 8:04 Very Popular


MFA Fatigue: Hackers' new favorite tactic in high-profile breaches Senate reports details inefficiencies, confusion at key U.S. counterintelligence center Australian telco Optus suffers massive data breach Thanks to today's episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle – all while informing your holistic GRC posture with built-in data linkages. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.  

Cyber Security Headlines
Week in Review: Uber and Twitter hacks, MFA exploits, Ransomware in decline?

Cyber Security Headlines

Play Episode Listen Later Sep 23, 2022 22:01 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, September 19-23, is hosted by Rich Stroffolino with our guest, Joseph Lewis, Director, Cyber Assessment Strategy, US Department of Energy Thanks to this week's sponsor, 6clicks 6clicks is your AI-powered GRC platform, featuring a fully integrated content library. 6clicks provides organizations with a powerful GRC platform to build highly scalable risk and compliance functions and advisors with the tools to streamline and scale their services, saving everyone enormous time and money. Reimagine risk. Improve cybersecurity. Demonstrate compliance. For more information visit 6clicks.com/cisoseries. All links and the video of this episode can be found on CISO Series.com

Defense in Depth
How to Build a Greenfield Security Program

Defense in Depth

Play Episode Listen Later Sep 22, 2022 31:06


All links and images for this episode can be found on CISO Series You're starting a security program from scratch and you're trying to figure out where to start, what to prioritize, and how to architect it so it grows naturally and not a series of random patches over time. Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO. Our guest is Mark Bruns, CISO, First Bank. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Have you ever had a purely greenfield situation? When starting a security program from scratch, how do you figure out where to start and what to prioritize? What are the top five actions if you were going to implement a brand new/greenfield security program? How do you architect a security program so that it grows naturally and not a series of random patches over time?

Cyber Security Headlines
American Airlines hack, $160M swiped from Wintermute, 2K and Rockstar cyberattacks

Cyber Security Headlines

Play Episode Listen Later Sep 21, 2022 6:38 Very Popular


American Airlines announce breach of customer and staff info Crypto market maker hacked for $160 million 2K and Rockstar fall victim to cyber attacks Thanks to today's episode sponsor, 6clicks The 6clicks GRC solution comes with a fully integrated content library full of hundreds of standards, assessment templates, libraries, playbooks, and more. With the content library included in every 6clicks license, organizations can get started on their GRC implementation faster than ever before. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com

CISO-Security Vendor Relationship Podcast
The Cybersecurity Hamster Wheel of Getting Nothing Done

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Sep 20, 2022 40:46


All links and images for this episode can be found on CISO Series What are signs your team is getting burnt out? It's not an imbalance of work and family, it's feeling you're having no impact. That you're working your tail off and nothing is getting accomplished. This happens often in cybersecurity. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sara-Michele Lazarus, vp/head of trust and security, Stavvy. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode: What are signs your team is getting burnt out? What's the most valuable skill in a cybersecurity analyst? Why are we seeing so many zero day exploits right now?

Cyber Security Headlines
Uber downplays breach, LastPass downplays hack, Netgear router vulnerability

Cyber Security Headlines

Play Episode Listen Later Sep 19, 2022 8:06 Very Popular


Uber says there is no evidence that users' private information was compromised LastPass says hackers accessed its systems for just 4 days Netgear Routers impacted by FunJSQ module flaw Thanks to today's episode sponsor, 6clicks 6clicks has pioneered a unique Hub & Spoke architecture to underpin its AI-powered GRC solution and cater to markets requiring scalable, multi-tenanted GRC. This model enables organizations to deploy multiple, autonomous GRC entities connected to a single hub for roll-up reporting, management, and visibility. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.  

Cyber Security Headlines
Week in Review: Uber hacked, intermittent encryption ransomware, Twitter overheats

Cyber Security Headlines

Play Episode Listen Later Sep 16, 2022 24:03 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Quincy Castro, CISO, Redis Thanks to today's episode sponsor, Edgescan Scalable automated and continuous Attack Surface Management (ASM) and vulnerability detection integrated with a world-class cyber security team provide 100% false-positive-free alerts and expert remediation guidance. Edgescan.com All links and the video of this episode can be found on CISO Series.com    

Cyber Security Headlines
Gamers targeted on YouTube, Biden supply chain order, Queen Elizabeth II phishing scam

Cyber Security Headlines

Play Episode Listen Later Sep 16, 2022 7:31 Very Popular


Gamers targeted by self-spreading stealer on YouTube Biden order further scrutinizes foreign tech supply chains Phishing attacks being launched in the name of Queen Elizabeth II Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com

Defense in Depth
Managing the Onslaught of Files

Defense in Depth

Play Episode Listen Later Sep 15, 2022 31:36


All links and images for this episode can be found on CISO Series Files are still the core of how people do business. How are you dealing with the onslaught of files coming into your network? People are sharing files across a multitude of platforms, and many for which you may not even know about. What checks and balances do you put in place to make sure you've got file integrity no matter the source? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Aviv Grafi, founder and CTO, Votiro. Thanks to our podcast sponsor, Votiro Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com. That's v-o-t-i-r-o.com In this episode: How are you dealing with the onslaught of files coming into your network? What checks and balances do you put in place to make sure you've got file integrity no matter the source? Who has the authority to decide whether a file should be protected or deleted?

Cyber Security Headlines
Apple's second zero-day, heat beats tweets, herd mentality phishing

Cyber Security Headlines

Play Episode Listen Later Sep 14, 2022 7:40 Very Popular


Apple Releases iOS and macOS updates to patch actively exploited zero-day flaw Extreme California heat knocks key Twitter data center offline New phishing scheme uses 'herd mentality' approach to dupe victims Thanks to today's episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com.

CISO-Security Vendor Relationship Podcast
Who Do You Need to Trust When You Build a Zero Trust Architecture?

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Sep 13, 2022 37:18


All links and images for this episode can be found on CISO Series Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro. Thanks to our podcast sponsor, Trend Micro Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more! In this episode: Why is the term “zero trust” fraught with so many misnomers? Is there such a thing as privacy anymore? Do you agree with the term “good enough”, and if so what is a "good enough" factor, what does it entail, and what should we expect from that? Where has the United States done the most to improve national cybersecurity?

Cyber Security Headlines
Intermittent encryption warning, HP firmware bugs, SEC crypto office

Cyber Security Headlines

Play Episode Listen Later Sep 12, 2022 8:02 Very Popular


Ransomware gangs switching to new intermittent encryption tactic Firmware bugs in many HP computer models left unfixed for over a year U.S. SEC to set up new office for crypto filings Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.

Cyber Security Headlines
Week in Review: TikTok breach, China accuses US, CISA feedback

Cyber Security Headlines

Play Episode Listen Later Sep 9, 2022 26:22 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Jason Elrod, CISO, Multicare Health System Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments… all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity All links and the video of this episode can be found on CISO Series.com  

Cyber Security Headlines
China accuses US, London buses hacked, New APT42 group

Cyber Security Headlines

Play Episode Listen Later Sep 9, 2022 7:34 Very Popular


China accuses US of cyberattacks and cyberespionage London's biggest bus operator hit by cyber "incident" Researchers reveal new Iranian threat group APT42 Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com.

Defense in Depth
Can You Have Culture Fit and Diversity, or Are They Mutually Exclusive?

Defense in Depth

Play Episode Listen Later Sep 8, 2022 34:59


All links and images for this episode can be found on CISO Series Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Sherron Burgess, CISO, BCD Travel. Thanks to our podcast sponsor, Votiro Can you trust that the files entering your organization are free of hidden threats like malware & ransomware? With Votiro you can. Votiro removes evasive and unknown malware from files in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it's an API, so it integrates with email, cloud apps & storage, and content collaboration platforms like Microsoft 365 - wherever files need to flow. Learn more at Votiro.com. In this episode: Hiring managers speak about looking for culture fit and diversity, but never at the same time. Can they coexist? Are they mutually exclusive? How can you learn and grow as a company if everyone fits into one box? Is reaching diversity an overnight achievement, or a longer journey?

Cyber Security Headlines
Ex-Uber exec heads to trial, Twitter fires back at Mudge, FBI K-12 warning

Cyber Security Headlines

Play Episode Listen Later Sep 7, 2022 7:44 Very Popular


Uber's ex-cyber exec heads to trial Twitter fires back at Mudge for “parroting” Elon Musk FBI warns of ransomware attacks on school districts Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely — and they want to do it all from the cloud. That's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud environments... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects and cloud environments, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity For the stories behind the headlines, head to CISOseries.com

CISO-Security Vendor Relationship Podcast
The Best Interview Questions and the Answers You Want to Run From

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Sep 6, 2022 32:27


All links and images for this episode can be found on CISO Series. You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell's, Coca-Cola, and Time Warner. Thanks to our podcast sponsor, Okta Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy. In this episode: When interviewing, what are the right answers, and which ones are red flags that should cause you to run? Has the cloud just created a bigger security problem that's creeped up on us?  Are legacy systems just a ticking time bomb or have you seen success in managing them?

Cyber Security Headlines
Fed agency supply chain tips, Apple lawsuit settlement, Neopets 18 month hack

Cyber Security Headlines

Play Episode Listen Later Sep 2, 2022 7:37 Very Popular


Federal agencies share supply chain security tips Apple settles lawsuit with developer over App Store rejections and scams Hackers were inside Neopets systems for 18 months Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com

Defense in Depth
How to Follow Up With a CISO

Defense in Depth

Play Episode Listen Later Sep 1, 2022 36:23


All links and images for this episode can be found on CISO Series Cyber sales is hard. But don't let the difficulty of doing it get in way of your good judgement. So what is the right way to follow up with a CISO? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jack Kufahl, CISO, Michigan Medicine. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: What is the right way to follow up with a CISO? How to prevent the difficulty of sales from clouding your good judgement? What are some ideas on how best to reach out to CISOs and other potential customers?

Cyber Security Headlines
Google Translate malware, White House aviation briefing, book distributor ransomed

Cyber Security Headlines

Play Episode Listen Later Aug 31, 2022 7:23 Very Popular


Google Translate app is actually Windows crypto-mining malware White House to give aviation executives classified cyberthreat briefing Book distributor Baker & Taylor hit by ransomware Thanks to our episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.  

CISO-Security Vendor Relationship Podcast
But I Spent All This Money. Why Are You Still Ignoring Me?

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 30, 2022 37:22


All links and images for this episode can be found on CISO Series Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode: Are big conferences like RSA worth it? What's the value of the trade show floor at RSA? Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out?

Cyber Security Headlines
Hackers breach LastPass, new Agenda ransomware, Facebook Cambridge settlement

Cyber Security Headlines

Play Episode Listen Later Aug 29, 2022 7:48 Very Popular


Hackers breach LastPass developer system to steal source code New Agenda ransomware appears in the threat landscape Facebook-Cambridge Analytica data breach lawsuit ends in 11th hour settlement Thanks to this week's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. For the stories behind the headlines, head to CISOseries.com.  

Cyber Security Headlines
Week in Review: Satellite hacks, Insurers balk, Twitter's cybersecurity

Cyber Security Headlines

Play Episode Listen Later Aug 26, 2022 22:01 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, John McClure, CISO, Sinclair Broadcast Group Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company – what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme. All links and the video of this episode can be found on CISO Series.com  

Cyber Security Headlines
North Korea at BlackHat, Ransomware attacks jump, Pentagon software requirements

Cyber Security Headlines

Play Episode Listen Later Aug 26, 2022 8:01 Very Popular


North Korean malware present at Black Hat Ransomware attacks jump as new malware strains proliferate Pentagon may require flaw-free software Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com.   

Defense in Depth
Roles to Prepare You to Be a CISO

Defense in Depth

Play Episode Listen Later Aug 25, 2022 31:55


All links and images for this episode can be found on CISO Series One day you want to be a CISO. What area of security you begin your studies? Or maybe you shouldn't be studying security. Check out this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Evelin Biro (@wolfsgame), CISO, Alliant Credit Union. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: What path should I take if I want to be a CISO? What security jobs/roles best prepare you to become a CISO? In what ways does the CISO role require totally different skills than the technical roles?

Cyber Security Headlines
Twitter ex-security chief whistleblower, Ukraine and Poland join forces, Binance deepfake scam

Cyber Security Headlines

Play Episode Listen Later Aug 24, 2022 7:46 Very Popular


Ex-security chief accuses Twitter of cybersecurity negligence Ukraine and Poland join forces to counter Russian cyberattacks Hackers use Binance exec deepfake in crypto exchange scam Thanks to today's episode sponsor, Code42 Cybersecurity teams are facing unprecedented challenges when it comes to protecting sensitive corporate data from exposure, leak and theft. In fact, the Code42 Annual Data Exposure Report revealed there's a 1 in 3 chance that your company will lose IP when an employee quits. To learn more about stopping data leaks with Insider Risk Management visit Code42.com/showme. For the stories behind the headlines, head over to CISOseries.com

CISO-Security Vendor Relationship Podcast
It's OK to Look Like a Cyber Hero. Just Don't Act Like One.

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 23, 2022 39:38


All links and images for this episode can be found on CISO Series Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Is it OK if users see security as heroes but security professionals shouldn't see themselves that way? What have you heard enough about when it comes to data protection, and what would you like to hear a lot more? How can we best create a cyber risk balance sheet?

Cyber Security Headlines
Urgent iPhone update, ZIP password fault, Hacking decommissioned satellites

Cyber Security Headlines

Play Episode Listen Later Aug 22, 2022 7:28 Very Popular


iPhone users urged to update to patch 2 zero-days Encrypted ZIP files can have two correct passwords White hat hackers broadcast through decommissioned satellite Thanks to today's episode sponsor, Code42 It's not just about the data leaving your company - what about the data coming in? Along with departing employees, new talent is also actively joining your organization. This poses cybersecurity challenges since they could be knowingly or unknowingly bringing data from their former company into your network. Code42 Incydr is an Insider Risk Management SaaS that provides a comprehensive understanding of your data exposure and shows which activities require security intervention. Learn more at Code42.com/showme For the stories behind the headlines, head to CISOseries.com.  

Cyber Security Headlines
Google blocks DDoS, Moore leaves Cyber Command, BlackByte's ransomware options

Cyber Security Headlines

Play Episode Listen Later Aug 19, 2022 8:14 Very Popular


Google blocks largest HTTPS DDoS attack 'reported to date' Cyber Command loses Moore A new version of BlackByte offers extortion options Thanks to today's episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

Cyber Security Headlines
Week in Review: Ukraine at Black Hat, Starlink hacked, cybersecurity workforce inequity

Cyber Security Headlines

Play Episode Listen Later Aug 19, 2022 27:24 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Stephen Harrison, VP Cyber Defense, MGM Resorts Thanks to today's episode sponsor, 6clicks With 6clicks, organizations can manage enterprise risk easier than ever before. 6clicks helps you identify your risks, group them into risk registers, and run risk assessments. It highlights causes and potential impacts, outlines risk treatment plans, and helps you manage the full treatment lifecycle. For more information visit 6clicks.com/cisoseries.  All links and the video of this episode can be found on CISO Series.com  

Defense in Depth
Minimizing Damage from a Breach

Defense in Depth

Play Episode Listen Later Aug 18, 2022 25:18


All links and images for this episode can be found on CISO Series What can we do to reduce the damage of a breach and the duration of detection and remediation? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Dave Klein (@cybercaffeinate), director, cyber evangelist, Cymulate. Thanks to our podcast sponsor, Cymulate The Ultimate Guide to Security Posture Validation: Learn how to effectively measure and reduce risk through continuous validation of your enterprise's security posture. Download the playbook here. In this episode: What can we do to reduce the damage of a breach and the duration of detection and remediation? How do we determine what's most important and how to best reduce risk? How can teams best reduce the impact of the "boom" you feel during a breach?

Cyber Security Headlines
Oracle audits Tik Tok, Digital Ocean dumps Mailchimp, Twilio targets Signal

Cyber Security Headlines

Play Episode Listen Later Aug 17, 2022 7:18 Very Popular


Oracle begins auditing TikTok's algorithms Digital Ocean dumps Mailchimp after attack leaked customer data Signal users exposed in targeted Twilio attack Thanks to today's episode sponsor, 6clicks 6clicks is where vulnerability management and GRC unite. With 6licks, organizations can ingest their vulnerabilities from all scanners, link assets to vulnerabilities, raise risks and issues to remediate, and close vulnerabilities as they are remediated – all while informing their risk and compliance posture in a single platform for cohesive reporting. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com.

CISO-Security Vendor Relationship Podcast
How to Market “Zero Trust” Without Making CISOs Cringe

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 16, 2022 33:40


All links and images for this episode can be found on CISO Series Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Should certifications be a requirement on your job listings? Are the SIEMs failing or do the users not know how to configure them? Or is it both? Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?

Cyber Security Headlines
Ukraine cyber chief at Black Hat, Lockheed Martin breach?, $25 Starklink hack

Cyber Security Headlines

Play Episode Listen Later Aug 15, 2022 8:02 Very Popular


Ukraine's cyber chief makes surprise visit to Black Hat Killnet claims to have hacked Lockheed Martin Starlink successfully hacked using $25 modchip Thanks to today's episode sponsor, 6clicks Identify, track, respond, and remediate issues and incidents from your various GRC workflows with 6clicks. With an issue submission form, 6clicks makes it easy and efficient for employees to submit incidents directly to an incident management team for triaging and response. Use the built-in incident response playbooks, or your own, to standardize incident response across the organization. For more information visit 6clicks.com/cisoseries. For the stories behind the headlines, head to CISOseries.com

Cyber Security Headlines
Week in Review: Emergency Alert flaws, Twilio confirms hack, Rebuild CISA - Krebs

Cyber Security Headlines

Play Episode Listen Later Aug 12, 2022 24:40 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Jack Kufahl, CISO, Michigan Medicine Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. All links and the video of this episode can be found on CISO Series.com

Cyber Security Headlines
Cisco's Lapsus$ breach, Rebuild CISA – Krebs, ransomware BEC epidemic

Cyber Security Headlines

Play Episode Listen Later Aug 12, 2022 7:08 Very Popular


Cisco admits corporate network compromised by gang with links to Lapsus$ CISA should split from DHS says Chris Krebs Ransomware data theft epidemic fueling BEC attacks Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.

Defense in Depth
We're All Still Learning Cyber

Defense in Depth

Play Episode Listen Later Aug 11, 2022 28:21


All links and images for this episode can be found on CISO Series Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One. Thanks to our podcast sponsor, SlashNext SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API. In this episode: Where do we go to learn at every stage of our professional careers? We discuss how the learning process never really stops, but is on-going with cyber professionals continuing to learn throughout their careers. Why is the “know-it-all” leader a red flag to avoid?

Cyber Security Headlines
Chinese kids defrauded, Twitter Saudi spy, Facebook data divulged

Cyber Security Headlines

Play Episode Listen Later Aug 10, 2022 7:46 Very Popular


Chinese fraudsters target kids playing online games Former Twitter employee convicted in Saudi spy case Facebook divulges data leading to abortion prosecution Thanks to today's episode sponsor, Edgescan Edgescan combines full-stack coverage with integrated reporting and business-level prioritization to deliver a single source of truth for your entire vulnerability management program with zero false positives. For the stories behind the headlines, head to CISOseries.com

CISO-Security Vendor Relationship Podcast
When Good Decisions Go Bad

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 9, 2022 40:00


All links and images for this episode can be found on CISO Series You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO. In this episode: We welcome the winner of “Capture The CISO!” How did they prepare in terms of making the demo and for appearing on the show? And what advice would they give for contestants in season 2? What do employers look for or ask in an interview that would lead them to hire and promote someone into a CISO role in their company? How can cybersecurity professionals improve their decision making over time?

Cyber Security Headlines
Emergency Alert flaws, Kaspersky VPN bug, Pick Fick quick

Cyber Security Headlines

Play Episode Listen Later Aug 8, 2022 6:56 Very Popular


Critical flaws found in US Emergency Alert System Security experts urge Fick's speedy confirmation as first U.S. cyber ambassador High-severity bug in Kaspersky VPN client opens door to PC takeover Thanks to today's episode sponsor, Edgescan Edgescan simplifies Vulnerability Management by delivering a single full-stack solution (SaaS) integrated with world-class security professionals. Instead of managing a plethora of point scanning tools for each layer of the attack surface and squandering precious staff resources manually removing false positives, Edgescan offers automated and accurate contextualized alerts across the entire attack surface into a single source of truth. For the stories behind the headlines, head to CISOseries.com.

Cyber Security Headlines
Cyberattacks hit Taiwan, Cisco router flaws, DoJ prefers paper

Cyber Security Headlines

Play Episode Listen Later Aug 5, 2022 8:46 Very Popular


Cyberattacks hit Taiwan to coincide with Speaker Pelosi's visit4 Cisco addresses critical flaws in Small Business VPN routers DOJ now relies on paper for its most sensitive court documents, official says Thanks to today's episode sponsor, HYAS We know IT and security teams are already overloaded — facing constant pressure to improve security without additional resources. That's why it's so important to find solutions that bolster your security, not your workload. HYAS Protect deploys in under 30 minutes, easily integrates into existing infrastructure, constantly updates with the latest threat intelligence, renders attacks inert (regardless of how they infiltrated your environment), and doesn't require day-to-day hand-holding — letting you focus on keeping your business moving full forward. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com.

Cyber Security Headlines
Week in Review: Cyberattacks hit Taiwan, Missile manufacturer hit, Class action donuts

Cyber Security Headlines

Play Episode Listen Later Aug 5, 2022 21:08 Very Popular


Link to Blog Post This week's Cyber Security Headlines – Week in Review, June 6-10, is hosted by Rich Stroffolino with our guest, Yael Nagler, CISO, Walker & Dunlop Thanks to this week's sponsor, HYAS “Did you know a cybersecurity breach doesn't have to mean that your business is shut down or your data is stolen? Malware, ransomware, data exfiltration: They all report to a command and control infrastructure to receive instructions.  HYAS's unrivaled understanding of adversary infrastructure empowers you to cut off threats from their command and control, along with any related infrastructure.  Like that old roach motel, hackers can get in, but they can't communicate out, rendering their attack worthless. When HYAS has your back, you can proactively prevent attacks from being executed — letting your business keep moving full forward. Visit HYAS.com“ All links and the video of this episode can be found on CISO Series.com    

Defense in Depth
Practical Cybersecurity for IT Professionals

Defense in Depth

Play Episode Listen Later Aug 4, 2022 28:26


All links and images for this episode can be found on CISO Series You're a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They're not completely new to cyber. What's the approach to engagement that helps, but doesn't insult? How do you offer practical cybersecurity advice? Check out this post for the discussions that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is sponsored guest Scott McCrady (@scottsman3), CEO, SolCyber. Thanks to our podcast sponsor, SolCyber At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting. In this episode: How do you communicate about cyber with the IT department? What's the approach to engagement that helps, but doesn't insult? How do you offer practical cybersecurity advice?

CISO-Security Vendor Relationship Podcast
When Does an Exaggeration Become a Lie?

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Aug 2, 2022 38:32


All links and images for this episode can be found on CISO Series We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Anna Belak (@aabelak), director of thought leadership, Sysdig. Thanks to our podcast sponsor, Sysdig Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes. In this episode: What are the questions a CISO should be able to answer? How much dishonesty do you find in cybersecurity? How does one LEAD a cloud migration? What are some lies about machine learning that everyone needs to be aware of?

Cyber Security Headlines
Fake investment network, DawDropper Android malware, North Korea's SharpTongue

Cyber Security Headlines

Play Episode Listen Later Aug 1, 2022 7:32 Very Popular


Huge network of 11,000 fake investment sites targets Europe DawDropper Android apps serve up banking malware North Korea-linked SharpTongue spies on email accounts with a malicious browser extension Thanks to today's episode sponsor, Hyas. Better production environment security starts with visibility. After all, how can you protect your most valuable asset if you don't know A: what's expected and B: when something's happening that isn't expected? This is why HYAS Confront monitors traffic to alert you to anomalies, letting you address risks, threats, and changes, while blocking infiltrations before they become successful attacks. Don't just react, take your security back with HYAS. Visit HYAS.com For the stories behind the headlines, head to CISOseries.com.  

Cyber Security Headlines
Hackers dodge macros, 365 down again, 22M health record breach

Cyber Security Headlines

Play Episode Listen Later Jul 29, 2022 8:06 Very Popular


Hackers opting for new attack methods after Microsoft blocked macros by default Microsoft 365 outage knocks down admin center in North America 22 million US health records breached thus far in 2022 Thanks to today's episode sponsor, Snyk Developers want to code fast and security wants to ship securely. And that's why they both choose Snyk. Backed by industry-leading security intelligence, Snyk provides real-time scanning with automated fixes and remediation advice right from the tools and workflows developers use. Code, dependencies, containers, cloud infrastructure... all of it. And while developers are building securely, Snyk gives security teams a bird's eye view of all of their projects, so they can prioritize and focus their efforts in the right places. Developer tested. Security approved. Start your free Snyk account at snyk.co/cybersecurity. For the stories behind the headlines, head to CISOseries.com.

CISO-Security Vendor Relationship Podcast
Yuck! Now Everyone Has Touched My Data.

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jul 26, 2022 33:47


All links and images for this episode can be found on CISO Series What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: Can the US government, through regulation, shift the tide of never-ending cybersecurity failures? Your network was just hit with ransomware. What do you do in your environment? What should we be discussing more of when it comes to protecting data in the supply chain? What's the biggest security flaw you've seen in every environment you've ever worked?  

CISO-Security Vendor Relationship Podcast
“Bad” Security Practices That Really Aren't All that Bad

CISO-Security Vendor Relationship Podcast

Play Episode Listen Later Jul 19, 2022 36:01


All links and images for this episode can be found on CISO Series If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Carla Sweeney, vp information security, Red Ventures. Thanks to our podcast sponsor, Protegrity Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business. In this episode: Is a CISO really an architect of choices, for themselves and the other business leaders? Why and how can controls impose friction or drag on business velocity? What are the types of questions you ask when you're referencing a resume and what are some examples of really impressive responses? What are some things that get a bad rap, but are actually quite secure?