Podcasts about ciso series

UK launches comprehensive new online safety laws Cisco buys Splunk TransUnion denies breach  Huge thanks to our sponsor, Hyperproof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. What do the people least in the know about cyber, want to know? What are they asking? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Caitlin Sarian, AKA cybersecuritygirl on TikTok. Thanks to our podcast sponsor, DataBee from Comcast Technology Solutions DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business. In this episode: What do the people least in the know about cyber, want to know? What are they asking? How important is it to understand what concerns the average person? Are these reasonable concerns or do you think they're directed by media pressure? How do regular, everyday people know what is safe and best practices without a clear path or studying cybersecurity in depth?

DHS council seeks to simplify cyber incident reporting rules UK passes the Online Safety Bill Finland and Europol take down PIILOPUOTI marketplace Huge thanks to our sponsor, Hyperproof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, visit CISOseries.com.

All links and images for this episode can be found on CISO Series. We've heard a lot of talk about the security risks with emerging AI technologies. A lot of these center around employees using large language models. But what about the potential benefits of this technology for cybersecurity? Could we eventually see a de facto AI CISO on the job? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Rob Duhart, deputy CISO, Walmart. Joining us is our special guest, Aaron Hughes, CISO, Albertsons. Thanks to our podcast sponsor, KnowBe4 In this episode: What are the potential benefits of A.I. for cybersecurity? Could we eventually see a de facto AI CISO on the job? How does neurodiversity improve awareness in your security program? Where have you taken advantage of AI for your security program? And specifically so you can do your job better as a CISO, where does AI deliver opportunities?

Lazarus Group suspected in CoinEx robbery Thailand financial company CardX discloses leak Ransomware hits trucking software provider Huge thanks to our sponsor, Hyperproof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.

Caesars reportedly paid millions to stop Scattered Spider Cybersecurity incident impacts Canada's Weather Network Blocked LockBit affiliate deploys 3AM instead Huge thanks to our sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor's security questionnaire automation software - powered by OpenAI. Compared to the tools on the market, Conveyor's AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That's it. That's the ad. We'll let you get back to the headlines, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Davi Ottenheimer, VP, Trust and Ethics, Inrupt Thanks to our show sponsor, Conveyor The team at Lucid software reduced the time spent answering customer security questionnaires by a whopping 91% with Conveyor's security questionnaire automation software – powered by OpenAI. Compared to the tools on the market, Conveyor's AI auto-generates the most accurate answers to entire questionnaires so you can spend almost zero time on them. That's it. That's the ad. We'll let you get back to the show, but if you want to take away the pain of questionnaires, try a free proof of concept at www.conveyor.com. All links and the video of this episode can be found on CISO Series.com  

All links and images for this episode can be found on CISO Series. A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Matt Tharp, Head of Field Engineering, Comcast DataBee. Thanks to our podcast sponsor, Comcast Technology Solutions In this episode: What exactly is a data lake? How are people thinking about and handling the risks? If you want security data lakes to be successful, what customer problem are you trying to solve? How can you make it both dead simple to use AND highly effective?

MGM Resorts slot machines and ATMs disrupted by "cybersecurity incident" Hackers access sensitive data of thousands of Airbus vendors Cryptoqueen's sidekick sentenced for $4 billion scam Huge thanks to our sponsor, Conveyor Here's how to measure if your security questionnaire answering software is effective. We benchmarked the RFP and compliance tools on the market and most are only generating accurate responses to questionnaires 20-50% of the time. Ready for 80-90% auto-generated accurate answers so you can fly through your review? Then you should try Conveyor's AI-security questionnaire automation tool. Don't believe us? Try a free proof of concept at www.conveyor.com For the stories behind the headlines, visit CISOseries.com.

All links and images for this episode can be found on CISO Series. In everyday life, it's often clear when to call in the authorities. Someone egging your house might not rise to the occasion, but a break-in gets a call to the cops. It's less clear when it comes to a cyberattack. What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, David Ring, section chief at FBI, Cyber Division. Thanks to our podcast sponsor, Hunters Hunters SOC Platform is a SIEM alternative, delivering data ingestion, built-in and always up-to-date threat detection, and automating correlation and investigation processes to reduce risk, complexity, and cost for security teams. Learn more at hunters.security. In this episode: What constitutes a significant attack and what are the regulatory requirements? Once you make the call, how do they help in your response? How do you approach "skills-and competency-based" hiring? And are there certain positions for which a 4-year degree is necessary?

Evil Telegram fake apps send spyware Akamai announces mitigation of largest DDoS on a US financial company Rhysida attacks three more hospitals Huge thanks to our sponsor, Conveyor What's scarier than the Sunday scaries? Opening your inbox to a 200 question, 15 tab macro-enabled workbook containing a customer security questionnaire to complete. Let Conveyor's AI security questionnaire automation tool, powered by OpenAI, help your answering process go a lot faster. Spend 91% less time on questionnaires when you get precise answers auto-generated for you. Try a free proof of concept to see how fast you can get through questionnaires with Conveyor at www.conveyor.com For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino  with guest Dan Walsh, CISO, VillageMD Thanks to our show sponsor, Comcast DataBee DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee makes your data a gold mine, rich with information that enables you to examine the past, react to the present, and protect the future of your business. Learn more at https://comca.st/DataBee. All links and the video of this episode can be found on CISO Series.com

All links and images for this episode can be found on CISO Series. A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group. Thanks to our podcast sponsor, Comcast DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes.  Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business.  In this episode: A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? Which phase of a threat intelligence program gives you the most trouble, and why? What has been your personal experience, and does it change organization to organization? How do you measure the success of the program to prove the value of the work being done?

CISA hires ‘Mudge' to work on security-by-design principles All 50 states call on Congress to address AI-generated CSAM Stake.com loses $41 million to hot wallet hackers Thanks to today's episode sponsor, Comcast What if you could integrate enterprise-wide business intelligence with your security data for better contextual insights into potential threats and compliance issues? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee enables users to leverage integrated insights to mitigate risks and stay compliant. Visit https://comca.st/DataBee. For the stories behind the headlines, visit CISOseries.com.

New PDF MalDoc allows evasion of antivirus MinIO Storage system being used to compromise servers Okta warns of IT help desk attacks  Thanks to today's episode sponsor, Comcast Data rules everything around us – but why are the people who need data the most unable to access it? What if you could boost the productivity of your security teams and their ability to collaborate by providing them access to the same shared and enriched data? You can. With DataBee™, from Comcast Technology Solutions. Learn how DataBee can help your organization make better informed decisions, quickly and cost-effectively. Visit https://comca.st/DataBee For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. Even before the pandemic, we've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Rich Dandliker, chief strategist, Veza. Thanks to our podcast sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. Learn more at Veza.com. In this episode: We've been increasingly living in online collaboration apps. So why are organizations still making basic security mistakes with them? Is this a case of shadow IT or do these apps present unique challenges? Startups are by nature a risky business, most fail. Why do they?

X to collect member employment data Technical details of Sandworm malware ‘Infamous Chisel' released Golf club maker Callaway suffers breach Thanks to today's episode sponsor, Comcast DataBee “Data is the currency of the 21st century”, yet for so many cybersecurity professionals, it's still too difficult to access, correlate and use this ‘currency' for better, faster security and compliance decision-making. That's why Comcast Technology Solutions created DataBee™, a cloud-native security data fabric platform that can help you turn your security data into valuable business ‘currency'. Learn more at https://comca.st/DataBee. For the stories behind the headlines, head to CISOseries.com.

Gamaredon hackers hit Ukraine military Movie giant Paramount Global suffers data breach Takeover swarm exploits OpenFire Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Tim Brown, CISO, Solarwinds. Thanks to our podcast sponsor, Push Security Do you have visibility of all the SaaS apps your employees are storing corporate data on? Are employees protecting all their accounts against identity-based attacks? Discover all the SaaS your employees use - including shadow apps and identities - and secure your data. Find out more at pushsecurity.com. In this episode: When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? During a major incident, which stress is more difficult to manage? Your own, or those around you? How is this everyone's concern?

FBI dismantles Qakbot operation that took millions in ransom University of Michigan severs ties to internet after cyberattack Microsoft joins growing list of organizations criticizing UN cybercrime treaty Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, visit CISOseries.com.

All links and images for this episode can be found on CISO Series. Every company deals with off-boarding employees. Yet it feels like many organizations make basic security mistakes in this process. Is it just a case of HR and IT being out of sync, or is this an inevitably leaky process? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest Lorna Koppel, CISO, Tufts University. Thanks to our podcast sponsor, LimaCharlie Whether you're looking for endpoint security, an observability pipeline, detection and response rules, or other underlying security capabilities, LimaCharlie's SecOps Cloud Platform helps you build a flexible and scalable security program that can evolve as fast as threat actors. Move your SecOps into the modern era. Learn more at limacharlie.io. In this episode: What can a vendor do that will actually make a CISO want to respond to a message? What are we doing right and wrong when it comes to hardening our environments? Do you think organizations are still struggling with hardening their environments and if so, why?

Cisco fixes flaws in NX-OS AND FXOS software Windows preview updates bring blue screen of death FBI warns Barracuda bug still has bite Huge thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate. With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest Gerald Auger Ph.D., Chief Content Creator, Simply Cyber Thanks to our show sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit hyperproof.io to get started today. All links and the video of this episode can be found on CISO Series.com  

Lazarus Group exploits ManageEngine to drop new RATS on internet and healthcare Vulnerabilities in Rockwell ThinManager threaten industrial control systems Mississippi hospital system suffers cyberattack Huge thanks to our sponsor, HyperProof Is your company scaling? Do you need to quickly add more compliance frameworks but don't know where to start? Hyperproof has you covered. Hyperproof is a risk and compliance management platform that can help you manage compliance at scale. With Hyperproof, you can quickly add new frameworks, crosswalk controls between frameworks, view your risk posture, and manage your risks, all in one place. Visit to get started today. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com. In this episode: We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? What does it take to get security to "stick" with your coworkers? Why does security remain so darn difficult?

CISOs proclaim cybersecurity confidence, but majority admit to SaaS incidents Cyber Health Report: Hacker entry point shifts from email to network Duo outage causes Azure Auth authentication errors Huge thanks to our sponsor, HyperProof We get it. You're a risk manager or compliance professional, and you're overworked. You're trying to do the right thing by keeping your company safe and secure, but your technology is holding you back. Why not upgrade to Hyperproof? Hyperproof is a platform that not only eliminates the manual tasks you dread, but helps you scale security. Get a demo today at hyperproof.io. For the stories behind the headlines, head to CISOseries.com.  

All links and images for this episode can be found on CISO Series. Security vendors want to engage with CISOs. Yet many choose tactics that seem blatantly insulting. It might seem obvious that asking a CISO if they care about security does nothing to ingratiate yourself, but we still have inboxes full of these types of messages. So what can a vendor do that will actually make a CISO want to respond to a message? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our special guest, Jeff Hudesman, CISO, Pinwheel. Thanks to our podcast sponsor, Balbix Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs. In this episode: What can a vendor do that will actually make a CISO want to respond to a message? What are we doing right and wrong when it comes to hardening our environments? Do you think organizations are still struggling with hardening their environments and if so, why?

North Korean hackers suspected of targeting S. Korea-US drills Android malware apps use APK compression to evade detection Security agencies warn space industry of increased attacks Huge thanks to our sponsor, HyperProof Tired of managing risk and compliance in spreadsheets? Sick of tracking down stakeholders to find evidence? Worried about whether that evidence is up to date for your next audit? Hyperproof has you covered. With Hyperproof, you can efficiently manage multiple compliance frameworks and risks in a single place so you can focus on what matters most: keeping your company secure and growing. Visit hyperproof.io to get a demo. For the stories behind the headlines, head to CISOseries.com.

Influence operators fine-tuning AI to deceive targets 67% of government agencies claim confidence in adopting zero trust CISA warns of urgent Citrix vulnerability Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review, is hosted by Rich Stroffolino with guest, Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group Thanks to our show sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.  All links and the video of this episode can be found on CISO Series.com

All links and images for this episode can be found on CISO Series. Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Suha Can, CISO, Grammarly. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Is AI the problem? Or is poor human judgement the problem? Is it better to get started with any guardrails until setting up a full policy? What are we going to do now?

  Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, visit CISOseries.com.

All links and images for this episode can be found on CISO Series. We're seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience. But how do you create job posts to encourage that? And how do applicants even show that on a resume? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for the episode is our special guest TC Niedzialkowski‌, CISO, Nextdoor. Thanks to our podcast sponsor, Reqfast Stop treating your various intelligence and security functions as if they are separate, unrelated activities and, instead, bring them together with Reqfast. Identify what's needed, identify areas for improvement, and make data-driven decisions with confidence. In this episode: Are we finally seeing increasing recognition that cybersecurity jobs should focus on competency rather than years of experience? How do you create job posts to encourage that? How do applicants even show that on a resume?

Ford says cars with WiFi vulnerability still safe to drive Cyber Safety Review Board to analyze cloud security in wake of Microsoft hack Knight ransomware distributed in fake TripAdvisor complaint emails Huge thanks to today's episode sponsor, Veza 75% of breaches happen because of bad permissions. The problem is that you don't know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment. For the stories behind the headlines, head to CISOseries.com.

Link to blog post This week's Cyber Security Headlines – Week in Review, August 7-11, is hosted by Rich Stroffolino  with guest, Michael Woods, CISO, GE Thanks to our show sponsor, Conveyor We can all agree there's one thing the AI bots can take from us: completing customer security questionnaires. That's why we built Conveyor's GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It's so accurate, your customers can now use it in our new ‘upload questions to trust portal' feature. It's exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at Conveyor. All links and the video of this episode can be found on CISO Series.com

CISA Warns organizations of exploited vulnerability affecting .NET, Visual Studio Dell Compellent hardcoded key exposes VMware vCenter admin creds DEF CON: Thousands of security researchers vie to outsmart AI in Las Vegas Thanks to today's episode sponsor, Conveyor We can all agree there's one thing the AI bots can take from us: completing customer security questionnaires. That's why we built Conveyor's GPT-questionnaire response tool. It auto-generates precise, accurate answers to entire questionnaires with accuracy far superior to existing tools on the market. It's so accurate, your customers can now use it in our new ‘upload questions to trust portal' feature. It's exactly as it sounds. Customers can upload questions and the AI will generate instant answers based on your trust portal content. Try a free proof of concept with your own data and see why top SaaS companies are making the switch from outdated RFP software and other portal solutions. Learn more at www.conveyor.com. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Jesse Whaley, CISO, Amtrak. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: What if you were to train your staff and give them the skills you want? What if you were to grow your own unicorn? What's the best way to grow your staff? How do you figure out the right mix of talent and prioritize the hiring, training, on the job, and other experiences?

Google's Messages app now uses RCS to encrypt chats Electoral Commission apologizes for security breach involving UK voters' data Banks hit with over $500 million in fines for using out-of-band chat apps Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It's Conveyor's GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It's so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it's not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com

All links and images for this episode can be found on CISO Series. For some security problems, it can be tough to know when to try to fix the problem yourself or turn to a vendor. Deciding this shouldn't start with talking to someone that wants to sell you something. But how do you determine when it's time to call in a vendor? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us for this episode is our special guest, Katie Ledoux, CISO, Attentive. Thanks to our podcast sponsor, Palo Alto Networks As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program. In this episode: Why do many organizations have a problem relating quantification to something meaningful to the business? Is there a way to understand risks on a continuum that will make relating these to business a little more manageable? What are the questions security professionals should be asking themselves?

Microsoft resolves vulnerability following criticism from Tenable CEO FBI investigating ransomware attack crippling hospitals across 4 states New acoustic attack steals data from keystrokes with 95% accuracy Thanks to today's episode sponsor, Conveyor Did you catch the biggest release of the year? No, not Barbenheimer. It's Conveyor's GPT-powered security questionnaire response tool: the most accurate questionnaire automation tool on the market. It's so good, you can let your customers upload their own questions in your trust portal to get instant answers based on your content. And of course, it's not just for your customers. You can use the GPT-questionnaire response tool internally as well to get auto-generated precise answers to entire questionnaires in minutes so all you have to do is review. Maybe it's time to replace your outdated RFP software… Try a free proof of concept with your own data. Learn more at www.conveyor.com For the stories behind the headlines, head to CISOseries.com

Fortinet VPN bug tops CISA's list of most exploited vulnerabilities in 2022 Chrome malware Rilide targets enterprise users via PowerPoint guides Researchers discover bypass for recently fixed Ivanti EPMM vulnerability Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Paul Guthrie (@pguthrie), information security officer, Blend. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev In this episode: What is the one most significant action you've taken to improve access management? What are we doing to improve access management? What is the correct balance between too many controls and not enough? How does each organization find their sweet spot?

Musk sues disinformation researchers for driving away advertisers Researchers claim cloud host facilitated state-backed cyberattacks UK spy agencies want to relax ‘burdensome' laws on AI data use Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, visit CISOseries.com.

All links and images for this episode can be found on CISO Series. Shifting Left is so five years ago. Advice and best practices are great, but context is king. Is there a mixture of best practices AND doing what's right for your business that's actually practical? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us for the episode is our sponsored guest Gaurav Banga, CEO, Balbix. Thanks to our podcast sponsor, Balbix Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs. In this episode: What are your most successful tactics when talking to the boardroom? Is there a mixture of best practices AND doing what's right for your business that's actually practical? What have you heard enough with automation and what would you like to hear a lot more?

Israel's largest oil refinery website offline amid cyber attack claims TSA renews cybersecurity guidelines for pipelines CISA AND Australia warn of IDOR vulnerabilities after major breaches Thanks to today's episode sponsor, Opal Opal is the data-centric identity platform. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower enterprises to understand and calibrate access end to end. The best security teams from companies like Databricks, Figma, Blend, and Drata use Opal to build identity security for scale. Visit Opal.dev. For the stories behind the headlines, head to CISOseries.com.

Millions affected by data breach at US government contractor Maximus Two severe Linux vulnerabilities impact 40% of Ubuntu users Heart monitoring technology provider confirms cyberattack Thanks to today's episode sponsor, AppOmni Over provisioned users could lead to your most sensitive data being exposed or leaked. Just a single attack on one of those users may compromise your entire SaaS estate.   With AppOmni's SaaS Identity Fabric, secure and manage end-users, entitlements, and threat-based activity. Gain visibility and control over provisioned users, the SaaS data they have access to, and receive guided remediation. Get connected with SaaS security experts at AppOmni.com. For the stories behind the headlines, head to CISOseries.com.

All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Is the problem the architecture of the applications themselves or the fact that a non-security group is bringing these applications online? Is it both? Is this problem solvable? What technical controls can you put in place to mitigate risk from apps you deem risky?

All links and images for this episode can be found on CISO Series. There are so many third party vendors we want to work with, but uggh, their security and privacy is so troublesome. Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our guest is Phil Beyer, former head of security, Etsy. Thanks to our podcast sponsor, Balbix Balbix is a cyber risk quantification platform that discovers and manages all your cyber assets, identifies and prioritizes vulnerabilities, and delivers a monetary assessment of cyber risk. This enables CISOs to articulate the value of risk to the board and obtain support and budgets for security programs. In this episode: There are many third party vendors that CISOs & practitioners want to work with, but why is their security and privacy so troublesome? Is it only the security department's job to vet these partners or should everyone have a responsibility of keeping tabs on third party security? What can frontline employees do to manage third-party risk?

All links and images for this episode can be found on CISO Series. When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Is "losing control" inevitable? Is SaaS really extremely difficult to work with at scale?

All links and images for this episode can be found on CISO Series. Do you know what security categories were created this year? I have no idea. Do you know which ones were deleted? I don't think any. Is category growth designed to make more money for the industry? Does it help customers build a better security strategy? It seems like a necessary evil that just confuses customers. The number of categories never decreases or replaces old categories. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Our sponsored guest is Maxime Lamothe-Brassard (@_maximelb), CEO and co-founder at LimaCharlie. Thanks to our podcast sponsor, LimaCharlie LimaCharlie is inviting you for the unveiling of the SecOps Cloud Platform during a two-hour LinkedIn Live event on Wednesday, July 19th, starting at 10:00am PST.  For every registrant, LimaCharlie will be donating $5 to the Internet Archive. Register for the event at limacharlie.io or on the LimaCharlie LinkedIn page. In this episode:  Do you know what security categories were created this year? Do you know which ones were deleted? Is category growth designed to make more money for the industry? Does it help customers build a better security strategy?