Podcast appearances and mentions of gary hayslip

Guest: Gary Hayslip, CISO, SoftBank Investment AdvisorsLinkedIn: https://www.linkedin.com/in/ghayslip/Website: cisodrg.com/biographies/gary-hayslip/Host: Dr. Rebecca WynnOn ITSPmagazine  

All links and images for this episode can be found on CISO Series. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and Gary Hayslip, CISO, Softbank Investment Advisors. Joining us is Keith McCartney, VP, Security and IT, DNAnexus. In this episode: Closing the Credibility Gap Clarifying the Role of Security Engineering Building Resilience at Scale AI Frameworks and Cybersecurity  Thanks to our podcast sponsor, Entro! Reclaim control of your non-human identities with Entro Security! Our platform securely manages non-human identities and secrets throughout their lifecycle. Detect and prevent unusual activity before it becomes a threat. Trust Entro to safeguard your non-human identities in today's complex digital ecosystem.

What do CISOs have to say about the security tools their teams use?:“When we introduce a level of complexity in the system, it undermines security. Every moment wasted trying to use a tool effectively benefits the adversary.” - Matt StamperIn this episode, we talk to cybsecurity leaders Bill Bonney, Gary Hayslip, and Matt Stamper about:The ever-evolving role of the CISO and what CISOs care about most.What product teams designing security software need to understand:Security tools need to operate across varied ecosystems (which means your product team needs to understand those ecosystems).Complexity is the enemy of security. Yes, UX matters.Context-switching means security teams waste time. Instead, security tools need to present the right information at the right time.Why CISOs are excited to leverage AI in security tools—and what concerns them the most.Bill Bonney, Gary Hayslip, and Matt Stamper are seasoned CISOs and cybersecurity leaders. They are co-founders of the CISO Desk Reference Guide—a series of books including topics such as security policy, third-party risk, privacy, and incident response—which provide actionable insights for security leaders.

In this episode of the Application Security Podcast, hosts Chris Romeo and Robert Hurlbut engage in a deep discussion with guest David Quisenberry about various aspects of application security. They cover David's journey into the security world, insights on building AppSec programs in small to mid-sized companies, and the importance of data-driven decision-making. The conversation also delves into the value of mentoring, the vital role of trust with engineering teams, and the significance of mental health and community in the industry. Additionally, Chris, David and Robert share personal stories that emphasize the importance of relationships and balance in life. Books Shared in the Episode:SRE Engineering by Betsy Beyer, Chris Jones, Jennifer Petoff and Niall Richard Murphy  The Phoenix Project by Gene Kim, Kevin Behr and George Spafford Security Chaos Engineering by Aaron Rinehart and Kelly Shortridge CISO Desk Reference Guide by Bill Bonney, Gary Hayslip, Matt Stamper Wiring the Winning Organization by Gene Kim and Dr. Steven J. Spear The Body Keeps the Score by Bessel van der Kolk, M.D. Intelligence Driven Incident Response by Rebekah Brown and Scott J. Roberts Never Eat Alone by Keith Ferrazzi  Thinking Fast and Slow by Daniel Kahneman Do Hard Things by Steve Magness How Leaders Create and Use Networks, Whitepaper by Herminia Ibarra and Mark Lee HunterFOLLOW OUR SOCIAL MEDIA: ➜Twitter: @AppSecPodcast➜LinkedIn: The Application Security Podcast➜YouTube: https://www.youtube.com/@ApplicationSecurityPodcast Thanks for Listening! ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

www.CPOPLAYBOOK.comEpisode TranscriptAboutThe podcast underscores the crucial role of Chief Information Security Officers (CISOs) in protecting organizations from cyber threats. Gary Hayslip, a seasoned CISO, emphasizes the evolving nature of the role from technical to strategic leadership. He highlights the importance of integrating CISOs into the executive team and discusses the ethical concerns surrounding their reporting structure.*Gary HaysllipGary Hayslip is an experienced Global CISO with repeated success delivering innovative security programs to safeguard enterprises at every touchpoint. An insightful thought leader with proven business acumen and commitment to organizational mission, values, and goals. Hayslip brings this wealth of information technology, security leadership, and risk management experience to his role as the CISO, for SoftBank Investment Advisers & SoftBank Group International. Hayslip's previous executive roles include multiple CISO, CIO, Deputy Director of IT, and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software.Hayslip is a proven cybersecurity professional; he has established a reputation as a highly-skilled communicator, author, and keynote speaker. Hayslip co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, The Executive Primer: An Executives Guide to Security Programs, and Developing your Cybersecurity Career Path. He also recently published The Essential Guide to Cybersecurity for SMBs. Hayslip serves as a director on several boards and is also a technology advisor for several others.*All media inquiries: media@cpoplaybook.com

In this episode, Host Ron Eddings catches up with repeat guest, Gary Hayslip, CISO at SoftBank Investment Advisors and co-author of CISO Desk Reference guide. Gary explains that the varied nature of his current CISO role contrasts with the broader industry trends. He discusses how that nature plays into the CISO hiring process and career path, as well as how his books are helping to bridge the gap among professionals.   Impactful Moments: 00:00 - Welcome 00:59 - Introducing guest, Gary Hayslip 01:38 - The Path to Becoming a CISO 08:04 - CSO vs CISO 10:47 - “I'm firing you…” 15:03 - Interviewing for the CISO role 17:56 - Join Our Mastermind 18:39 - Being ‘Mr. Maybe' 21:41 - CISO- A Day in the Life 24:50 - Using Books to Pave the Way   Links: Connect with our guest Gary Hayslip: https://www.linkedin.com/in/ghayslip/ Check out Gary's Books: https://www.amazon.com/stores/Gary-Hayslip/author/B01IJN838A?ref=ap_rdr&isDramIntegrated=true&shoppingPortalEnabled=true Join our creative mastermind and stand out as a cybersecurity professional: https://www.patreon.com/hackervalleystudio Become a sponsor of the show to amplify your brand: https://hackervalley.com/work-with-us/ Love Hacker Valley Studio? Pick up some swag: https://store.hackervalley.com Continue the conversation by joining our Discord: https://hackervalley.com/discord

Guest: Gary Hayslip, Chief Security Officer at SoftBank Investment AdvisersOn Linkedin | https://www.linkedin.com/in/ghayslip/On Twitter | https://twitter.com/ghayslip____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin and guest Gary Hayslip engage in a conversation about thought leadership and knowledge sharing in the cybersecurity community. They discuss the process of creating a matrix or list of topics of interest and grading them based on comfort and expertise levels.Gary emphasizes the importance of passion and purpose in thought leadership, viewing it more as mentorship rather than traditional leadership roles. He shares his own journey, starting small by speaking at local chapters and gradually expanding to larger conferences. Various writing platforms like LinkedIn, Medium, and personal websites are discussed as avenues for sharing content and seeking feedback from the community.The conversation emphasizes the continuous learning and updating of knowledge to provide valuable insights. Gary highlights the qualities of a thought leader, including passion, purpose, and a genuine desire to help others.Overall, the episode offers insights on thought leadership, knowledge sharing, and the process of becoming a trusted mentor in the cybersecurity field. Listeners can expect an engaging and informative conversation between Sean Martin and Gary Hayslip that focuses on the practical aspects of sharing expertise and making a positive impact in the community.____________________________Watch this and other videos on ITSPmagazine's YouTube ChannelRedefining CyberSecurity Podcast with Sean Martin, CISSP playlist:

Guest: Gary Hayslip, Chief Security Officer at SoftBank Investment AdvisersOn Linkedin | https://www.linkedin.com/in/ghayslip/On Twitter | https://twitter.com/ghayslip____________________________Host: Sean Martin, Co-Founder at ITSPmagazine [@ITSPmagazine] and Host of Redefining CyberSecurity Podcast [@RedefiningCyber]On ITSPmagazine | https://www.itspmagazine.com/itspmagazine-podcast-radio-hosts/sean-martin____________________________This Episode's SponsorsImperva | https://itspm.ag/imperva277117988Pentera | https://itspm.ag/penteri67a___________________________Episode NotesIn this episode of the Redefining CyberSecurity Podcast, host Sean Martin and guest Gary Hayslip engage in a conversation about thought leadership and knowledge sharing in the cybersecurity community. They discuss the process of creating a matrix or list of topics of interest and grading them based on comfort and expertise levels. But is it thought leadership we seek or thought mentorship?

On this episode, Perry sits down with Chad Peterson, Managing Director at NetSPI, to discuss the importance of penetration testing. We touch on aspects of social engineering, discussing complex security issues with Boards of Directors, the prevalence of Ransomware, and some of the unique challenges facing the healthcare industry. Guest: Chad Peterson (LinkedIn) (Twitter) Books & References (Books are Amazon Associate links) CISO Desk Reference Guide: A Practical Guide for CISOs by Bill Bonney, Gary Hayslip, & Matt Stamper Penetration Testing: A Hands-On Introduction to Hacking by Georgia Weidman  Practical Social Engineering: A Primer for the Ethical Hacker by Joe Gray Ransomware Protection Playbook by Roger Grimes The Smartest Person in the Room: The Root Cause and New Solution for Cybersecurity by Christian Espinosa Perry's Books (Amazon Associate links) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer Perry's new show, Digital Folklore kicked-off Jan 16, 2023. It's all about the oddities and importance of online culture. Check out the website (https://digitalfolklore.fm/) to see our custom artwork, subscribe to the newsletter, check out our merch, Patreon, and more. Want to check out what others are saying? Here's some recent press about the show: https://digitalfolklore.fm/in-the-news Production Credits: Music and Sound Effects by Blue Dot Sessions, Envato Elements, Storyblocks, & EpidemicSound. 8Li cover art by Chris Machowski @ https://www.RansomWear.net/. 8th Layer Insights theme music composed and performed by Marcos Moscat @ https://www.GameMusicTown.com/ Want to get in touch with Perry? Here's how: LinkedIn Twitter Instagram Email: perry [at] 8thLayerMedia [dot] com

This is Part 1 of an incredible series of interviews Allan conducted live at RSA 2023.  Guests include: Gary Hayslip, CISO @ Softbank Investment Advisers Michael Calderin, CISO @ YAGEO Group David Cross, CISO @ Oracle SaaS Cloud Audra Streetman, Security Strategist @ Splunk Adrian Peters, CISO @ Vista Equity Partners Robin Sundaram, CISO @ RELX Merritt Baer, Office of the CISO @ AWS Rob Wood, CISO @ Centers for Medicare & Medicaid Services Bryan Green, CISO Americas @ ZScaler Stephanie Derdouri, Sr. Manager, Information Security and Technology Risk Management @ Capital Group Andres Andreu, CISO @ 2U Paul Love, CISO & Chief Privacy Officer @ Co-op Solutions Royce Markose, former CISO Bob Schuetter, CISO @ Ashland Susan Thomas, CEO @ 10Fold Brian Markham, CISO @ EAB Ken Foster, VP of IT GRC @ FLEETCOR Elizabeth Martinez, Account Exec @ ThreatLocker Josiah Dykstra, Senior Fellow, Office of Innovation @ The NSA Kevin Brown, CEO @ Innit Brent Deterding, CISO @ Afni Audra Streetman, Security Strategist @ Splunk Wendy Whitmore, SVP, Unit 42 @ Palo Alto Networks I ask my guests several questions including: How do you impact the top and bottom line? What topics are you tired of in cybersecurity? There are also some special interviews at the end - discussions about the RSA conference itself, tech stack sprawl, and personal branding and marketing for CISOs.  Oh - and a question about how vendors and CISOs can work better together AND a conversation about how government and industry can work together in cybersecurity. Give this one a listen!  It's jam-packed with great insights! Sponsored by AttackIQ & Semperis. AttackIQ offers a new fully managed breach and attack simulation service.  They are the premier provider of MITRE ATT&CK-based security control validation.  https://attackiq.com Semperis provides the industry's most comprehensive Active Directory and Azure AD cyber resilience platform, supported by specialized AD incident response expertise.  https://semperis.com      

Guest:  Gary Hayslip, CISO at Softbank Topics:  "So we're talking about your journey as a CISO migrating to Cloud. Could you give us the 30 second overview of  What triggered your organization's migration to the cloud? When did you and the security organization get brought in? How did you plan your security  organization's journey to the cloud? Did you take going to cloud as an opportunity to change things beyond the tools you were using?  As you got going into the cloud, what was the hardest part for your organization? If that was hardest, what was most surprising? Good surprise and bad surprise? Let's shift to some tactical gears: How did you design security controls for the cloud? Did your data security practice change? Did your detection  / response practice change? How has the CISO role evolved and is evolving due to the cloud? Having covered all that tactical terrain, one final strategic question: is moving to Cloud a net risk reduction? Can it be? Resources: “CISO Desk Reference Guide” book by Gary Hayslip “The Essential Guide to Cybersecurity for SMBs” book by Gary Hayslip “Develop Your Cybersecurity Career Path” book by Gary Hayslip

In this very special episode of CISO Talks, we sit down with global CISO, Gary Hayslip. We discuss the ever changing role of the CISO and what some of the biggest changes and challenges CISOs are faced with today. Guest in this episode: Gary Hayslip - Global CISO | Board Member | Investor | Mentor | Servant Leader https://www.linkedin.com/in/ghayslip/ Also available on: IGTV: www.instagram.com/instalepide SoundCloud: bit.ly/2MYHwxR Spotify: spoti.fi/2N0XGXR iTunes: apple.co/2N0sO9P Follow us on Social Media: LinkedIn - bit.ly/2FWHKoM Twitter - bit.ly/2FWNO0C Instagram - bit.ly/2FWMxXj Facebook - bit.ly/2FXb2Ue

TCE talks Cybersecurity Awareness Month 2022 and Seeing Yourself in Cyber with Chris Foulon of the Breaking into Cybersecurity podcast. Resources and Mentions (it's a long list, but we love to share resources and other's great work) Breaking into Cybersecurity Podcast: A conversation about what you did before, why did you pivot into cyber, what was the process you went through Breaking Into Cybersecurity Develop Your Cybersecurity Career Path: How to Break into Cybersecurity at Any Level https://amzn.to/3443AUI by Gary Hayslip, Christophe Foulon, Renee Small Hack the Cybersecurity Interview: A complete interview preparation guide for jumpstarting your cybersecurity career https://www.amazon.com/dp/1801816638/ by Ken Underhill, Christophe Foulon, Tia Hopkins The Whole Cyber Human Initiative https://www.wholecyberhumaninitiative.org/Creating Workforce Development to fix the talent gaps today @chris_foulon @BreakintoCyber Whole Cyber Human Initiative Valorr Cybersecurity NIST National Initiative for Cybersecurity Education (NICE) @InfoSecSherpa(Tracy Z. Maleeff) Cybersecurity Awareness Month https://staysafeonline.org/ @LisaPlaggemier The Gate 15 Interview: Cybersecurity Awareness Month 2022 with the National Cybersecurity Alliance, Auto-ISAC and FS-ISAC! Plus, background! shout-outs!! favorite movies, tigers, and more!!! Not mentioned in this podcast, but a couple of relevant (CS)²AI podcasts hosted by @Derek_Harp that I came across after – I hope they don't mind the mentions! (CS)2AI Podcast 53: Career Advice for Women Pursuing Cybersecurity Positions with Danielle Jablanski (Nozomi Networks) @CyberSnark (CS)2AI Podcast 52: Cybersecurity Careers, Educational Requirements and Resume Advice with Ron Brash Ron Brash (aDolus) @ron_brash

In every episode I record with my guests, I ask them one crucial question: "What do you hate most about the cybersecurity industry?" In this episode, I curated the top answers for you. What's more, you'll get an understanding of what security practitioners, go-to-market teams, and cybersecurity vendors can do to alleviate some of these problems in the industry. Who will you hear from? [00:45] Joshua Marpet [01:39] Limor Kessem [03:43] Nick Ryan [04:43] Tal Arad [05:42] Leo Cruz [06:39] Gary Hayslip [08:05] Dmitriy Sokolovskiy [09:29] Allan Alford [12:39] Ryan Cloutier [15:43] Joseph Carson [17:09] Evan Francen [21:19] Malia Mason [24:08] Jenny Botton [25:23] Ferd Hagethorn [26:50] Chris Roberts Join Audience 1st Today Join 550+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/

I get the fact that you're talking about the offensive framework, but you should really talk about the compliance framework, which a lot of CISOs, unfortunately, have to live in. Show them that too. In this episode, I had a brutally honest conversation with Gary Hayslip, Global CISO for SoftBank Investment Advisers & SoftBank Group Internationalת about his challenges, goals, what vendors do that piss him off, and the alternatives. Join Audience 1st Today Join 300+ cybersecurity marketers and sellers mastering security buyer research to better understand their audience and turn them into loyal customers: https://www.audience1st.fm/  

All links and images for this episode can be found on CISO Series Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing? Check out this post and this post for the discussion that are the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi. Thanks to our podcast sponsor, Keyavi Myth: Data can't protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com. In this episode: How do we secure data today, to be ready for whatever comes next in computing? How do we go about building a data transformation program that's platform agnostic? Why has this simple concept turned into a monumental task?

For companies operating in the digital space, the subject of security has become critical.  But not many organizations know how to deal with it, what tools to use, and what departments to involve.Therefore, it's critical for businesses to understand the importance of intel teams, how they collect and analyze data to mitigate risks and when outsourcing is inevitable. In this episode of Dr. Dark Web, our host Chris Roberts welcomes Gary Hayslip, the Global CISO at SoftBank Investment Advisers & SoftBank Group International. The two discuss the importance of reviewing the technology purchased and determining the additional risk they are exposed to as a result. They also talk about the importance of data and putting it into the proper context to be used adequately. Finally, they touch upon the relationships companies must develop with solutions providers — not looking at them as vendors but as partners. 

Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn't mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We'll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2). Original release date: Aug 31, 2021. Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation, Freakonomics 20 Cognitive Biases That Affect Risk Decision Making, SafetyRisk.net Factor Analysis of Information Risk (FAIR) Framework The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, by Michele Wucker (Amazon Affiliate Link) You Are What You Risk: The New Art and Science of Navigating an Uncertain World, by Michele Wucker (Amazon Affiliate Link) Why are Humans Bad at Calculating Risk?, Cogency Why You're Probably Not So Great at Risk Assessment, NY Times Why the Human Brain is a Poor Judge of Risk, Wired Humans are Terrible at Assessing Risk, by Kimberly Forsythe Why We're Awful at Assessing Risk, USA Today CISO Desk Reference Guides vol1 & vol2, by Bill Bonney, Gary Hayslip, Matt Stamper (Amazon Affiliate Link) Transformational Security Awareness: What Neuroscientists, Storytellers, and Marketers Can Teach Us About Driving Secure Behaviors, by Perry Carpenter (Amazon Affiliate Link) The Security Culture Playbook: An Executive Guide To Reducing Risk and Developing Your Human Defense Layer by Perry Carpenter & Kai Roer (Amazon Affiliate Link) Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski.

On this special episode of CISO Tradecraft, we have Gary Hayslip talk about his lessons learned being a CISO.  He shares various tips and tricks he has used to work effectively as a CISO across multiple companies.  Everything from fish tacos and beer to how to look at an opportunity when your boss has no clue about cyber frameworks.  There's lots of great information to digest.     Additionally, Gary has co-authored a number of amazing books on cyber security that we strongly recommend reading.  You can find them here on Gary's Amazon page.  

In today's episode, CISOs Monica Verma and Gary Hayslip talk about how to communicate and report to the board, real value of cybersecurity and its ROI, managing both current and future risk, how to make security seamless, and tips for communication around breaches. For video check out MonicaTalksCyber.Support the show (https://www.buymeacoffee.com/wetalkcyber)

Link to Blog Post This week's Cyber Security Headlines – Week in Review, Jan 24-28, is hosted by Rich Stroffolino with our guest, Gary Hayslip, CISO, Softbank Investment Advisers Thanks to our episode sponsor, deepwatch All links and the video of this episode can be found on CISO Series.com

Risk is a funny thing – our minds are constantly looking for risk, scanning our environments and our available choices. And sometimes we do a great job at anticipating and avoiding risky situations. But that doesn't mean that we are universally good at dealing with risk. In fact, we can be downright appalling at considering and avoiding risk. In this episode, we explore the concept of risk, why we're so bad at understanding it, and the steps we can take to improve. Perry speaks with four risk experts who will help us understand the ups and downs of how we evaluate risk. We'll touch on everything from Black Swans to Grey Rhinos to risk frameworks, risk equations, inbuilt risk in the design of computing interfaces, and more. Featuring Michele Wucker (author of The Grey Rhino and You Are What You Risk), Christian Hunt (Founder of Human Risk), Dr. Arun Vishwanath (Founder and Chief Technology Officer of Avant Research Group), and Matt Stamper (Chief Information Security Officer and Executive Advisor at EVOTEK and co-author of the CISO Desk Reference Guides vol1 & vol2). Guests: Michele Wucker Christian Hunt Arun Vishwanath Matt Stamper Resources & Books: Black Swan Theory Grey Rhino Events Various Risk Equations Risk Perception Equation, Freakonomics 20 Cognitive Biases That Affect Risk Decision Making, SafetyRisk.net Factor Analysis of Information Risk (FAIR) Framework The Gray Rhino: How to Recognize and Act on the Obvious Dangers We Ignore, by Michele Wucker You Are What You Risk: The New Art and Science of Navigating an Uncertain World, by Michele Wucker Why are Humans Bad at Calculating Risk?, Cogency Why You're Probably Not So Great at Risk Assessment, NY Times Why the Human Brain is a Poor Judge of Risk, Wired Humans are Terrible at Assessing Risk, by Kimberly Forsythe Why We're Awful at Assessing Risk, USA Today CISO Desk Reference Guides vol1 & vol2, by Bill Bonney, Gary Hayslip, Matt Stamper Music and Sound Effects by Blue Dot Sessions, Envato Elements, & Storyblocks. Artwork by Chris Machowski.

All links and images for this episode can be found on CISO Series The demand for CISOs is growing due to increased regulations and cyber threats. Yet, while the demand is there, the supply keeps rotating. Companies think the next CISO is going to fix the problems of the last one. Why is a CISO's tenure so short and why is the hiring process for CISOs so disjointed? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, Steve Zalewski, and Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers Thanks to our podcast sponsor, RevCult On average, 18 percent of all your Salesforce data fields are highly sensitive and 89 percent of users have access to that data. RevCult is the only solution that helps you understand the data you have in Salesforce, and if you're protecting it. Get a free Salesforce Security Self-Assessment to understand your Salesforce security weaknesses. In this episode: Why a CISO's tenure is so short and why they leave The value of keeping risk management in the CISO's sights The need to clarify the CISO role in the mind of the executive The need to clarify the CISO role in the mind of the CISO

Today, host and CISO Allan Alford interviews friend and fellow CISO Gary Hayslip. Besides being a brilliant business leader, Gary is an author, mentor, and one of the best all-around humans Allan knows! To start the conversation, Allan asks Gary to share about himself and his background in cybersecurity. While he had a natural interest in computers and technology more generally, Gary's formal entrance to the cybersecurity field came during his time in the military. He developed a love for security, and as he's climbed within the industry in the years after his military service, he's also developed a strong network as a colleague and mentor. Allan tapped into this shared community through one of its most-used platforms, LinkedIn, to find out what others in the field would most like to learn from Gary. The first questions deal with topics of leadership and training, and Gary explains his own practices of educating himself and his team. In his own life, he is committed to maintaining up-to-date knowledge of his rapidly changing field through research and reading; such knowledge is necessary if Gary is to lead as effectively as he can. Gary also provides opportunities for his staff to receive continuing education, and he does not worry that he might train employees beyond their roles. Rather, he embraces the privilege of partnering with his staff to see them succeed on their career paths. There is a lot that goes into Gary's practice of crafting and leading a team, and the COVID-19 pandemic has caused him to make some coaching changes. One-on-one meetings and conversations about family are more frequent, but the emphasis on building team trust and leading team members to own the business strategy remain constant. Gary assigns team members to take the lead on and complete briefings for different aspects of the strategy, and also expects them to back each other up. This practice not only fosters ownership of business processes and development of employee skills, but also shapes the kind of culture Gary insists his team have. He requires team members to possess certain soft skills, be people of honesty who take personal responsibility, and be comfortable in team and group contexts. Gary tries to care for his workers by taking harder hours on himself than he expects them to work, but as the conversation wraps up, he explains that he is mainly motivated in his work by love for the community and people in the field! Key Takeaways 0:21 - Host Allan Alford welcomes listeners to the show and introduces Gary Hayslip. 1:08 - Allan asks Gary to share about his background. 2:08 - The first questions deal with continuing education for Gary and his team. 6:58 - How has Gary's coaching changed because of COVID-19? 10:54 - What are Gary's methods for helping his team take on pieces of his strategy? 17:55 - COVID-19 also raises new questions about work-life balance. 21:45 - The next question deals with how Gary develops team culture. 25:39 - What keeps Gary going in cybersecurity? Links: Learn more about Gary Hayslip on LinkedIn. Follow Allan Alford on LinkedIn and Twitter Learn more about Hacker Valley Studio and The Cyber Ranch Podcast Sponsored by our good friends at Axonius

Gary Hayslip joined me for Veteran November and a special CISO Talk episode, we talk about our military service, his outlook on cyber and leadership. Gary shares his views on what CISO's are experiencing right now and how the industry is evolving and will evolve over the next few years. Don't miss this amazing talk! Gary's Bio: While others take pride in meeting all standards set before them, Hayslip's focus is delivering service beyond organizational expectations and creating a collaborative culture. As a leader and subject matter expert in Cybersecurity, Hayslip has had the opportunity to spearhead highly visible projects, drive immediate and long-range goals, and build dedicated high-performance teams to achieve enterprise enablement. With a multi-faceted background that spans both public and private sectors, Hayslip's scope includes working with and guiding global high-growth product and financial service organizations, the US Navy, and the City of San Diego. Combining his business acumen and hands-on approach, he focuses on "getting things done right the first time" with minimal disruption to business operations. As an expert communicator, he has continually demonstrated a high comfort level with publicizing and executing strategic plans as a spokesperson and liaison. Hayslip's proven strengths in collaboration and negotiation allow him to engage and influence staff at all organizational levels, an essential skill when navigating strategic change and deploying new technologies. Specialties: IT Strategy & Governance | Security Architecture & Development Frameworks | Identity & Access Management | Security Engineering | Threats Assessment | Vulnerability Management | Enterprise IT & Cybersecurity Operations | Regulatory Management | Cloud Security | DevOps & Security Integration | Servant Leadership | Project Management | Compliance/Frameworks: NIST CSF, PCI DSS, GDPR, ISO 27001, J-SOX, SOC-2, FCA, JFSA, JFSC, and SEC. **** James Azar Host of CyberHub Podcast James on Twitter: https://twitter.com/james_azar1 James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk

Gary Hayslip joined me for Veteran November and a special CISO Talk episode, we talk about our military service, his outlook on cyber and leadership. Gary shares his views on what CISO's are experiencing right now and how the industry is evolving and will evolve over the next few years. Don't miss this amazing talk! Gary's Bio: While others take pride in meeting all standards set before them, Hayslip's focus is delivering service beyond organizational expectations and creating a collaborative culture. As a leader and subject matter expert in Cybersecurity, Hayslip has had the opportunity to spearhead highly visible projects, drive immediate and long-range goals, and build dedicated high-performance teams to achieve enterprise enablement. With a multi-faceted background that spans both public and private sectors, Hayslip's scope includes working with and guiding global high-growth product and financial service organizations, the US Navy, and the City of San Diego. Combining his business acumen and hands-on approach, he focuses on "getting things done right the first time" with minimal disruption to business operations. As an expert communicator, he has continually demonstrated a high comfort level with publicizing and executing strategic plans as a spokesperson and liaison. Hayslip's proven strengths in collaboration and negotiation allow him to engage and influence staff at all organizational levels, an essential skill when navigating strategic change and deploying new technologies. Specialties: IT Strategy & Governance | Security Architecture & Development Frameworks | Identity & Access Management | Security Engineering | Threats Assessment | Vulnerability Management | Enterprise IT & Cybersecurity Operations | Regulatory Management | Cloud Security | DevOps & Security Integration | Servant Leadership | Project Management | Compliance/Frameworks: NIST CSF, PCI DSS, GDPR, ISO 27001, J-SOX, SOC-2, FCA, JFSA, JFSC, and SEC. **** James Azar Host of CyberHub Podcast James on Twitter: https://twitter.com/james_azar1 James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/   ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter   ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk

Gary Hayslip joined me for Veteran November and a special CISO Talk episode, we talk about our military service, his outlook on cyber and leadership. Gary shares his views on what CISO's are experiencing right now and how the industry is evolving and will evolve over the next few years. Don't miss this amazing talk! Gary's Bio: While others take pride in meeting all standards set before them, Hayslip's focus is delivering service beyond organizational expectations and creating a collaborative culture. As a leader and subject matter expert in Cybersecurity, Hayslip has had the opportunity to spearhead highly visible projects, drive immediate and long-range goals, and build dedicated high-performance teams to achieve enterprise enablement. With a multi-faceted background that spans both public and private sectors, Hayslip's scope includes working with and guiding global high-growth product and financial service organizations, the US Navy, and the City of San Diego. Combining his business acumen and hands-on approach, he focuses on "getting things done right the first time" with minimal disruption to business operations. As an expert communicator, he has continually demonstrated a high comfort level with publicizing and executing strategic plans as a spokesperson and liaison. Hayslip's proven strengths in collaboration and negotiation allow him to engage and influence staff at all organizational levels, an essential skill when navigating strategic change and deploying new technologies. Specialties: IT Strategy & Governance | Security Architecture & Development Frameworks | Identity & Access Management | Security Engineering | Threats Assessment | Vulnerability Management | Enterprise IT & Cybersecurity Operations | Regulatory Management | Cloud Security | DevOps & Security Integration | Servant Leadership | Project Management | Compliance/Frameworks: NIST CSF, PCI DSS, GDPR, ISO 27001, J-SOX, SOC-2, FCA, JFSA, JFSC, and SEC. **** James Azar Host of CyberHub Podcast James on Twitter: https://twitter.com/james_azar1 James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk

Francesco had the honour to be joined by Gary an inspiration and published author as well as cybersecurity personality. Gary Hayslip is the Chief Information Security Officer at Investment living in San Diego and part of the San Diego cybersecurity community. Gary is a gamer extremely discipled learner and loves technology, sharing his insights from his long and accomplished career in cybersecurity. Gary shares in this episode how business has changed since COVID and what a wartime CISO does in peacetime and how to return to normality   The podcast is brought you by the generosity of NSC42 Ltd, your cybersecurity partner. Cybersecurity is a complex and different for every organization, and you need the best-tailored service to make sure your customer's data is safe and sound so that you can focus on what's important, focusing on your clients and bringing the best and safest experience.  1:00 Introducing Gary Hayslip 3:50 Giving back and riding work/life balance 7:17 COVID effects on business 11:30 Security concerns working from home 15:40 Preventing hacks and breaches 20:26 Adjusting to working from home 31:49 Stories of application security 34:15 Advice to a new executive 36:29 Advice to students and young professionals 41:32 Mentorship 44:48 Final positive thought on cybersecurity Links Gary Hayslip Twitter @ghayslip https://www.linkedin.com/in/ghayslip/ Cyber Security and Cloud Podcast #CSCP http://www.cybercloudpodcast.com 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/set-it-forget-it-reset-it-repeat/) As long as you reset it and repeat, everything in cybersecurity is "set it and forget it". This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Brett Conlon (@DecideSecurity), CISO, Edelman Financial Engines. Check out Tricia Howard's dramatic readings of cold emails. Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com. On this week's episode Why is everybody talking about this now On LinkedIn and on Twitter, I asked "Is there anything in cybersecurity that's 'set it and forget it'?" There were plenty of funny answers like "Passwords" and the "Off" switch. But there were some interesting answers like whitelists from Brian Haugli of Sidechannel security and ethics from Stephen Gill of Russel Holdings. So many treat security as "set it and forget it" but we know that's a path to insecurity. Regardless, is there ANYTHING in security we can set and forget? Question for the board Our guest claims he's got an awesome board. I don't think we've ever heard that on our show. In most cases there's either fear of the board or the CISO doesn't even get direct conversation with the board. I asked our guest what is it about his board that's so awesome and what tips could he give to CISOs to move their board into that territory? What's Worse?! Who is going to handle physical assets the worst? If you haven’t made this mistake, you’re not in security Alexander Rabke, Splunk, asked, "How should sales people handle situations when, in fact, you are a security company with a security vulnerability (he also talked about a product not working) - what do you tell customers. How do you like to see this handled by the vendor?" I know a first response is to be honest, but they want to hold onto your business. What's a way salespeople could go about doing that? What do you think of this pitch? We're not talking vendor pitches in this segment. We're talking candidate pitches. Gary Hayslip, CISO, Softbank Investment Advisers and former guest on this show has an article on Peerlyst, a platform which is unfortunately going away, about finding your first job in security. Hayslip's first tip asks, "What information do you have?" Researching yourself is good advice, but I want to extend that to a question that I think puts you ahead of the pack and ask, "What's your unfair advantage?" It's a question that I heard investor Chris Sacca ask startups and I think it can also apply to individuals applying for jobs. Agree? If so, what are some good unfair advantages from candidates that have put them over the top?

Bill Bonney is a well known figure in the security community having co-authored the CISO Desk Reference Guide with Matt Stamper & Gary Hayslip. Their book series is a meant to be a practical guide to help modern CISO's take on many challenges including executive leadership, communication, and business savvy. So of course, right in our wheelhouse. The books recently been published into the Cybersecurity Canon, the leading authority of cybersecurity content and books managed by Palo Alto Networks and The Ohio State University. During today's discussion, Bill and I discuss: How security leaders can conduct 'walk-about's' to position themselves as business enablers with the intent to listen and learn rather than describe how you support them CISO's forming a mentor relationship with a seasoned business leader within your organization The role digital transformation has played and will continue to play for security teams Website: businessofcyber.com LinkedIn: Joe Vinck & Business of Cyber Twitter: @joey_vinck OFFER FOR FIRST TEN EPISODES In order to enter for a chance to win each book discussed in the first 10 episodes, please rate & leave a review wherever you listen to podcasts and reach out to Joe via Email, LinkedIn, or Twitter with your username to let us know you've rated. Winners will be announced after Episode 10

In this episode, we have the powerful Gary Hayslip in the studio to give us a master class on cybersecurity leadership. We talk about his leadership journey, the relationship between the CISO and the rest of the business, and disconnecting with LEGOs. Gary's LinkedIn: https://www.linkedin.com/in/ghayslip/CISO Desk Reference Guide: https://cisodrg.com/Sponsor for this episode: https://canary.tools/ 

In this episode of The New CISO Podcast, the host Steve Moore, and guest Gary Hayslip discuss the difficulties veterans face when transitioning to the business world. They also converse on how to remedy security failings, and how risk ownership mentally and physically impacts CISOs.       A Challenging Transition for Military Personnel      After serving in the military for however many years, enlisted personnel receive one class on how to transition to civilian life. While the class teaches how to format resumes, it doesn’t provide the amount of support military need to adjust to a new lifestyle.     When you are in the military, everything is organized and planned out for you, from your day, to your week, to your month, to your year. You always understand what you need to do, and what path to follow.     When that type of strict structure falls away after duty, many veterans feel lost. They enter a new world filled with so much uncertainty. Suddenly, they have nothing planned out—they don’t even know what they’re doing the next hour.       Overcoming Fears     In order to overcome this anxiety, Hayslip stresses that you must begin planning your civilian life while during your tour—and more than just in the last six months of your time. He suggests planning out civilian life as early as two years ahead of time. If you start early, you leave room for any road bumps you may encounter.     Moore and Hayslip recognize that this transition is a period of intense personal and professional growth. Oftentimes, vets can feel helpless, wondering how they will provide for their families. Hayslip suggests that military can rely on what they already know: community and mission.      We discuss on today’s episode what Hayslip means by discovering a new community, one that connects them to a broader purpose and to others. We also talk about finding a new mission, and how this can help transitioning vets find themselves again.       How Non-vet Employers Can Help     As a non-veteran, Moore asks how employers can help their recently hired vet-employees. Hayslip suggests that veterans need to be provided guidance, but also a level of flexibility. Military personnel need to understand how much room they have to move. We deliberate on the nuances of steering vet-employees, and how to communicate the level of risk they are allowed to have.      The AAR Process     In broadening the topic from veterans to cybersecurity companies in general, we discuss the proper and most effective way to process an AAR.     Hayslip emphasizes constant documentation and how AAR needs to be information and solution focused. This includes as much data and documentation as possible.    In addition to data and documentation, Hayslip advocates for providing opinion and experience. If you offer why you made a specific decision based on previous experiences, then the team leader can have a better context to what happened. The leader can focus on why your decision worked one time and not another.       What doesn’t work for AARs    However, we believe that sometimes the process of an AAR becomes muddled.     Hayslip points to when blame enters the equation, the AAR becomes ineffective. If one group is blamed in particular, then no one learns what actually happened. It also leads to people shying away from honesty. Moore highlights how bad leadership uses an AAR as a weapon against the employees, which only breeds mistrust and inefficiency.    Hayslip offers his solutions to combat a toxic environment surrounding an AAR, such as breaking the teams down into small groups and facilitating self-reflection. In this episode, he dives into why this strategy works and how best to remove blame from the situation.        A Mission vs. a Mission Statement     We also touch on what we believe is the difference between a company mission and the sometimes corporate-sounding mission statement.     Hayslip acknowledges that a mission statement is an attempt to get different groups of people focused in the same direction. But does a bland, emotionless statement do the trick? Not always. He points to focusing on purpose—what is the purpose of this company, other than to survive? He challenges businesses to remove the capitalistic goals for a moment and ask themselves what their purpose is. What does their product do for society? As your company evolves, so should your mission statement to reflect that change.    Hayslip also proposes a way to structure mission statements with subsets, such as an action statement. He delves into why multiple statements help clarify the goals of each team, and of the overall company. Listen to the episode to hear the additional statements!     Inclusive Culture     Facilitating a more inclusive work culture in companies and cyber security teams can only benefit everyone involved. Hayslip offers ideas such as a “Lunch and Learn” or visiting other departments in order to grant more visibility to all parts of a company. Listen on to discover how these events helped bridge relationships with other teams, how it relates to the mission statement and what came of inclusivity.       Risk Ownership     Towards the end of the episode, we touch on how the idea of risk ownership impacts CISOs mentally and physically.     Moore and Hayslip ask the question: who owns the risk? Many CISOs feel the responsibility falls solely on their shoulders, leading to a high stress level and burn-out rate. Hayslip jokes that the pressure could give you an ulcer—and it has for some leaders. However, risk is also made up of many things that those leaders cannot control. While the lack of control exasperates the stress for CISOs, it’s also important to understand that if you can’t control everything, then risk is not all on you. As Hayslip says, risk ownership is for the whole company.        The Essential Guide to Cyber Security for SMBs    Lastly, Moore mentions Hayslip’s recent book, The Essential Guide to Cyber Security for SMBs. In his book, he covers how many SMB’s believe they don’t need cyber security because they think they are too small. However, Hayslip puts forth that if you are on the internet, you are a target, especially SMBs. Check out his book to find out why!       Links:   Exabeam: Website New CISO Podcast Steve Moore - Linkedin  Gary Hayslip - LinkedIn  The Essential Guide to Cybersecurity for SMBs   CISO Desk Reference Guides 

All links and images for this episode can be found on CISO Series (https://cisoseries.com/we-compensate-our-low-paying-ciso-jobs-with-high-stress/) On this week's episode we're seeking candidates for unrealistically low-paying CISO positions. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Nir Rothenberg, CISO, Rapyd. Thanks to this week's podcast sponsor Trend Micro. Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit www.trendmicro.com. On this week's episode Why is everyone talking about this now? On LinkedIn, Farhan Khan, a recruiter at CyberApt Recruitment, told a tale of getting a call asking if he could help his company recruit a seasoned CISO for their 300+ person company. He was excited until he found out the salary they were offering the CISO was in the range of $90-$105K. We've talked before about unrealistic CISO salaries before, but this is actually below the rate of entry level cyber positions in the Bay Area. How do CISOs or heck any cybersecurity professional handle someone's unrealistic expectations? Do you say something or just say, "No thank you"? Also, Davi Ottenheimer of Inrupt, brought this story to my attention and argued that high CISO salaries are just attracting fraudsters. Does our panel agree, and if so, what would a company have to be wary of? Mike's Confused. Let’s help him out On previous shows Mike has admitted he would not want to (not confused although that may be part of it) run the IT department. Nir mentioned that he feels that getting out of one's comfort zone is critical, no matter what department you're in. What are the pros and cons of other departments not just being security aware, but taking on cybersecurity responsibilities? And vice versa, cybersecurity taking on other department responsibilities? How far can/should it go? What's Worse?! Too much flexibility or too many restrictions? We’ve got listeners and they’ve got questions Anya Shpilman of Swiss Gulf Partners sent recorded this question: "I'm a recruiter and I specialize in cybersecurity recruitment. At the end of the show everyone says they're hiring. But I have a hard time getting traction from CISOs. So what would you like to see/hear in those initial emails or LinkedIn messages." Go here to record a question to be played on one of our shows. Umm, Is this good idea? I recently published an article on CISO Series entitled "25 API Security Tips You're Probably Not Considering”. The very first tip, from Gary Hayslip, CISO, Softbank Investment Advisers, is K.I.S.S. or Keep It Simple Stupid. I then went on to provide 24 more tips from experts which if you were to deploy them all would in no way be simple. KISS sounds great in theory, but how the heck do you pull it off in practice. Can you point to an example of how you took something that was complicated and simplified it?

The best podcasts have come together to break #LinkedIn. Three #linkedinlive streams, four podcast hosts and one awesome conversation about being in these challenging times. We hope you enjoy it! Our guest for today is the amazing Gary Hayslip! About Hacker Valley Studio: We are Ronald Eddings and Chris Cochran from the Hacker Valley Studio podcast. We explore the human element of cybersecurity programs and technology. Join us on our quest to find inspirational stories and knowledge to elevate ourselves and our communities. About Breaking Into Cybersecurity: This series was created by ☁️ Christophe Foulon, CISSP CRISC ☁️ and Renee Small to share stories of how the most recent cybersecurity professionals are breaking into the industry. Our special editions are us talking to experts in their fields and cyber gurus who share their experiences of helping others break in. #cybersecurity #breakingintocybersecurity #securitypeeps #hackervalleystudio _____________________________________________________________________________ About the hosts: Renee Small is the CEO of Cyber Human Capital, one of the leading human resources business partners in the field of cyber security, and author of the Amazon #1 best-selling book, Magnetic Hiring: Your Company's Secret Weapon to Attracting Top Cyber Security Talent. She is committed to helping leaders close the cybersecurity talent gap by hiring from within and helping more people get into the lucrative cyber security profession. https://www.linkedin.com/in/reneebrownsmall/ Download a free copy of her book at: magnetichiring.com/book Christophe Foulon focuses on helping to secure people and process with a solid understanding of the technology involved. He has over 10 years as an experienced Information Security Manager and Cybersecurity Strategist with a passion for customer service, process improvement and information security. He has significant experience in optimizing the use of technology, while balancing the implications to people, process and information security by using a consultative approach. https://www.linkedin.com/in/christophefoulon/ https://cpfcoaching.wordpress.com --- Support this podcast: https://anchor.fm/breakingintocybersecurity/support

A TNT first! We held an Information Security panel discussion with 3 giants in the field....including John Caruthers (former FBI) and currently a Dir with a major life sciences company, Macy Dennis Chief Security Officer for EVOTEK, and Gary Hayslip a CISO with a multi-national conglomerate.You'll hear them talk about working with the Board of Directors, how they think about threat actors (the bad guys), and how they are dealing with COVID-19. and most importantly... what's fun about working in the Security field?!

Virtual Security Gary Hayslip, CISO at Softbank Investment Advisors, joins the podcast to discuss how he and his team are navigating the challenges posed by a dispersed workforce from cloud adoption to virtual communication tools. As a CISO experienced with the cloud environment, he cautions his peers that 100% cloud does not equal 0% effort; […]

All links and images for this episode can be found on CISO Series (https://cisoseries.com/the-department-of-no-thank-you/) Just go to the front desk, sign in, and then the receptionist will say “no” in the most polite way possible. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Nina Wyatt, CISO, Sunflower Bank. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. On this week's episode There’s got to be a better way to handle this The hot new cybersecurity threat is the Coronavirus. Not the virus itself or the possible fake phishing emails connected to it, but our overall fear and its impact on work. According to data from Boardish, there is a 42% increase over baseline in fear of immobility, or staff not being able to operate effectively remotely. To put that number in perspective, phishing and ransomware have each seen an 8% threat increase. I read immobility's huge number to mean companies are simply not prepared for how their staff may need to operate. What we’ve got here is failure to communicate What's the best way to say 'no' to a vendor? This was a question that was asked of me by Eric Gauthier, CISO at Scout Exchange. He wants to say no because his cloud business has no need for certain services, and he doesn't want to be rude, but just saying no doesn't seem to work. What are the most successful techniques of saying no to a security vendor? And what different kinds of "no" are there? "What's Worse?!" A tough decision on a company built on acquisitions. Walk a mile in this CISO’s shoes For many CISOs, there is a "What's Next?" as they don't necessarily expect "CISO" to be their final resting place professionally. Gary Hayslip, a CISO for Softbank Investment Advisers and frequent guest, wrote on both LinkedIn and Peerlyst about next steps for CISOs who want to move out of the role. The recommendations were other C-level positions, going independent, and starting a new company. On January 2 of this year, parking meters in New York City stopped accepting credit and parking cards. At fault? Security software that had expired on the first day of 2020. Reminiscent of Y2K, this draws attention to the next two time-related bugs predicted for 2036 and 2038. The 2038 problem affects 32-bit systems that rely on timecodes that max out on January 19 of that year. A similar rollover is expected in 2036 for Network Time Protocol systems. In all likelihood, affected systems either have been or will be replaced over the next 18 years, but the dangers still exist, in situations where vulnerable devices remain buried in a legacy system or in cases where advanced calculation of expiry dates are needed, or like New York City, where the upgrade was apparently overlooked.  It serves as a reminder that data security must look to its past while it plans for the future. More from our sponsor ExtraHop. Hey, you're a CISO. What's your take on this? What's the impact of Europe's Right to Be Forgotten (RTFB)? It's been five years and Google has received ~3.2 million requests to delist URLs, from ~502,000 requesters. Forty five percent of those URLs met the criteria for delisting, according to Elie Bursztein, leader of Google's anti-abuse research team. Search engines and media sites hold the greatest responsibility, but what responsibility are companies forced to deal with and do they have the capacity to meet these requests?  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-ciso-tenure/) The CISO has the shortest tenure of any C-level role. Why so brief? Is it the pressure, the responsibility, the opportunities, or all of the above? Check out this LinkedIn discussion to read the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), producer of CISO Series and guest co-host Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. Our guest is John Meakin, CISO, Equiniti. Thanks to this week's podcast sponsor, IBM Security. IBM Security offers one of the most advanced and integrated portfolios of enterprise security products and services. The portfolio, supported by world-renowned IBM X-Force research, provides security solutions to help organizations stop threats, prove compliance, and grow securely. IBM operates one of the broadest and deepest security research, development and delivery organizations. It monitors more than two trillion events per month in more than 130 countries and holds more than 3,000 security patents. On this episode of Defense in Depth, you’ll learn: There's a lot of confusion as to what a CISO needs to do. All job descriptions for CISOs are different. There are humans behind the data and as a result CISOs are tasked with protecting the humans. CISOs can improve their tenure if they seek out a business mentor to allow them to better support the business. CISOs who aren't able to communicate clearly will not last long. It's a CISO's job to communicate in the language of the business, not the other way around. Before the CISO ever arrives, there's a business culture. There's always going to be a natural push back from the business. "Why are you making us change?" A simple walkabout the office can solve a lot of uncertainty. If employees start asking questions about their personal security, that's a good sign the CISO has successfully inserted security into the business culture. Another huge factor that impacts CISO tenure are the increased opportunities. Regulations and privacy laws are pushing companies to get CISOs to provide much needed oversight. What does the reporting structure in your organization mean in regards to the CISO being heard at the executive and board level?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/last-chance-to-vote-for-most-stressed-out-ciso/) Think you or your CISO has what it take to shoulder all the tension, risk, and security issues of your organization? You may be a perfect candidate for "Most Stressed Out CISO". This episode was recorded in person at Zenefits' offices in San Francisco. It's hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Keith McCartney (@kmflgator), CISO, Zenefits. Keith McCartney, CISO, Zenefits and Mike Johnson, co-host, CISO/Security Vendor Relationship Podcast Thanks to this week's podcast sponsor, CyberArk At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. On this week's episode There’s got to be a better way to handle this CISO Stress. We've talked about it before on the show, and now Nominet just released a new study that claims stress levels are increasing. 8% of CISOs said work stress has had a detrimental impact on their mental health, almost twice as high as last year (27%). 31% of CISOs said that stress had affected their ability to do their job. Almost all surveyed CISOs (90%) said they’d take a pay cut if it improved their work-life balance. How could a CISO negotiate better work/life balance upfront and have either of our CISOs done it? Hey, you're a CISO. What's your take on this? Gary Hayslip shared this Peerlyst article by Ian Barwise of Morgan Computer Services about the incredible array of OSINT tools. What OSINT tools do our CISOs find most valuable and for what purposes. What's Worse?! A little too much agreement on this week's "What's Worse?!" Here's some surprising research Why are cloud security positions so much harder to fill? Robert Herjavec of the Herjavec Group posted a number of disturbing hiring statistics. Most notably was one from Cyber Seek that stated jobs requesting public cloud security skills remain open 79 days on average — longer than almost any other IT skills. Why isn't supply meeting demand? Why is it such a difficult security skill to find? And how easy and quickly can you train for it? EKANS is the backward spelling of SNAKE. It is also the name of new ransomware code that targets the industrial control systems in oil refineries and power grids. Not only does it extort a ransom, it also has the ability to destroy software components that do things like monitor the status of a pipeline, or similar critical functions in a power grid or utility. A recently documented attack on Bahrain’s national oil company reveals the architecture and deployment of EKANS not to be the work of a hostile nation-state, but of cybercriminals. The chilling message behind that, of course, is that penetrating and sabotaging critical components of a country’s infrastructure is no longer exclusive to sophisticated national intelligence agencies. Lower level criminal agencies may have motives that are far less predictable and trackable, and when combined with the complexities of an industrial control system, these may have cascading effects beyond the wildest dreams of the instigators themselves. More from our sponsor ExtraHop. What do you think of this pitch? We get a pitch with some suggestions on how best to improve the pitch. We want more pitches!  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/ah-heres-the-problem-youve-got-a-leaky-ceo/) We're waking up the C-suite to the realization that they're the prime target for cyberattacks. This episode was recorded in front of a live audience at Evanta's CISO Executive Summit in Los Angeles. It is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. CISO/Security Vendor Relationship Podcast live at Evanta CISO Executive Summit in Los Angeles 12/11/19 PLUS, joining us live was Jewels Nation, the voice of the CISO Series. You hear her voice on all the bumpers on our podcasts. Jewels Nation, the voice of the CISO Series podcasts, and David Spark, producer of CISO Series Thanks to this week's podcast sponsor Evanta. Evanta, a Gartner Company, creates exclusive communities of C-level executives from the world’s leading organizations. These invaluable networks are built by and for C-level executives to share innovative ideas, validate strategies and solve critical leadership challenges through peer-to-peer collaboration. Evanta’s trusted communities serve CISOs and their C-suite peers around the world. On this week's episode Where does a CISO begin? Gary recently brought up an excellent discussion pointing out that executives are the backdoor into your organization. Do they understand that they're critical cogs? Do they and are they willing to take on responsibility? What is the patching process? Walk a mile in this CISO's shoes Gary, talked a lot about the importance of work/life balance with cyber professionals. Robert Carey of RSA Security said your actions do most of the talking, "As a CISO, you're a model of work life balance. If you stay 14 hours a day, that's what is expected of employees. If you leave at 5pm they'll realize that's ok for them to do." How do our CISOs handle presenting to their staff what is and isn't OK, when they're in the office or when their employees are remote? What's Worse?! You've got a new hire. Which one do you choose? Is this the best solution? Does the email pitch still serve a function? On a recent CISO Series video chat, we talked about how CISOs get 50-80% of their information about products from other CISOs and that yeah maybe sometimes they read an email pitch. Is there still room for the email pitch or should it just die? And if it should die, what should it be replaced with? Security Squares: Where CISOs Put Vendors in Their Place A brand new game that asks CISOs how well do they know the vendor landscape? This one was a nail biter. It’s time for the audience question speed round Our audience has questions, and our CISOs will have answers.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/isnt-that-adorable-our-little-ciso-has-an-opinion/) We're spoon-feeding "respect" to the CISO on this week's CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our sponsored guest this week, thanks to Trend Micro, is Jim Shilts, founder, North American DevOps Group. Thanks to this week's podcast sponsor Trend Micro. Trend Micro Incorporated, a global leader in cybersecurity solutions, helps to make the world safe for exchanging digital information. Our innovative solutions for consumers, businesses, and governments provide layered security for data centers, cloud environments, networks, and endpoints. For more information, visit www.trendmicro.com. On this week's episode Why is everyone talking about this now? Gary Hayslip, CISO, Softbank Investment Advisers and regular guest, posted an article about a growing trend of CISO frustration and why they don't last at an organization. This article addresses many issues around burnout, but I want to focus on this one stat from an ISC(2) study which states, "Sixty three percent of respondents said they wanted to work at an organization where their opinions on the existing security posture were taken seriously." Hard to keep any security staff in place if they're not respected. We talk a lot about being able to talk to the board, but the communications has to be two way. How clear are executives in understanding that respect and listening to their cyberstaff is in their best interest? What annoys a security professional Deidre Diamond of CyberSN, asks this very pointed question, "We are short 500k cyber professionals in the US and 89% of our current cyber professionals are open to new opportunities; why are jobs taking on average 4-9 months to fill?" That last stat is CyberSN's data estimates. She's arguing there is plenty of supply. Why is this taking so darn long? Nobody's happy. What's Worse?! We've got a question tailored for our DevOps guest this week. Please, enough. No, more. DevOps and security. This is a topic that has grown over time, evolved in branding, and Mike has spoken out about how much he don't like the term DevSecOps. As we regularly do in this segment, what have you heard enough of on the DevOps and security debate and what would you like to hear a lot more? Two factor authentication is a smart step towards more secure password management but what happens the moment after you have convinced the employees of your company to adopt 2FA, when you then say, “Oh yes, don’t forget your SIM PIN.” 2FA might stop hackers from using easily searchable information like someone’s mother’s maiden name, but these bad actors have already discovered the weak link in this particular chain. They call the phone provider, pretend to be that specific victim and ask to swap the victim’s SIM account information to a new SIM card – one that is in their possession. That way, everything the victim did with their phone – texting, banking, and receiving 2FA passcodes – all goes to this new phone. More on CISO Series. Check out lots more cloud security tips sponsored by OpenVPN, provider of next-gen secure and scalable communication software. OpenVPN Access Server keeps your company’s data safe with end-to-end encryption, secure remote access, and extension for your centralized UTM. Hey, you're a CISO, what's your take on this? Nigel Hedges, CISO, CPA Australia, asked, "Should security operations exist in infrastructure/operations teams?" Nigel asked this questions to colleagues and got mixed results. One CISO said it was doomed to fail, others said its up to leadership and a CISO doesn't need to own secops. "Other people were adamant that the focus required to manage secops, and streamlined incident response cant work within infra because the primary objectives of infra are towards service availability and infra projects," said Nigel who went on to ask, "Is this important prior to considering using a security vendor to provided managed security operations? Is it important to 'get the house in order' prior to using managed secops vendors? And is it easier to get the house in order when secops is not in infra?"

Context + Value = Informed Decision Making Gary talks about CISOs as business executives specialized in security and risk, understanding context and value in decision making, and the unique environment municipal organizations inhabit. 03:40  CISOs are increasingly making business decisions and viewed as business executives.  05:06  Communication is key in understanding context and value. Then you must […]

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-cybersecurity-excuses/) "I've got all the security I need." "I'm not a target for hackers." These are just a few of the many rationalizations companies make when they're in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond? Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX). Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers. Thanks to this week’s podcast sponsor, Varonis. The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a live cyberattack simulation lab. On this episode of Defense in Depth, you'll learn: Security professionals must endure an endless string of excuses to not improve a security program. On this episode, the ones we saw fall into four categories: "What I've got is good enough", "Denial", "False safety net", "Costs too much time/money". Never rest on what you've got today. Today's configuration is tomorrow's vulnerability. Security is a process, not an end state. There are always issues because humans are involved. Small companies may not have a huge payout, but their defenses are usually weaker making them an easy score. A bunch of small companies add up to a big one. If you have not invested well in a good security program, you are already breached and don't know it. As this show title explains, you can't rely on a single layer of defense (e.g., firewall) to protect you. No CISO is complaining they're spending too much on security. A great security partner is awesome, but you don't hand off your security to someone else. It's a shared responsibility. Don't rely on cyber insurance in the same way you don't leave your front door unlocked even though you've got home insurance.

In this episode, I'm joined by Gary R. Hayslip, Cybersecurity Strategist & CISO. Together we discuss the global impact of cybersecurity mergers & acquisitions, along with the impact that they are having on today's CISOs.  With over 25 years of information technology, security leadership, and risk management experience, Hayslip has an exceptional record of success leading multiple, diverse cross-functional security and risk governance teams in the planning, analyzing and implementation of information security programs to support organizational business objectives. Hayslip is a proven cybersecurity professional; he has established a reputation as a highly skilled communicator, author, and keynote speaker. Hayslip has developed the ability to work within all business channels of an organization and is extremely effective in communicating the nuances of cybersecurity in business/risk terms for executive management and boards of directors. Hayslip’s previous executive roles include multiple CISO, CIO, Deputy Director of IT and Chief Privacy Officer roles for the U.S. Navy (Active Duty), the U.S. Navy (Federal Government employee), the City of San Diego California, and Webroot Software. In all of these roles, Hayslip led diverse teams of 10 – 300 employees and built information technology and security programs from the ground up. He partnered with software development and agile teams, integrating security into innovative workflows and new services. Hayslip collaborated with customers, strategic partners, and executive leadership teams on the deployment of new products, merger & acquisition due diligence services, and the management of his organizations business risks. Hayslip recently co-authored the CISO Desk Reference Guide: A Practical Guide for CISOs – Volumes 1 & 2, which are considered among the leading books on enabling CISOs to expand their leadership and business expertise. He serves as an EvoNexus Selection Committee member, where he reviews and mentors cybersecurity and Internet-of-Things startups. He sits on the board of directors for both the Cyber Center of Excellence and Infragard’s San Diego chapter. Hayslip is an active member of the professional organizations ISC2, ISSA, ISACA, OWASP, and Infragard. He currently holds several professional certifications, including CISSP, CISA, and CRISC. Hayslip has a BS in information systems management from UMUC and an MBA from San Diego State University. LinkedIn Profile: http://www.linkedin.com/in/ghayslip Twitter: @ghayslip --- Send in a voice message: https://anchor.fm/cyberspeakslive/message

The images and links for this episode can be found at CISO Series (https://cisoseries.com/youre-not-going-anywhere-until-you-clean-up-that-cyber-mess/) Our CISOs and Miss Manners have some rules you should follow when leaving your security program to someone else. It's all coming up on CISO/Security Vendor Relationship Podcast. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is newly free agent CISO, Gary Hayslip (@ghayslip). Thanks to this week's podcast sponsor Trend Micro On this week's episode Why is everyone talking about this now? Mike, you asked a question to the LinkedIn community about what department owns data privacy. You asserted it was a function of the security team, minus the legal aspects. The community exploded with opinions. What responses most opened your eyes to the data privacy management and responsibility issue you didn't really consider? Hey, you're a CISO, what's your take on this?' Someone who is writing a scene for a novel, asks this question on Quora, "How does a hacker know he or she has been caught?" Lots of good suggestions. What's your favorite scenario? And, do you want to let a hacker know he or she has been caught, or do you want to hide it? What circumstances would be appropriate for either? What's Worse?! Mike decides What's Worse?! and also what's good for business. First 90 days of a CISO Paul Hugenberg of InfoGPS Networks asks, "What fundamentals should the CISO leave for the next, as transitions are fast and frequent and many CISOs approach their role differently. Conversely, what fundamentals should the new CISO (or offered CISO) request evidence of existence before saying YES?" Mike, this is a perfect question for you. You exited and you will eventually re-enter I assume as a CISO. What did you leave and what do you expect? Ask a CISO Fernando Montenegro of 451 Research asks, "How do you better align security outcomes with incentives?" Should you incentivize security? Have you done it before? What works, what doesn't? Imagine how hard it would be to live in a house that is constantly under attack from burglars, vandals, fire ants, drones, wall-piercing radar and virulent bacteria. Most of us are used to putting a lock on the door, cleaning the various surfaces and keeping a can of Raid on hand for anything that moves in the corner. But could you imagine keeping a staff of specialists around 24/7 to do nothing but attack your house in order to find and exploit every weakness?

The storytelling CISO who leads by example Gary points out that a CISO’s hardest job is to help executives understand the value of cybersecurity and shares that storytelling is invaluable in gaining trust and promoting understanding. 02:34 In a breach the CISO does not own 100 percent of the blame. 03:46 CISO’s help manage risk, […]

Gary Hayslip is a very seasoned Chief Information Security Officer with experience across multiple domains like the Department Of Defense, City Agency, and Private Sector.  In this episode, we learn from Gary about the evolution of the CISO role, the modern challenges CISO's face, and all other things related to the day in the life of a CISO.   https://www.linkedin.com/in/ghayslip/ https://www.amazon.com/CISO-Desk-Reference-Guide-Practical/dp/0997744111 https://chewbooks.com/product/ciso-desk-reference-guide-volume-2-a-practical-guide-for-cisos/?gclid=EAIaIQobChMIodPq-ruq4gIVgbbACh32PQgzEAQYAyABEgLsOPD_BwE

Are CISOs the most stressed individuals on a security team, or do mental health issues affect everyone in security? Check out this post and discussion for the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the creator of CISO Series and Allan Alford (@AllanAlfordinTX), CISO at Mitel. Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Webroot. Thanks to this week’s podcast sponsor, Praetorian As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts. On this episode of Defense in Depth, you'll learn: You have to come to an acceptance that a security program that's at 90 percent is good enough. Accept that you will never reach the end of the tunnel. You'll never have a perfect defense. The CISO's role is that of a change agent and depending on the depth of your relationship, you may get push back. Don't underestimate the impact you're trying to make on the business culture. Organizations can only change in increments. Stressing that will generate stress in you, the security professional. Since security touches every department and you need to engage with every department, you will deal with a lot of personalities. In addition to dealing with all the departments, you won't have authority over them, but you will be perceived as accountable for their security issues. The business needs to own security and its relevant risk. Don't fall into impostor syndrome where you chronically feel you're doing a bad job. Accept small wins. Break up huge projects into smaller chunks and celebrate those wins.

Unusual Gathering | Episode XVII Conversations At The Intersection Of IT Security And Society that is also part of our Chats On The Road To RSA Conference | San Francisco 2019 Guests Gary Hayslip | Rick McElroy Hosts Sean Martin | Marco Ciappelli This Episode: Why the Role of CISO Sucks and What We Should Do to Fix It! This is a conversation about a topic very dear to us here at ITSPmagazine; it is not by accident that one of our first columns when we started our publication was ‘An Infosec Life,’ and since then many cybersecurity professionals have joined our podcasts, sharing their stories with us and, of course, with our audience. Both Gary and Rick have been on a number of our podcasts and webcasts, and it makes us proud to know that we have contributed to bringing this very important topic to the large stage of RSA Conference! Thanks to our episode sponsors: Edgescan - https://www.itspmagazine.com/company-directory/edgescan Bugcrowd - https://www.itspmagazine.com/company-directory/bugcrowd STEALTHbits - https://www.itspmagazine.com/company-directory/stealthbits Learn more about sponsoring the Unusual Gatherings Podcasts: https://www.itspmagazine.com/talk-show-sponsorships Learn more about supporting our quest by joining us on Patreon If you can donate $1/month, you can help us to make a difference. https://www.patreon.com/itspmagazine Would you like to participate in more Unusual Gatherings? No problem ... https://www.itspmagazine.com/itspmagazine-unusual-gatherings/

Our guest is Gary Hayslip. He's vice president and chief information security officer at Webroot, a cybersecurity and threat intelligence company. Prior to joining Webroot he was the CISO for the city of San Diego, and before that served active duty with the U.S. Navy and as a U.S. Federal Government employee. He's the author of the "CISO Desk Reference Guide," and is an active cyber evangelist and popular keynote speaker. He shares his thoughts on team building, recruiting talent in a highly competitive jobs market, and the importance of actionable threat intelligence.

Our guest is Gary Hayslip. He’s vice president and chief information security officer at Webroot, a cybersecurity and threat intelligence company. Prior to joining Webroot he was the CISO for the city of San Diego, and before that served active duty with the U.S. Navy and as a U.S. Federal Government employee. He’s the author of the "CISO Desk Reference Guide," and is an active cyber evangelist and popular keynote speaker. He shares his thoughts on team building, recruiting talent in a highly competitive jobs market, and the importance of actionable threat intelligence.

LeetSpeak with Alissa Knight Episode 1: Digital Transformation Special Guests: Derek Cheng, CISO of Electronic Arts; Gary Hayslip, CISO of City of San Diego Vendors Covered: CyberFlow Analytics; Carbon Black; Cylance; Nessus; and more!

During our week in San Francisco for the RSA Conference 2018, we wanted to meet and have a chat with our friends at Webroot: Gary Hayslip, VP and Global CISO, and Tom Caldwell, Senior Director of Engineering. We are actually planning to have more in-depth conversations about the present and future of cybersecurity for businesses and consumers when we meet again in Las Vegas this August, during Black Hat 2018, We were curious to know their opinion about this year’s conference, the most discussed topics and trends, and what the present and near future of IT security looks like for small and medium businesses. There seems to be a movement towards platforms and orchestration of connected technology via API, and nobody wants to be the technology company standing by itself. Even the big guys are becoming platforms that can be customized according to the specific needs of their clients. AI and Machine Learning can help detection, but unfortunately, SMBs can be overwhelmed by these strategy and technology changes when it comes to the use of Artificial Intelligence to analyze data and operate effective threat hunting. There is a big gap between what enterprises can utilize and what small business can afford. The level of complexity in cybersecurity has become so broad and so deep that no company can take on the responsibility of covering and protecting a business entirely, and yet there are marketing buzzwords and messages out there that hint towards such a snake oil selling strategy. The most critical first step for SMBs is to cover the basics. Statistically, until a business reaches 200 - 300 employees, it is probably not financially mature enough to have an internal IT department. Also, as we just mentioned, the level of cyber attacks complexity is too high even for large corporations, to be 100% protected So, even if IMSPs (integrated managed services providers) are starting to cover SMBs’ cybersecurity needs, whatever those may be, it is essential for these businesses to resist the alluring temptation of "snake oil" salespeople and know what their priority is when it comes to their cybersecurity needs.

 For example, audit and inventory — how can you protect something that you do not know that you have? How is your system working, what is on your network, and what are the most critical assets to defend?

Only at that point can an SMB start leveraging the latest technologies, including some of the latest AI and machine learning solutions, and stay within their limited budget, even with IMSPs solutions. SMBs are not attending conferences like RSA because they are geared towards enterprise and high-level tech audiences, but SMBs are becoming more aware of the cybersecurity landscape and the fact that security is becoming a necessity to keep their business alive. Listen to this interesting conversation if you care about your business, no matter what size it is. There is something to learn for everyone and learning, education, and knowledge of what is happening in our cyber society and how to leverage the positive and mitigate the negative is an essential first step. 

How can you go in the right direction if do not know what the right direction is? It was great to talk about the present status of cybersecurity with Gary and Tom, and we are most definitely looking forward to continuing this conversation in Las Vegas.

 We will pick up from where this conversation leaves off. Let’s listen…

Comic books, information security, and family discussions of best security practices around the dinner table. Gary and Sam reminisce about their military careers and how they got started, as well as what they’ve learned about security from raising children and reading sci-fi novels. The post Gary Hayslip – VP & global CISO, Webroot inc appeared first on Malicious Life.

The city of San Diego is a $4 billion business and it doesn’t shut down. As you’ll hear in this discussion between Gary Hayslip, the city’s CISO, and David Cass, Global CISO IBM Cloud and SaaS, San Diego is a smart city which is continuously rolling out new technologies to facilitate 'the business' while bolstering its security. In this podcast, recorded during the RSA Conference, Hayslip talks about joining the city as its first CISO some three years ago and how he established a five-year-plan which leveraged established frameworks like the National Institute of Standards and Technology (NIST) to increase the security of the city and its 24 networks and 40 departments. The two also discuss ‘cloud first’ initiatives, resilient networks and the role of the CISO, which Hayslip provides practical guidance on with his book “A CISO Desk Reference Guide: A Practical Guide for CISOs.”

In today's podcast, we talk about hybrid warfare, with disinformation, cyber espionage, and spyware infestations—we also hear calls for norms of cyber conflict. BugDrop is active in Ukraine, and researchers see some cut-and-paste oddness slip from Fancy Bear's paws. A new X-Agent variant is out: this one infects Macs. Ransomware thumbs its nose at security products. A look at RSA trends as the conference closes. A converation with City of San Diego CISO and author Gary Hayslip. Rick Howard from Palo Alto Networks on a new addition to the Cyber Canon that's all about DevOps. And where do we get one of those "Has no purchase authority" T-shirts?