Podcasts about peerlyst

(0:27) Irvine's sunsets are crazy and Detroit's EDM scene is wild(4:50) ​​Andrew's kicking off his interview series Product People(7:41) Sean is a fanboy of Return on Security(10:20) It's not all about the VC outreach(12:19) Product Management is such a weird industry(19:50) There aren't many good online security communities for intermediates(23:47) There's a difference between having a fan base and having a community(29:01) Sean hypothesizes the history between lawyers and legal pads(31:52) Making or finding the perfect feedback tool: easier said than done(36:42) Our Small EffortsThanks for listening to Small Efforts, a podcast collaboration between Krit and Miscreants. Shoutout to the Hatch Team and Mary Vuong for producing and editing.Shoutouts: Information on Peerlyst - https://www.crunchbase.com/organization/peerlyst Product People: https://www.krit.com/newsletter Return on Security: https://www.returnonsecurity.com/  User Snap: https://usersnap.com/  0x00sec - https://0x00sec.org/  Links: Andrew's Twitter: @AndrewAskins Krit: https://www.krit.com/  Miscreants: https://www.miscreants.co/  Sean's Twitter: @seanqsun Hatch Team: https://www.hatch.team/ For more information about the podcast, check out https://www.smalleffortspod.com/.

In this episode of CISO Talk, James Azar hosts Brent Hutfless as the two discuss Brent's path into cybersecurity and leadership and the art of practicing cybersecurity. Should we start to view cybersecurity like Medicine… you won't want to miss the discussion around this topic and its conclusion!   Tune in to this amazing podcast and make sure to subscribe and comment Brent's Bio: I have built and led information security and technology programs, projects and teams for over a decade. By identifying risks and developing a mitigation strategy that fits the business, organizations move beyond the fear, uncertainty and doubt surrounding cyber security. Before transitioning into gaming and hospitality in 2017, I worked in manufacturing, healthcare, training, education, aviation, and defense related industries. For me, leadership means listening to ideas, encouraging professional development, promoting collaboration, and supporting the efforts and people that lead to success. A Navy veteran, I was fortunate to serve with dynamic leaders and great mentors who I have tried to emulate as my career has progressed. Presenting topics like hacking, the dark web, identity theft, and the reach of foreign espionage provides interesting opportunities to educate, entertain and promote conversations that lead to change. Published articles on CSOonline, Peerlyst, LinkedIn, Tripwire, and have contributed to textbooks and a peer-reviewed study on PTSD resiliency. ★ ABOUT ME ★ I lived overseas for three years, have been to four of the six habitable continents, and look forward to visiting the other two. Beyond spending time with my family, my hobby is classic cars. I am currently restoring a 1966 Chevy Impala, with a 1929 Model A Ford waiting in the wings. Fun fact: disassembled cars take up 3 times the space of a complete car. I overcame much of my fear of heights by rock climbing on the sheer cliff faces of Tarifa, Spain with friends… great scenery and a lot of encouragement helped. I have performed two wedding ceremonies for family and friends, an amazing and humbling experience that I will always cherish.   Brent's Linkedin Profile: https://www.linkedin.com/in/hutfless/   CISO Talk is supported by these great partners please make sure to check them out: KnowBe4: https://info.knowbe4.com/phishing-security-test-cyberhub  Whistic: www.whistic.com/cyberhub   **** Find James Azar Host of CyberHub Podcast, CISO Talk, Goodbye Privacy, Tech Town Square, Other Side of Cyber and CISOs Secrets James on Linkedin: https://www.linkedin.com/in/james-azar-a1655316/ James on Parler: @realjamesazar Telegram: CyberHub Podcast   ****** Sign up for our newsletter with the best of CyberHub Podcast delivered to your inbox once a month: http://bit.ly/cyberhubengage-newsletter   ****** Website: https://www.cyberhubpodcast.com Youtube: https://www.youtube.com/channel/UCPoU8iZfKFIsJ1gk0UrvGFw Facebook: https://www.facebook.com/CyberHubpodcast/ Linkedin: https://www.linkedin.com/company/cyberhubpodcast/ Twitter: https://twitter.com/cyberhubpodcast Instagram: https://www.instagram.com/cyberhubpodcast Listen Here: https://linktr.ee/CISOtalk   The Hub of the Infosec Community. Our mission is to provide substantive and quality content that's more than headlines or sales pitches. We want to be a valuable source to assist those cybersecurity practitioners in their mission to keep their organizations secure.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/set-it-forget-it-reset-it-repeat/) As long as you reset it and repeat, everything in cybersecurity is "set it and forget it". This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Brett Conlon (@DecideSecurity), CISO, Edelman Financial Engines. Check out Tricia Howard's dramatic readings of cold emails. Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner’s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com. On this week's episode Why is everybody talking about this now On LinkedIn and on Twitter, I asked "Is there anything in cybersecurity that's 'set it and forget it'?" There were plenty of funny answers like "Passwords" and the "Off" switch. But there were some interesting answers like whitelists from Brian Haugli of Sidechannel security and ethics from Stephen Gill of Russel Holdings. So many treat security as "set it and forget it" but we know that's a path to insecurity. Regardless, is there ANYTHING in security we can set and forget? Question for the board Our guest claims he's got an awesome board. I don't think we've ever heard that on our show. In most cases there's either fear of the board or the CISO doesn't even get direct conversation with the board. I asked our guest what is it about his board that's so awesome and what tips could he give to CISOs to move their board into that territory? What's Worse?! Who is going to handle physical assets the worst? If you haven’t made this mistake, you’re not in security Alexander Rabke, Splunk, asked, "How should sales people handle situations when, in fact, you are a security company with a security vulnerability (he also talked about a product not working) - what do you tell customers. How do you like to see this handled by the vendor?" I know a first response is to be honest, but they want to hold onto your business. What's a way salespeople could go about doing that? What do you think of this pitch? We're not talking vendor pitches in this segment. We're talking candidate pitches. Gary Hayslip, CISO, Softbank Investment Advisers and former guest on this show has an article on Peerlyst, a platform which is unfortunately going away, about finding your first job in security. Hayslip's first tip asks, "What information do you have?" Researching yourself is good advice, but I want to extend that to a question that I think puts you ahead of the pack and ask, "What's your unfair advantage?" It's a question that I heard investor Chris Sacca ask startups and I think it can also apply to individuals applying for jobs. Agree? If so, what are some good unfair advantages from candidates that have put them over the top?

Cindy Padnos is an innovator and an advocate for all things entrepreneurial. She is a founder (both of a VC-backed tech startup and a VC firm), with a passion for enabling experimentation that can lead to the discovery of new business models and unique points of leverage. Cindy bleeds B2B/Enterprise Tech – gaining the moniker “Queen B2B” and a place at the table with the top institutional investors in the category. Cindy has been working with enterprise technology startups for more than 20 years - as a founder, operating executive, adviser, or investor. She founded Illuminate Ventures, a seed and early-stage venture capital firm that invests exclusively in enterprise cloud and mobile software companies. Illuminate seeks entrepreneurs that are "re-inventing the enterprise" with products that deliver dramatic productivity and decision making improvements while leveraging better, faster, cheaper - cloud technologies and innovative business models. Prior to her investing career, Cindy led several successful venture-backed entrepreneurial efforts. She was the founder/CEO of Vivant (now part of Oracle) an early Software as a Service (SaaS) company. She was CEO of Acumen, orchestrating a profitable M&A, and VP Marketing for Scopus, helping position this early CRM company for its successful IPO. Early in her career, Cindy served as a management consultant at Booz Allen and Arthur D Little. Illuminate is particularly interested in companies delivering: - B2B SaaS applications and infrastructure - Application of AI and blockchain technologies to the Enterprise - Enterprise mobile solutions - Predictive and prescriptive analytics that improve business results - Business model innovation enablers - Industrial Internet of Things (IIoT)” Cindy is also an investor at various companies, such as Jacobi, Cafe X Communications, Bedrock Analytics, Peerlyst, ChannelEyes, Pyze Inc., JetStream Software Inc. Influitive, Hoopla Software, Xoupang, Contentstack, BrightEdge, and Allocadia. During this interview we cover: 00:00 - Intro 02:09 - Early SaaS Experience from Raising VC Capital to Acquisition 15:00 - The Decision Behind Illuminate Ventures and Transformation to what it is today (Metrics) 22:21 - Experience & Perspective on the Volatility of Deal Flow Investments with the COVID-19 Pandemic 24:10 The Value of a Dollar & Current Challenges in the COVID-19 Environment 26:18 How Founders Deal with the Slow Down in Decision to Buy or Renew Software from Customers and Some Strategies for the New Normal 31:34 What Illuminate Ventures Share with Startups Beyond Capital Support 38:46 What is a Founder Heroic & Why Any Founder Should Aim to Become One 40:54 Cindy's Winner Startup Criteria for Investing 42:29 Cindy's Turn Down Startup Criteria for not Investing Mentions Terms: - https://www.techopedia.com/definition/9339/shelfware (Shelfware) - https://www.investopedia.com/terms/r/rrsp.asp (RRSP) People: - http://www.illuminate.com/employees/jennifer-savage/ (Jennifer Savage) - https://www.linkedin.com/in/ken-goldman-552a472/ (Ken Goldman) - https://es.wikipedia.org/wiki/Michael_Stonebraker (Michael Stonebraker) - https://www.linkedin.com/in/christophercabrera/ (Chris Cabrera) - https://www.youtube.com/watch?v=I9M_zqZgmFk (Gary Swart) "The future of work Ep." Companies: - http://www.illuminate.com/ (Illuminate VC) - Vivant Corp. - https://aws.amazon.com (AWS) - https://www.oracle.com/assets/technology-price-list-070617.pdf (Oracle) - https://cloud.google.com/products (Google) - https://azure.microsoft.com/en-us/ (Azure) - https://es.wikipedia.org/wiki/PeopleSoft (People Soft ) - https://www.sap.com/trends/cloud-solutions/saas.html (SAP) - Evolve - http://www.expressventures.com (Express Ventures) - https://www.ariba.com (Ariba) - http://xactlycorp.com (Xactly) - https://www.vistaequitypartners.com (Vista) - https://www.brightedge.com/glossary/world-search-engines (BrightEdge) -...

Each week from his Zero Day Studios™, cybersecurity expert Scott Schober discusses the most terrifying and apocalyptic cyber scenarios including ransomware, breaches, identity theft, IoT device security and more with fellow experts to find out what keeps us up at night. This week, Magda Chelly offers her unique perspective. Magda Chelly is the Managing Director of Responsible Cyber Pte. by day, and a cyber feminist hacker by night. She is Magda Lilia Chelly. Magda is the brand ambassador of Peerlyst, one of the strongest InfoSec online communities. She spends most of her time supporting chief information security officers in their cyber security strategy and roadmap. She reviews technical architectures, cloud migrations, and digital transformations and is continuously raising cyber security awareness & diversity at a global scale. She is currently based in Singapore, with a global reach through her company in 19 locations worldwide. She speaks five languages fluently, and has a PhD in Telecommunication Engineering with a subsequent specialization in cyber security. She also was recently nominated as global leader of the year at the Women in IT Awards 2017, and TOP 50 cyber security influencer globally. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.

Each week from his Zero Day Studios™, cybersecurity expert Scott Schober discusses the most terrifying and apocalyptic cyber scenarios including ransomware, breaches, identity theft, IoT device security and more with fellow experts to find out what keeps us up at night. This week, Magda Chelly offers her unique perspective. Magda Chelly is the Managing Director of Responsible Cyber Pte. by day, and a cyber feminist hacker by night. She is Magda Lilia Chelly. Magda is the brand ambassador of Peerlyst, one of the strongest InfoSec online communities. She spends most of her time supporting chief information security officers in their cyber security strategy and roadmap. She reviews technical architectures, cloud migrations, and digital transformations and is continuously raising cyber security awareness & diversity at a global scale. She is currently based in Singapore, with a global reach through her company in 19 locations worldwide. She speaks five languages fluently, and has a PhD in Telecommunication Engineering with a subsequent specialization in cyber security. She also was recently nominated as global leader of the year at the Women in IT Awards 2017, and TOP 50 cyber security influencer globally. Scott Schober is a #cybersecurity and wireless technology expert, author of Hacked Again, host of 2 Minute CyberSecurity Briefing video podcast and CEO of Berkeley Varitronics Systems who appears regularly on Bloomberg TV, Fox Business & Fox News, CGTN America, Canadian TV News, as well as CNN, CBS Morning Show, MSNBC, CNBC, The Blaze, WPIX as well as local and syndicated Radio including Sirius/XM & Bloomberg Radio and NPR.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/keep-pouring-ill-tell-you-when-ive-had-enough-security/) When do we hit the diminishing returns of too much cybersecurity? How will we know? Will a bell go off? Will our cup runneth over? This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Tony Sager, svp, chief evangelist, Center for Internet Security. Thanks to this week's podcast sponsor, AppOmni. AppOmni is the leading provider of SaaS security and management platform for the enterprise. AppOmni provides unprecedented data access visibility, management and security of SaaS, enabling organizations to secure mission-critical and sensitive data. With AppOmni, organizations can automatically and continuously enforce rules for data access, data sharing and third-party applications. On this week's episode Looking down the security roadmap Dean Webb of ForeScout asked this great question on Peerlyst. "What are the things that are the hardest to fix that leave organizations the most vulnerable?" These are not the quick security fixes or low hanging fruit, but rather the big projects that nobody wants that often never get finished. What are they and is there any way to make them not so painful? It’s time for “Ask a CISO” sitdownson on reddit's AskNetSec asked, "How and when did you decide to specialize?" Sultan_of_Ping answered, "For most people it's not a decision, the specialization comes to them." Do you get a taste of everything and then determine which one you're passionate about? Do you read market demands (e.g. cloud security) and go in that route? What have you seen your colleagues do? What's Worse?! A "What's Worse?!" first - FOUR scenarios. Which one is worst? Here's some surprising research We're revisiting the Verizon Data Breach Investigations Report. Tony's organization, Center for Internet Security had a hand in the report and specifically at the end where you map the CIS top 20 to the breach findings. In particular, the report notes that there are 171 safeguards that are grouped based on the resources and risks the organizations are facing. Has anything shifted significantly in this most recent report? What’s the return on investment? Tip of the hat to Norman Hunt, Deputy CISO, GEICO, who sent this article from HelpNet Security about a study on CEOs and CISOs approaches to "When is security enough security?" There seems to be a disparity with CEOs being more confident with the security that CISOs. I have to assume that mature understanding of risk is the biggest contributor, and the nature of the job of a CISO who sees more threats than the CEO, but only in a cyber context. A CEO sees all the other risks. What causes such swings in opinions?

All links and images for this episode can be found on CISO Series (https://cisoseries.com/the-department-of-no-thank-you/) Just go to the front desk, sign in, and then the receptionist will say “no” in the most polite way possible. This week's episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Nina Wyatt, CISO, Sunflower Bank. Thanks to this week's podcast sponsor, CyberArk. At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. On this week's episode There’s got to be a better way to handle this The hot new cybersecurity threat is the Coronavirus. Not the virus itself or the possible fake phishing emails connected to it, but our overall fear and its impact on work. According to data from Boardish, there is a 42% increase over baseline in fear of immobility, or staff not being able to operate effectively remotely. To put that number in perspective, phishing and ransomware have each seen an 8% threat increase. I read immobility's huge number to mean companies are simply not prepared for how their staff may need to operate. What we’ve got here is failure to communicate What's the best way to say 'no' to a vendor? This was a question that was asked of me by Eric Gauthier, CISO at Scout Exchange. He wants to say no because his cloud business has no need for certain services, and he doesn't want to be rude, but just saying no doesn't seem to work. What are the most successful techniques of saying no to a security vendor? And what different kinds of "no" are there? "What's Worse?!" A tough decision on a company built on acquisitions. Walk a mile in this CISO’s shoes For many CISOs, there is a "What's Next?" as they don't necessarily expect "CISO" to be their final resting place professionally. Gary Hayslip, a CISO for Softbank Investment Advisers and frequent guest, wrote on both LinkedIn and Peerlyst about next steps for CISOs who want to move out of the role. The recommendations were other C-level positions, going independent, and starting a new company. On January 2 of this year, parking meters in New York City stopped accepting credit and parking cards. At fault? Security software that had expired on the first day of 2020. Reminiscent of Y2K, this draws attention to the next two time-related bugs predicted for 2036 and 2038. The 2038 problem affects 32-bit systems that rely on timecodes that max out on January 19 of that year. A similar rollover is expected in 2036 for Network Time Protocol systems. In all likelihood, affected systems either have been or will be replaced over the next 18 years, but the dangers still exist, in situations where vulnerable devices remain buried in a legacy system or in cases where advanced calculation of expiry dates are needed, or like New York City, where the upgrade was apparently overlooked.  It serves as a reminder that data security must look to its past while it plans for the future. More from our sponsor ExtraHop. Hey, you're a CISO. What's your take on this? What's the impact of Europe's Right to Be Forgotten (RTFB)? It's been five years and Google has received ~3.2 million requests to delist URLs, from ~502,000 requesters. Forty five percent of those URLs met the criteria for delisting, according to Elie Bursztein, leader of Google's anti-abuse research team. Search engines and media sites hold the greatest responsibility, but what responsibility are companies forced to deal with and do they have the capacity to meet these requests?  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/buy-our-product-we-have-no-idea-what-were-selling/) What do you think of our confusing non-descriptive ad copy? We think it’s brilliant. We’re patting ourselves on the back on the latest episode of CISO/Security Vendor Relationship Podcast. This episode was recorded in front of a live audience in NYC at the coworking space, Rise NYC. It's hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and JJ Agha, vp, head of information security at WeWork. Our guest is Mike Wilkes (@eclectiqus), CISO, ASCAP. David Spark, producer, CISO Series, JJ Agha, vp, head of information security, WeWork, and Mike Wilkes, CISO, ASCAP Thanks to this week's podcast sponsor, Check Point It's no secret that today's cyber attacks are targeted and sophisticated. Leaving even one point of entry vulnerable to a cyber attack endangers your entire organization. Check Point created the Secure Your Everything Resource Center to help you develop a comprehensive approach to prevent cyber attacks. On this week's episode There’s got to be a better way to handle this How well are you configuring your controls today and tomorrow? At RSA, I chatted with Adam Glick, CISO, Rocket Software. He said what he'd like is a tool to test the maturity of his deployed controls. How are his controls optimized over time? What does it looks like today vs. a year from now? How are we currently trying to solve that problem and what could be done to improve it? Hey, you're a CISO, what's your take on this? "Which cybersecurity certification should I get?" It's a question I see repeated often, especially on Quora and Peerlyst. Your best bet would probably be the one that most employers are looking for. And according to job board searches, conducted by Business News Daily, CISSP is the overwhelming favorite. Do our CISOs prefer certain certifications over others? Is it a requirement for hiring? And what does a security professional with certifications vs. experience tell us about that person? What’s Worse?! Split decisions on both and the audience plays along as well. Is this the best use of my money? "One of the common complaints I repeatedly hear is that cybersecurity vendors are not solving real problems. They're just looking to make money. I think that's a rather unfair blanket statement, but regardless, I hear it a lot. I think why I hear that so often is that we're all in the cybersecurity fight together and we need to help each other. Helping each other is often done by participating in the open source community. Why is it critical to contribute to the open source community? Um... What do they do? I read copy that appeared on various booths at RSA 2020. Most are confusing and non-descriptive and don’t appear to assume a pre-existing understanding of cybersecurity. The expo hall at RSA is filled with security professionals who are already security minded. I honestly don't know exactly the reaction they're looking to get or what type of information these vendors are trying to convey. Audience question speed round We close out the show with a series of quick answers to audience questions.

All links and images for this episode can be found on CISO Series (https://cisoseries.com/last-chance-to-vote-for-most-stressed-out-ciso/) Think you or your CISO has what it take to shoulder all the tension, risk, and security issues of your organization? You may be a perfect candidate for "Most Stressed Out CISO". This episode was recorded in person at Zenefits' offices in San Francisco. It's hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Keith McCartney (@kmflgator), CISO, Zenefits. Keith McCartney, CISO, Zenefits and Mike Johnson, co-host, CISO/Security Vendor Relationship Podcast Thanks to this week's podcast sponsor, CyberArk At CyberArk, we believe that sharing insights and guidance across the CISO community will help strengthen security strategies and lead to better-protected organizations. CyberArk is committed to the continued exploration of topics that matter most to CISOs related to improving and integrating privileged access controls. On this week's episode There’s got to be a better way to handle this CISO Stress. We've talked about it before on the show, and now Nominet just released a new study that claims stress levels are increasing. 8% of CISOs said work stress has had a detrimental impact on their mental health, almost twice as high as last year (27%). 31% of CISOs said that stress had affected their ability to do their job. Almost all surveyed CISOs (90%) said they’d take a pay cut if it improved their work-life balance. How could a CISO negotiate better work/life balance upfront and have either of our CISOs done it? Hey, you're a CISO. What's your take on this? Gary Hayslip shared this Peerlyst article by Ian Barwise of Morgan Computer Services about the incredible array of OSINT tools. What OSINT tools do our CISOs find most valuable and for what purposes. What's Worse?! A little too much agreement on this week's "What's Worse?!" Here's some surprising research Why are cloud security positions so much harder to fill? Robert Herjavec of the Herjavec Group posted a number of disturbing hiring statistics. Most notably was one from Cyber Seek that stated jobs requesting public cloud security skills remain open 79 days on average — longer than almost any other IT skills. Why isn't supply meeting demand? Why is it such a difficult security skill to find? And how easy and quickly can you train for it? EKANS is the backward spelling of SNAKE. It is also the name of new ransomware code that targets the industrial control systems in oil refineries and power grids. Not only does it extort a ransom, it also has the ability to destroy software components that do things like monitor the status of a pipeline, or similar critical functions in a power grid or utility. A recently documented attack on Bahrain’s national oil company reveals the architecture and deployment of EKANS not to be the work of a hostile nation-state, but of cybercriminals. The chilling message behind that, of course, is that penetrating and sabotaging critical components of a country’s infrastructure is no longer exclusive to sophisticated national intelligence agencies. Lower level criminal agencies may have motives that are far less predictable and trackable, and when combined with the complexities of an industrial control system, these may have cascading effects beyond the wildest dreams of the instigators themselves. More from our sponsor ExtraHop. What do you think of this pitch? We get a pitch with some suggestions on how best to improve the pitch. We want more pitches!  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/youre-mistaken-im-not-annoying-its-chutzpah/) We're pushing just to the edge of irritation on the latest episode of CISO/Security Vendor Relationship Podcast. This episode was recorded in front of a live audience in Tel Aviv on the eve of the 2020 Cybertech conference. Special thanks to Glilot Capital for hosting this event. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and my special guest co-host, Bobby Ford, global CISO for Unilever. Our guest is John Meakin, veteran financial CISO, and currently CISO for Equiniti. David Spark, producer, CISO Series, Bobby Ford, CISO, Unilver, and John Meakin, CISO, Equiniti. Thanks to this week's podcast sponsors, Polyrize and Intsights. As newly adopted SaaS and IaaS services add an additional layer of risk for security teams, Polyrize provides a cloud-centric approach to simplifying the task of protecting user identities and their access across the public cloud by right-sizing their privileges and continuously protecting them through a unified authorization model. IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. To learn more, visit intsights.com. On this week's episode How do you go about discovering new security solutions? In an article on LinkedIn entitled, "Why do CISOs take a vendor meeting?" Dutch Schwartz, of AWS said that they take meetings per a recommendation of their staff, their peers, or they have an explicit problem that they've already researched, or they have known unknowns. Are those the reasons to take a meeting with a security vendor? We discuss what meetings CISOs take, and which ones are the most attractive. It's time for "Ask a CISO" Israel is known for a thriving startup community. But what I always see is cross pollination between Israel and Silicon Valley when it comes to startups. We discuss what Israeli startups can learn from Silicon Valley and vice versa. What's Worse?! We've got two rounds. One agreement and one split vote. It’s time to measure the risk Five years ago I wrote an article for CIO.com about the greatest myths of cloud security, The first myth was the cloud is inherently insecure. And the other 19 are ones I'm still hearing today. My conclusion for the whole article was if you can overcome these myths about cloud security, you can reduce risk. In this segment we dispel cloud security myths and explain how the cloud helps reduce risk possibly in ways many of us are not aware. Close your eyes. Breathe in. It’s time for a little security philosophy. On this podcast we talk a lot about CISOs needing to understand the business. In a thought-provoking post on Peerlyst, Eh-den Biber, a student of information security at Royal Holloway, University of London, noted that the job of cybsecurity is more than that. It's about understanding the flow of business and being present in the individuals' lives and their stories. We discuss the importance of being present in your users' lives. It's time for the audience question speed round The audience has questions and our CISOs have answers. We get through a lot really quickly.  

All links and images for this episode can be found on CISO Series (https://cisoseries.com/revisiting-a-whole-career-of-cyber-screw-ups/) This episode was recorded in front of a live audience at Malwarebytes' offices in Santa Clara, California for the Silicon Valley ISSA chapter meeting. This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest is Peter Liebert, former CISO, state of California. Peter is now an independent consultant and commander of cyber operations for California State Guard. (left to right) David Spark, producer, CISO Series, Mike Johnson, co-host, CISO/Security Vendor Relationship Podcast, and Peter Liebert, commander, cyber operations, California State Guard Thanks to this week's podcast sponsor, Malwarebytes. Malwarebytes secures endpoints, making workplaces resilient. Our adaptive cyber protection predicts and detects attacks with multi-layer detection across the kill chain. We enable active threat response with machine learning that is actionable and automated, allowing for full recovery when a compromise occurs. We empower enterprise endpoint orchestration across siloed IT and Security organizations, simplifying security management and making responses effective. Malwarebytes makes endpoints resilient so workplaces can protect and remediate, and employees can regain control of their digital lives. On this week's episode Why is everybody talking about this now? Chris Roberts of Attivo Networks posted about his video game addiction as he admitted one certain game ate up 475 hours of his life. He really struck a chord with the community as he got hundreds of comments of people admitting to the same but also recognizing that video games are great stress relievers and that the problem solving in games actually helps keep your mind sharp. There is the obvious need for a break, but is there a correlation between how gaming in any form can help someone with their job in cybersecurity? Hey, you're a CISO, what's your take on this?' Are we doing a good job defining the available jobs in cybersecurity? The brand that we see out there is the image of the hacker and the hoodie. In a post on Peerlyst, Nathan Chung lists off eleven other cybersecurity jobs that don't fall under that well known cybersecurity trope. Jobs such as data privacy lawyers, data scientists developing AI and machine learning algorithms, law enforcement, auditors who work on compliance, and even project managers. We discuss some of the concrete ways to explain the other lesser known opportunities in cybersecurity. What's Worse?! We play two rounds with the CISOs. Um… maybe you shouldn't have done that In an article on Peerlyst, cybersecurity writer Kim Crawley, asked her followers on Twitter, "What mistakes have you made over the course of your career that you would recommend newbies avoid?" There was some great advice in here. We discuss our favorite pieces of advice from the list and our CISO admit what is the mistake they've made in their cybersecurity career that they specifically recommend newbies avoid. We’ve got listeners, and they’ve got questions Chris Hill of Check Point Software, asked, "How can non-technical people working their way up in the security industry improve their knowledge and abilities from a CISO perspective." Chris is a newbie and he wants advice on being a “trusted advisor” and he's trying to figure out the best/most efficient way to get there. It's time for the audience question speed round We go through a ton of questions the audience has for our CISOs

Kim writes about cybersecurity for Tripwire, AT&T Cybersecurity, Venafi, and Cylance's blogs. She also writes for Peerlyst. In the past Kim has contributed to Infosecurity Magazine, Threatpost, Comodo's blog, CCSI's blog, CSO, CIO, Computerworld, Hacker Noon, The Threat Report, and 2600 Magazine. Listen in as Jenny and Kim discuss early years tech support, writing and deep fakes.  To read the Deep Fake Peerlyst article by Kim, click the link here.  To follow Kim on Twitter, click the link here. To view Kim's LinkedIn page, click the link here. Don't forget you can also follow Jenny on Twitter by clicking the link here.   

Find all the links and images on CISO Series (https://cisoseries.com/were-gonna-run-these-pen-test-exercises-until-you-turn-purple/) We learn to iterate our security stamina faster by bringing the attackers and defenders in the room together. We're seeing purple on this episode of CISO/Security Vendor Relationship Podcast. This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our guest this week is Matt Southworth (@bronx), CISO of Priceline, who was brought to us by our sponsor, Praetorian. Thanks to this week's sponsor, Praetorian As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts. Why is everybody talking about this now? Senator Elizabeth Warren's proposed bill, the Corporate Executive Accountability Act, would pave the way for criminal charges of executive wrongdoing that leads to some public harm, like a public data breach. Note, there needs to be proof of wrongdoing. This isn't designed to blame victims. Regardless, the cybercommunity lit up on this topic. Warren said that too many executives were walking away free with no penalty while the community were left to suffer. Is this the bill that's needed to put a check on breaches? Hey, you're a CISO, what's your take on this?' Priceline has been conducting purple team exercises with our sponsor Praetorian. We discuss the value in purple team efforts over all the other alternatives, like pen testing, red team/blue team exercises, and threat hunting reports. Plus, we discuss the cultural benefits of purple team exercises. What's Worse?! We get a consensus on a question about asset and risk management. How to become a CISO Question from the director of information security at a Fortune 100 company wants to know how to make the leap from his position to CISO. Pay attention, it’s security awareness training time Dan Lohrmann, CSO of Security Mentor and an upcoming guest on our live podcast we're going to be recording on June 6th in Grand Rapids, Michigan had a very interesting article on Peerlyst about avoiding the punishment angle of security training. He said his number one struggle in education is explaining how important security is at an individual level and that individuals understand the impact of their actions. At Priceline, Matt Southworth created a Security Champs program to extend the reach of his security team by training interested non-security coworkers about security. We discuss what this has done to improve culture, security, and help people understand the impact of their actions. Two-factor authentication, also called 2FA, is vital, and should be considered the default in online security, not a fancy option. In short, 2FA means that two separate identifiers are required to gain access to an account. These identifiers should come from: 1.) something only you know, like a complex password, and 2.) something physically separate that belongs to you like a phone that can receive SMS messages, a physical token, a time or location limited message, or something biometric, like a retinal scan or fingerprint. Currently the SMS message is the most popular “second factor,” but security analysts say this is still the weakest option. A better option is to use an approved app, or to partner with a cybersecurity company who can build one for you.

Limor is an entrepreneur, product evangelist, security expert, and a business development executive. She is the Founder of Peerlyst, the largest community of security professionals, serving more than half a million security experts in 191 countries. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

Limor is an entrepreneur, product evangelist, security expert, and a business development executive. She is the Founder of Peerlyst, the largest community of security professionals, serving more than half a million security experts in 191 countries. Full Show Notes: https://wiki.securityweekly.com/Episode567 Subscribe to our YouTube channel: https://www.youtube.com/securityweekly Visit our website: http://securityweekly.com Follow us on Twitter: https://www.twitter.comsecurityweekly

This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode567   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

This week, Paul interviews Zane Lackey, Founder and CSO of SIgnal Sciences! In our second feature interview, Paul talks with Limor Elbaz, Founder of Peerlyst! In the Security News, Arch Linux PDF reader package poisoned, WPA3, Two news Spectre-class CPU flaws cause $100k bounty, Average cost of a data reach exceeds $3.8 million, ,and more on this episode of Paul’s Security Weekly! Full Show Notes: https://wiki.securityweekly.com/Episode567   Visit https://www.securityweekly.com/psw for all the latest episodes!   →Visit https://www.activecountermeasures/psw to sign up for a demo or buy our AI Hunter!! →Follow us on Twitter: https://www.twitter.com/securityweekly →Like us on Facebook: https://www.facebook.com/secweekly

In the first of a new format, I sit down with Joe Gray with only a handful of questions and just chat.  We cover things from Through The Hacking Glass, upcoming talks that Joe will be doing, to the various conferences that Joe will be attending.  Lots of great information and stories were shared, and if you'd like to provide feedback, please reach out and let me know!  Also, make sure you listen for a special easter egg that Joe has for those who are in the Atlanta area in September for entry to a conference at no cost! Some links of interest: Through The Hacking Glass @hackingglass - https://twitter.com/hackingglass Facebook - https://www.facebook.com/hackingglass/ Peerlyst - https://www.peerlyst.com/posts/announcing-through-the-hacking-glass-a-peerlyst-mentorship-experience-joe-gray RSA Conference USA - https://www.rsaconference.com/events/us18 Hacker Halted - https://www.hackerhalted.com/ Free Admission to conference code: HH18JGCON 25% off training code: HH18JJTRN Hack NYC - https://q22018.hacknyc.com/en/ Coupon code: STORMNYCJJ @c_3pjoe @advpersistsec Want to reach out to the show?  There's a few ways to get in touch! Show's Twitter: @PurpleSquadSec John's Twitter: @JohnsNotHere Podcast Website: purplesquadsec.com Sign-Up for our Slack community: https://signup.purplesquadsec.com John's Peerlyst Profile: https://www.peerlyst.com/users/john-svazic Thanks for listening, and I will talk with you all again next time.Find out more at http://purplesquadsec.com