CISO Series Podcast – Details, episodes & analysis

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Bethany De Lude, CISO, the Carlyle Group.

In this episode:

• CISOs as storytellers
• Grinding a CISO’s gears
• An evolving role
• Earning trust with vendors

Thanks to our podcast sponsor, Scrut Automation!

Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is Ty Sbano, CISO, Vercel.

In this episode:

• Perception is the reality for insider threats
• Coaching rather than shaming
• Working to make DevOps redundant
• Fixing a strained relationship

Thanks to our podcast sponsor, Backslash!

Backslash Security is your modern AppSec solution, focusing on what truly matters—real risks. Gain clear visibility into your applications and fix only the code and open-source software that’s actually in use, making your AppSec smarter and more efficient. Learn more at https://www.backslash.security/.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security.

In this episode:

• The Gordian knot of EDR
• Can we keep up with patching?
• Making AI practical
• Standardization or granularity?

Thanks to our podcast sponsor, ThreatLocker!

ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

All links and images for this episode can be found on CISO Series

Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign.

Thanks to our podcast sponsor, SlashNext

SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API.

In this episode:

• Are big conferences like RSA worth it? What's the value of the trade show floor at RSA?
  
• Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night?
  
• Are the customers and vendors getting priced out?
  

All links and images for this episode can be found on CISO Series

Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Is it OK if users see security as heroes but security professionals shouldn't see themselves that way?
• What have you heard enough about when it comes to data protection, and what would you like to hear a lot more?
• How can we best create a cyber risk balance sheet?

All links and images for this episode can be found on CISO Series

Just the words "zero trust" often causes security professionals to shiver. In general, CISOs are on board with the concepts of "zero trust," we just think they're uncomfortable with how it's being used for branding and marketing efforts.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is David Cross (@mrdbcross), SVP/CISO for Oracle SaaS Cloud.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Should certifications be a requirement on your job listings?
• Are the SIEMs failing or do the users not know how to configure them? Or is it both?
• Why do security professionals treat the term "zero trust" so negatively? How should vendors approach zero trust and how should the C-suite understand it?

All links and images for this episode can be found on CISO Series

You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

In this episode:

• We welcome the winner of “Capture The CISO!” How did they prepare in terms of making the demo and for appearing on the show? And what advice would they give for contestants in season 2?
  
• What do employers look for or ask in an interview that would lead them to hire and promote someone into a CISO role in their company?
  
• How can cybersecurity professionals improve their decision making over time?
  

All links and images for this episode can be found on CISO Series

We explore the world of dishonesty in cybersecurity. Practitioners know that marketers will stretch the truth, but how far are we willing to let that go? Isn't this industry built on trust? Can cybersecurity continue to thrive if we can't trust each other?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our sponsored guest is Anna Belak (@aabelak), director of thought leadership, Sysdig.

Thanks to our podcast sponsor, Sysdig

Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.

In this episode:

• What are the questions a CISO should be able to answer?
  
• How much dishonesty do you find in cybersecurity?
  
• How does one LEAD a cloud migration?
  
• What are some lies about machine learning that everyone needs to be aware of?
  

All links and images for this episode can be found on CISO Series

What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it's out of your control.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

Thanks to our podcast sponsor, Keyavi

Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.

In this episode:

• Can the US government, through regulation, shift the tide of never-ending cybersecurity failures?
  
• Your network was just hit with ransomware. What do you do in your environment?
  
• What should we be discussing more of when it comes to protecting data in the supply chain?
  
• What's the biggest security flaw you've seen in every environment you've ever worked?
  

All links and images for this episode can be found on CISO Series

If they can find flaws, security professionals are quick to label it as bad security behavior. But often, what is marked as "bad" may have problems, but when looked at from a reducing risk perspective it's actually a very good security behavior.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Carla Sweeney, vp information security, Red Ventures.

Thanks to our podcast sponsor, Protegrity

Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.

In this episode:

• Is a CISO really an architect of choices, for themselves and the other business leaders?
  
• Why and how can controls impose friction or drag on business velocity?
  
• What are the types of questions you ask when you're referencing a resume and what are some examples of really impressive responses?
  
• What are some things that get a bad rap, but are actually quite secure?