Defense in Depth – Details, episodes & analysis

All links and images can be found on CISO Series.

This week's episode is co-hosted by me, David Spark, the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Cliff Crosland, co-founder and CEO, Scanner.dev.

In this episode:

• Earning autonomy gradually
• The blast radius question
• The reality check
• Today's value, tomorrow's evolution

Huge thanks to our sponsor, Scanner

All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev.

All links and images can be found on CISO Series.

Check out this post by Dr. Chase Cunningham, CSO at Demo-Force, for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Geoff Belknap. Joining us is Brett Conlon, CISO, American Century Investments.

In this episode:

• The experience paradox
• Who benefits from the narrative
• Kitchen sink job postings
• The aggregation problem

Huge thanks to our sponsor, Scanner

All your security logs end up in cloud storage like AWS S3. Scanner makes them searchable in seconds and runs real-time detections directly on that data. No pipelines, no re-ingestion. 100x faster than traditional data lakes, 10x cheaper than SIEMs. Loved by analysts. Built for AI agents. Learn more at scanner.dev

All links and images can be found on CISO Series.

Check out this post by Ross Haleliuk of Venture in Security for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark, the producer of CISO Series, and Edward Contreras, senior evp and CISO, Frost Bank. Joining us is Davi Ottenheimer, vp, trust and digital ethics, Inrupt.

In this episode:

• Network security isn't dying—it's evolving
• The observability layer that can't be replaced
• What's old is new again
• The innovation gap

Huge thanks to our sponsor, HackerOne

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace.

In this episode:

• Why do mergers and acquisitions always present challenges to an organization?

• When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition?

• Can cybersecurity considerations make or break a deal?

• What skills did you find yourself flexing with your first M&A experience?

Thanks to our podcast sponsor, Aphinia!

Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys' team because the only way to succeed is together: https://aphinia.com/#signup_form

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian.

In this episode:

• When did we all agree that red teaming was about validating security?

• Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined?

• Is this making it hard to see its value?

• Can moving red teaming upstream be more valuable to your organization?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG.

In this episode:

• Vendors need to reach out to CISOs, but what does a successful approach look like?

• Do vendors often spray and pray with outreach, rather than doing a bare minimum of research?

• What else can vendors do to try to create meaningful outreach to CISOs?

• How do you like security sales professionals to build a relationship with you?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health.

In this episode:

• Why are we all struggling trying to manage third-party risk?
• Why do the hated questionnaires seem like compliance checkbox efforts?
• Does anyone believe it reduces risk?
• What's the right approach and how do you strike the right balance?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud.

In this episode:

• What are the things that raise red flags that you're about to experience an attack?
• What signals set off your Spidey sense that things could go sideways?
• What are the early warning signs an attack is underway?
• Did you learn anything new?

Thanks to our podcast sponsor, SpyCloud

Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource.

In this episode:

• How do you actually focus your patching efforts on the vulnerabilities that are seen as universally holding the most risk?
• With limited resources, is it possible to "patch all the things"?
• How do we focus patching efforts to fix the most vital issues quickly?
• What are the risks we're dealing with?

Thanks to our podcast sponsor, SpyCloud

Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM.

In this episode:

• Does generative AI come with a new set of risks?
• How can we address these risks to take advantage of its benefits?
• How do we approach a much desired technology we're not so sure how we should secure?
• How can we take what we've learned from past technological advances and apply it to mitigate risks with generative AI?

Thanks to our podcast sponsor, SpyCloud

Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.