Defense in Depth – Details, episodes & analysis

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Nick Muy, CISO, Scrut Automation.

In this episode:

• Segment and test

• Focus on you

• Embrace the risk lifecycle

• Not all vendors are the same

Thanks to our podcast sponsor, Scrut Automation

Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Sherron Burgess, CISO, BCD Travel.

In this episode:

• Disingenuous claims rub everyone the wrong way. 

• Don’t put the CISO behind the 8-ball

• The sales hustle

• They didn’t understand the assignment

Thanks to our podcast sponsor, Scrut Automation

Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo.

In this episode:

• Moving beyond technology

• The art of a CISO

• CISOs always operate in context

• Elevating the CISO conversation

Thanks to our podcast sponsor, SeeMetrics

SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work.

Ready to automate your security programs? start connecting your environment at seemetrics.co

All links and images for this episode can be found on CISO Series

Learning cyber is not a question for those who are just starting out. It's for everybody. Where and how do we learn at every stage of our professional careers?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Jerich Beason, CISO, Commercial, Capital One.

Thanks to our podcast sponsor, SlashNext

SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API.

In this episode:

• Where do we go to learn at every stage of our professional careers?
• We discuss how the learning process never really stops, but is on-going with cyber professionals continuing to learn throughout their careers.
• Why is the “know-it-all” leader a red flag to avoid?

All links and images for this episode can be found on CISO Series

You’re a CISO, vCISO, or MSSP rolling into a company that has yet to launch a cybersecurity department. How do you communicate about cyber with the IT department? They’re not completely new to cyber. What’s the approach to engagement that helps, but doesn’t insult? How do you offer practical cybersecurity advice?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is sponsored guest Scott McCrady (@scottsman3), CEO, SolCyber.

Thanks to our podcast sponsor, SolCyber

At SolCyber we're hell-bent on delivering Fortune 500 level cyber security for small and medium-sized enterprises. When you're being targeted by the same bad guys, nothing else will do. We bring to the table a curated stack of leading technologies and around-the-clock SOC support, all simply priced per user. Let us do the heavy lifting.

In this episode:

• How do you communicate about cyber with the IT department?
  
• What’s the approach to engagement that helps, but doesn’t insult?
  
• How do you offer practical cybersecurity advice?
  

All links and images for this episode can be found on CISO Series

Cybersecurity boils down to securing your data or data protection. But that simple concept has turned into a monumental task that is only exacerbated every time we move our data to a new platform. How do we secure data today, to be ready for whatever comes next in computing?

Check out this post and this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and guest co-host Gary Hayslip (@ghayslip), global CISO, SoftBank Investment Advisers. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

Thanks to our podcast sponsor, Keyavi

Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.

In this episode:

• How do we secure data today, to be ready for whatever comes next in computing?
• How do we go about building a data transformation program that's platform agnostic?
• Why has this simple concept turned into a monumental task?

All links and images for this episode can be found on CISO Series

Is attack surface profiling the same as a pen test? If it isn't what unique insight can attack surface profiling deliver?

Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Nick Shevelyov, former CSO, Silicon Valley Bank.

Thanks to our podcast sponsor, Keyavi

Myth: Data can’t protect itself. Fact: Now it does! You control where your data goes in the world, who can access it and when. On any device. Anytime. Anywhere. FOREVER. Learn more at Keyavi.com.

In this episode:

• Is attack surface profiling the same as a pen test?
  
• What unique insight can attack surface profiling deliver?
  
• Is “Attack Surface Profiling” more like a natural evolution from traditional vulnerability management?
  

All links and images for this episode can be found on CISO Series

What’s your best indicator that your security program is actually improving? And besides you and your team, is anyone impressed?

Check out this post for the discussion that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Simon Goldsmith (@cybergoldsmith), director of information security, OVO Energy.

Thanks to our podcast sponsor, Votiro

Can you trust that your content and data is free of malware and ransomware? With Votiro you can. Votiro removes evasive and unknown malware from content in milliseconds, without impacting file fidelity or usability. It even works on password-protected and zipped files. Plus, it’s an API, so it integrates with everything – including Microsoft 365. Learn more at Votiro.com.

In this episode:

• What's the best indicator that your security program is actually improving?
  
• Does anyone care that you're actually improving your security posture?
  
• What should we be measuring to prove a security program is working and getting better?
  

All links and images for this episode can be found on CISO Series

Interviewing for leadership positions in cybersecurity is difficult for everyone involved. There are far too many egos and many gatekeepers. What can be done to improve recruiting of CISOs?

Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn with our guest Ty Sbano (@tysbano), CISO, Vercel.

Thanks to our podcast sponsor, Thinkst

Most Companies find out way too late that they’ve been breached. Thinkst Canary changes this.
Deploy Canaries in minutes and then forget about them. Attackers tip their hand by touching ’em giving you the one alert, when it matters. With 0 admin overhead and almost no false-positives, Canaries are deployed (and loved) on all 7 continents.

In this episode:

• What can be done to improve CISO recruiting?
• Is there a disconnect between HR and what the company actually needs regarding a position?
• How long should the interview process take?

All links and images for this episode can be found on CISO Series

How are nefarious actors using our own data (and metadata) against us? And given that, in what way have we lost our way protecting data that needs to be course corrected?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is John Ayers (@cyberjohn1747), vp of advanced detection and response office of the CTO, Optiv.

Thanks to our podcast sponsor, Optiv

The modern enterprise needs a solution as unique as its business.
 
Optiv’s Advanced Detection and Response (ADR) works with your organization to comb through the D&R clutter and find the ideal security solutions for your business. ADR delivers tailored detection and response backed by technology, real-time intel and deep expertise applied at touch. Bottom line: ADR finds and neutralizes threats fast, so you can focus on what matters.

In this episode:

• How are nefarious actors using our own data (and metadata) against us?
• In what way have we lost our way protecting data that needs to be corrected?
  
• We examine how our interconnectedness is both a blessing and a curse.
  
• Is there already far too much sensitive data in essentially open source intelligence?