Security You Should Know – Details, episodes & analysis

Open source is a bedrock of modern enterprise software. But support for various components is all over the place. The ecosystem doesn't have the right incentives in place, leading to end-of-life security issues many organizations aren't ready to address. When community support for open-source components dries up over time, what is your recourse?

In this episode, Aaron Frost, founder and CEO, HeroDevs, discusses how HeroDevs is addressing this problem by providing secure, drop-in replacements to give enterprises the time they need to safely transition to supported software. Aaron is joined by our panelists, DJ Schleen, head of security, Boats Group, and Russ Ayres, deputy CISO & head of cyber, Equifax.

Huge thanks to our sponsor, HeroDevs

Outdated software puts your security at risk. HeroDevs' Never-Ending Support ensures your legacy systems stay secure, compliant, and functional. Proactively protect against vulnerabilities in unsupported frameworks like Spring or AngularJS. Don’t let end-of-life open-source software be your weak link—secure your stack today with HeroDevs.

The velocity of innovation necessitates an agile approach to infrastructure management, which often leads to complexity and, consequently, vulnerabilities. Organizations are in a relentless race to identify and prioritize security gaps, but how can we effectively manage and mitigate these risks?

In this episode, Jay Mar-Tang, field CISO at Pentera, discusses how Pentara blends the efficiency of automation with insightful human judgment to addresses the gaps in traditional security processes while enhancing effectiveness and response times. Jay is joined by our panelists, Keith McCartney, vp, security and IT, DNAnexus, and Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show.

Huge thanks to our sponsor, Pentera

Pentera, established in 2015, leads the charge in Automated Security Validation. We empower organizations to pinpoint their true security gaps and prioritize based on true exposure, providing a strong defense against cyber threats. Trusted by thousands worldwide, Pentera offers security posture, clarity and precise guidance for remediation.

The sheer volume of security alerts and data being generated by various sources like firewalls, servers, and endpoint devices is daunting. The challenge lies in sifting through this vast amount of information to identify genuine threats without throwing manual effort at it. Traditional security logs merely tell us what happened but do not provide insights on what's happening now. The demand is for more actionable intelligence that focuses on different, more relevant data types rather than just more data.

In this episode, Subo Guha, chief product officer at Stellar Cyber, discusses the company's efforts to turn raw security alerts and IT data into actionable intelligence at scale. Subo is joined by our panelists, Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show, and Steve Zalewski, co-host of Defense in Depth.

Huge thanks to our sponsor, Stellar Cyber

Understanding and mitigating insider risk has taken a front seat in organizational security strategies. What once was a niche concern, we’re seeing significant escalation in insider threats, particularly from nation-state actors, with insiders becoming victims of coercion or identity theft.

In this episode, Mohan Koo, president & co-founder, DTEX Systems, explains why understanding human behavior, continuous data tracking, and proactive collaborations are key components in staying ahead of evolving risks. Joining Mohan in this discussion are Janet Heins, CISO, ChenMed, and Bethany De Lude, CISO emeritus.

Huge thanks to our sponsor, DTEX Systems

The fragmentation and vast amount of data generated from enterprise tools create a convoluted landscape for cybersecurity professionals to navigate. This complexity is exacerbated in large companies with dynamic environments, where innovation and growth must be balanced with the ever-present need for security.

In this episode, Piyush Sharrma, CEO and co-founder at Tuskira discusses what the company is doing to unify security tools and validate defenses in this sea of data. Piyush is joined by our panelists, Mike Woods, vp, cybersecurity, GE Vernova, and Keith McCartney, vp, security and IT, DNAnexus.

Huge thanks to our sponsor, Tuskira

Tuskira simplifies cybersecurity by unifying data from 150+ tools into a proactive, AI-driven security mesh. Resolve operational complexity by aligning defenses like EDRs, WAFs, & more with real-world vulnerabilities. Accelerate response times with automated exploit validation & risk mitigation. Stop patching noise and start focusing on the threats that truly matter. 

What if you could get a no-nonsense look at security solutions in just 15 minutes? Security You Should Know, the latest podcast from the CISO Series, does just that.

Hosted by Rich Stroffolino, each episode brings together one security vendor and two security leaders to break down a real-world problem and the solution trying to fix it. Expect straight answers on:

• How to explain the issue to your CEO
• What the solution actually does (and doesn’t do)
• How the pricing model works

Then, our security leaders ask the tough questions to see what sets this vendor apart.

Subscribe now and and stay ahead of the latest security solutions. Visit CISOseries.com for more details.

Security You Should Know: Connecting security solutions with security leaders.

SaaS visibility remains a mixed bag. Within company sanctioned tools we have visibility. But when it comes to visibility across tools, we struggle. And don't forget all of the SaaS apps your employees use that you don't know about. How do you start to address that SaaS visibility gap?

In this episode, Russell Spitler, co-founder and CEO of Nudge Security, discusses how using email as the foundation for SaaS visibility makes the whole situation much easier to manage. Russell is joined by our panelists, Steve Zalewski, co-host of Defense in Depth, and Nick Espinosa, host of the nationally syndicated Deep Dive Radio Show.

Huge thanks to our sponsor, Nudge Security

Nudge Security solves the identity security, IT governance, and third-party risk challenges resulting from SaaS sprawl and GenAI use. With complete SaaS discovery on Day One and automated IT governance workflows, customers can eliminate blind spots, harden security posture, and mitigate supply chain risks without slowing down the business. Learn more at NudgeSecurity.com.

All links and information can be found on CISO Series.

DLP can be a bit of a four-letter word in cybersecurity. False positives are a major problem with any traditional DLP solution because setting the right policy for your organization's needs is always a moving target.

In this episode, Nitay Milner, co-founder and CEO of Orion Security, explains how they provide a "zero-policy" approach to DLP that brings in the missing piece of context to the category. Joining him are Steve Knight, former CISO at Hyundai Capital America, and Jack Kufahl, CISO at Michigan Medicine.

Huge thanks to our sponsor, Orion Security

Orion is the first AI-native DLP that prevents data exfiltration with a zero-policy approach. Powered by Orion’s proprietary “Indicators of Leakage” AI engine, they automatically detect data incidents with context-aware accuracy - eliminating false positives and manual work. Orion brings a new approach to DLP - it’s like EDR for your data. Already trusted by enterprises in finance, aviation, healthcare, and beyond. Learn more at https://orionsec.io

Managing risk is the name of the game for a CISO. Quantification is a major part of that job, but it doesn't end there. Without a means of communicating that quantification to the rest of the business, quantification just adds to the noise.

In this episode, UJ Desai, Senior Director of Product Management, Partner Programs at Qualys explains how they provide a comprehensive solution for the Risk Operations Center, with comprehensive ways to ingest data from your applications, make sense of the data, and give your organization the tools to make the right priorities with it. Joining him are our panelists, Montez Fitzpatrick, CISO at Navvis, and Derek Fisher, Director of the Cyber Defense and Information Assurance Program at Temple University.

Huge thanks to our sponsor, Qualys

Cut through cybersecurity noise with Qualys Enterprise TruRisk Management. Quantify risk in financial terms, prioritize critical threats, and streamline remediation. Gain actionable insights for faster risk reduction and communicate business impact clearly to stakeholders. Empower your teams to measure, communicate, and eliminate cyber risk more effectively. Learn more at qualys.com/etm.

Securing endpoints is a persistent challenge, especially in a hybrid working environment. The human factor is an unavoidable element with endpoint security, which means you have to be ready for a lot of unexpected behavior. Centrally managed policies for endpoints can only enhance security if they don’t compromise the flexibility the business needs.

In this episode, Rob Allen, chief product officer at ThreatLocker, discusses how their Network Control solution offers a endpoint-based firewall to protect these devices. Rob is joined by our panelists, Janet Heins, CISO at ChenMed, and Shaun Marion, vp, CSO at Xcel Energy.

Got feedback? Join the conversation on LinkedIn.