-
How to CISO, Volume 1: The First 91 Days
Just want to download the eBook? Head over to How to CISO, Volume 1: The First 91 Days! It seems to be a rite of passage for all CISOs to, at some point in their career, write down their advice for other CISOs starting a new job, whether they are a first-time or veteran CISO.…
Security Talks
-
Summary Everybody sells, right? Wrong. Unless you’re taking an order and retiring your quota, you don’t sell – instead, you market. If you’re selling to a CISO, you need to understand the organizational dynamics that surround a CISO’s decision-making process. This talk walks through nine critical questions that CISOs need to understand the answers to…
-
The Untold Story of Fantastical Social Engineering. Hidden inside the story of Harry Potter is a most subtle of social engineering attacks. Explore how J.K. Rowling hid the world’s greatest villain in plain sight. This talk explores the world of Harry Potter from a different angle: that of the villain. In this talk, given in…
-
How do you know what to invest in next, or whether the time and energy that you’re spending on a security technology or program is a good investment? Learn how veteran CSOs think about security investments, and develop your own rubric for evaluating where to best make your next security improvement.
-
How do you design defenses against DDoS? And how do you think about them from a policy perspective?
-
How do humans make risk decisions, and are they good, bad, or something else?
-
How do the grand challenges of the future look like the grand challenges of the past?
-
What does a Zero Trust journey look like? Explore how we migrated Akamai to a zero trust network access model, before that was even a phrase people knew.
Security Panels
-
Lenovo Late Night I.T: Cybersecurity: Trust No One
Join Baratunde Thurston, Tim Brown, and Andy Ellis as they demistify security.
-
Cyberweek 2021: Navigating the CISO-Vendor relationship
The panel discusses the do’s and don’ts of engagements between CSOs and early-stage startups, the concerns around long integration cycles, the value in quick implementations, and the need to show value quickly.
-
Cyberweek 2021: YL Ventures & Scale Fireside Chat
YL Ventures and Scale Venture Partners hosted a Cyber Week 2021 Fireside chat where Wendy Nather, Sounil Yu, Ryan Gurney, and Ariel Tseitlin discussed the cyber industry challenges and trends. They talked about the burning challenges and the basics that CSOs are still struggling with, and how ransomware attacks undermine our ability to recover. Other…
Security Blog
-
CISO TALK: Navigating Boardroom Realities and Liability
I appeared with Mitch Ashley and JJ Minella on Techstrong TV to discuss the realities of a CISO’s journey into the boardroom, liability, and the SEC’s new disclosure rules.
-
6 Steps to Landing a Job in Cybersecurity
Looking to move into a cybersecurity career? Start with these six steps to evaluate and prepare yourself.
-
Why assessing third parties for security risk is still an unsolved problem
A recent ranking of the most cyber-secure companies reveals weaknesses in current third-party risk management practices. A Forbes article is making the rounds right now about America’s most cyber-secure companies, and I can already see the cybersecurity outrage machine up in arms. Full confession: I haven’t yet read the article, but I’m about to. I’m writing this…
-
Learning More from Accidents
When accidents happen, there’s a seductive call to look for a root cause – that is, a chain of events without which, the accident would not have happened. In hindsight, root causes are apparently easy to identify; one works backwards from the accident, identifying causal threads until reaching the “root cause.” It’s simple, and it’s generally wrong.…
-
Software liability reform is liable to push us off a cliff
Regulatory mandates for software security like those in the Biden Administration’s National Cybersecurity Strategy could cause more problems than they solve. Like “SBOMs will solve everything,” there is a regular cry to reform software liability, specifically in the case of products with insecurities and vulnerabilities. US Cybersecurity and Infrastructure Security Agency (CISA) Director Jen Easterly’s comments this…
-
What the Uber verdict means to CISOs: You’re (probably) not going to jail
CISOs and potential CISOs worried about criminal risk won’t go to jail if they follow four simple steps. There seem to be two reactions to the verdict in the Sullivan case. One reaction, often from CISOs already stressed by being outside the room where it happens, is to decide that being a CISO isn’t worth the risk…
-
TikTok resets the clock on security leadership
Roland Cloutier is stepping down as global CSO to become a strategic advisor to TikTok’s CEO. The clock is ticking on the CSO succession plan. The best time to do succession planning was last year. But the next best time is right now. The news this morning that Roland Cloutier is stepping away from the TikTok…
-
We don’t need another infosec hero
By setting yourself up as the defender, the solver of problems, you cast your business colleagues as hapless victims or, worse, threats. This is not a useful construct for engagement. There’s this belief among a lot of security professionals that we are special, in that we are the defenders of our companies. We like to…
-
The cloud security emperor has no pants
“Shared responsibility” usually means that no one is responsible for minding the gap. Don’t fall in. As anyone who has worked on a cross-functional team with no clear owner knows, “shared” or “joint” responsibility often means that everyone assumes that someone else is taking care of the problem. Without clear effort to make sure that…
-
The security user experience (SUX)
Security processes that treat the very users we protect as unwanted burdens and alienate them in the process are a path to failure. The next time you receive a phishing email, forward it to wherever your organization tells you to report phishing attempts. What response would you appreciate? Maybe a brief thank you or follow-up…
Security Podcasts
-
After a Breach, Security and Privacy Are Very Important to Us
Why does it seem that the only time we hear about a company’s concern about security and privacy is after they’re compromised. It is only at that moment they feel compelled to let us know that they’re taking this situation very seriously because as we’ve ll heard before “security and privacy are very important to…
-
Can’t You Just Pop Out of Zeus’ Head a Fully Formed Security Professional?
https://cisoseries.com/cant-you-just-pop-out-of-zeus-head-a-fully-formed-security-professional/ This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Joe Lewis, CISO, CDC. Full transcript [Voiceover] What I love about cybersecurity. Go! [Joseph Lewis] It really is a place for everybody. As an industry, we attract people like boxers and nurses and people from IT Ops and Audit and…
-
No Need for Chaos Engineering Since Our Architecture Is Always Failing
https://cisoseries.com/no-need-for-chaos-engineering-since-our-architecture-is-always-failing/ This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Mike Wiacek, CEO, Stairwell. Full transcript [Voiceover] What I love about cybersecurity. Go! [Mike Wiacek] I love the game, that cybersecurity is almost adversarial by design. Whatever we do as defenders to try and protect systems that we’re responsible…