CISO Series: We're very good at saying we care about diversity

It’s extremely easy to say you want to diversify. In fact, I’ll do it right now three times.

We want diversity.
We’re very pro diversity and it’s our focus for the next year.
Diversity is a very important part of our security program.
Please don’t ask to though look at the lack of diversity on our staff. It doesn’t match our rhetoric.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11.


Cloud Security Reinvented: Drew Daniels


Cloud Security Reinvented: Deneen DeFiore


CISO Series: A Quick Way to Tell Which Vendors You Should Avoid

Do you really need to ask hundreds of questions to know if you want to work with a vendor?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome guest Nick Selby, CSO, Paxos Trust Company to discuss:

- How do you suss out security vendors to make sure they're not a risk?
- How do you battle a typosquatter?
- What types of preparations do you have in place to know you're well prepared for an incident?
- How should CISOs and CIOs share cybersecurity ownership?


CISO Series: What's the ROI of Nothing Happening?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome my colleague Ryan Gurney, CISO-in-residence, YL Ventures to discuss:

- What’s a better sign than “nothing happened” to indicate you did a good job in cybersecurity?
- What happens when your company wants to use a really insecure SaaS product?
- What a CISO-in-Residence does for a VC firm


“There's an art to learning how to get other people to solve problems that is more powerful than doing it yourself.”

Cloud Security Reinvented: Ben Waugh


Cloud Security Reinvented: Ty Sbano


CISO Series: Could We Speak To Your CISO To Confirm He Received the Cupcakes?

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts.

Listen here:

“It's generous to say that somebody saying military grade means they're meeting a specific standard.. anybody who's meeting a specific standard is going to tell you what their specific standard is.”

Cyberwire Pro: Andy Ellis, Former Akamai CSO & CSO Hall of Fame 2021, on transparency in cybersecurity initiative


CISO Series: Make Your Friends Jealous with Our Hand-Crafted Passwords

This week’s CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo.

Listen here:

“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”

Hacker Valley: There is No Skills Gap


CISO Series: Are you asking how secure are we?

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air.
Listen here:
“If you don't have a path for hiring that junior person and developing them all the way up to become a senior person, you know what you're not going to have?... Anybody.”

CISO Series: We Shame Others Because We’re So Right About Everything

Listen here: https://cisoseries.com/we-shame-others-because-were-so-right-about-everything/
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”

Tech Talks Daily

1650: A Chat With Award-Winning CSO Andy Ellis From YL Ventures
Tech Talks Daily / Neil Hughes
YL Ventures funds and supports brilliant Israeli tech entrepreneurs from seed to lead. With headquarters in Silicon Valley and Tel Aviv, YL Ventures manages $260 million and specializes in cybersecurity. It accelerates the evolution of portfolio companies via strategic advice and U.S.-based operational execution, leveraging a powerful network of CISOs and global industry leaders.
Andy Ellis was recently named operating partner at YL Ventures, has been inducted into IDG's CSO Hall of Fame. The former CSO at Akamai Technologies will now be supporting YL Ventures' portfolio companies post-investment with product development, go-to-market strategies, and customer engagements.
In today's episode, Andy shares his story and insights from his career. We discuss why VC firms and investing in Israeli cybersecurity startups and why more CISOs are taking advisor/investor roles. I also learn what brings him to Israeli cybersecurity companies.

CISO Series: How Cisos Make it Worse for other CISOs

CISO Series / David Spark & Mike Johnson
(full transcript at link)

Cloud Security Podcast

Cloud Security Podcast / Ashish Rajan

Cyber Ranch

Cyber Ranch / Allan Alford
Clever Hiring Practices w/ Andy Ellis

With us today is Andy Ellis, operating partner at YL Ventures, former Akamai CSO and newly inducted member of the CSO Hall of Fame. We're here to talk about nonstandard hiring practices and how Andy has built an amazing team using nonstandard approaches.
Andy began his career in cyber ("I remember back then, you know, we didn't call it cyber, but I think we've all given up and, and that's now the name for our career field.") as an Air Force ROTC cadet, spent 20 years at Akamai, and joined an advisor program at YL Ventures.
Andy found a solution that addresses hiring needs and the talent shortage, while also building a very clever and very innovative team.
  • For new roles, look and see if you have somebody who's almost senior that you can promote to do that job. And backfill the almost senior person instead. Try not to hire senior people, try to hire the most junior person you can get away with and promote everybody up the chain. The real trick is to figure out how your HR and finance teams are going to operate and play them off against each other.
  • Now that we have covered your promotion from within strategy, let's talk about hiring some folks for certain roles on the team that at a glance would make no sense at all for a CSO. And yet is really, really effective and repeatable.
  • Andy’s flagship is hiring librarians. There is an entire career field dedicated to managing libraries and learning technical language to be able to do that.
  • Everyone is in the business of publishing a report about their data, right? This is just taking technical data and technical jargon and making it consumable to people who've never seen this data before. There's an entire industry that does that. We call it journalism. So, we hire journalists to come in and be those storytellers.
  • Hire teachers. Put a teacher in a position and to learn how deep do they need to go on a daily basis, and then make sure they get one level deeper. Because you're always going to have problems if you teach exactly to your domain knowledge. So, make sure your domain knowledge is always little bit deeper than whatever your job requires which is usually going to be sufficient to keep you out of trouble.
To wrap the show up, Allan asks, “Why aren't the rest of us catching on because this is some amazing stuff that every single hiring manager in cyber could benefit from.”
According to Andy, the simple answer is it's expensive, and it takes a lot of time to do right.
Allan asks, “What keeps you going in cyber?” Andy answers, “I've always seen myself as improving the systems that I walk through, that when I encounter a system, I want to tweak it and figure out what makes it work and make it work better."
Key Takeaways
1:24 Andy shares his background and how he got to cyber
3:12 Working for a venture capital firm
7:12 Hiring and building a team
12:26 The abnormal hires that just make sense
15:46 Clever role adjustments
17:10 More nonstandard hires
19:03 Confused? Whose confusion is it?
21:02 The academy
24:42 Putting a teacher in
25:21 Budget technique
27:09 Why isn’t everyone hiring this way?
28:30 What keeps you going in cyber?

Off the Record

Off the Record / Adam Janofsky
Ep 46: When Pipelines Run Dry
Levi and Adam discuss the latest news on the Colonial Pipeline attack, and what the future of ransomware might look like. Andy Ellis, the former CSO of Akamai, joins later in the episode to talk about advising and investing in cybersecurity companies.


Andy Ellis Shares Insights on Leadership (and DC Comics)

Cyber Professional Podcast

Cyber Pro Podcast
Andy shares his thoughts and experience with Jeff Chao on the role of Security Leadership


Andy Ellis returns

Andy Ellis, CSO of Akamai, joins Dennis Fisher to discuss the importance of setting priorities, how to assess your strengths and weaknesses as an organization, and the NFL draft.