Cloud Security Reinvented: Jadee Hanson

πŸ’‘ Name: Jadee Hanson
πŸ’‘ What she does: She's the CIO and CISO at Code42.
Noteworthy: As CIO and CISO at Code42, Jadee Hanson leads global risk and compliance, security operations, incident response, and insider threat monitoring and investigations. She brings more than 17 years of experience in information security and a proven track record of building security programs. Before Code42, Jadee held several senior leadership roles in the security department of Target Corporation.

Key Insights

⚑ The world of security is always changing. Technology is rapidly changing and evolving. And cloud security is following along. Jadee explains what this means for the security industry. She says, "For security practitioners, we've always had to be really good at being resilient and adaptable. So, in our world, things always change. Technology is changing, the risk landscape is changing, and threat actors change. And as the cloud has become more prevalent, we had to flex our resilient and adaptable muscles and learn something new. And I would argue that the fundamental controls that we need to have in place for the cloud really haven't changed. What's changed is the 'how'; it's the 'how we meet those controls,' and that's it."
⚑ Bad actors use cloud services as much as security practitioners. Bad actors are early adopters when it comes to cloud security. Jadee talks about this significant challenge for security practitioners. She says, "One thing that has really surprised me is that when you think of the cloud movement, there are so many features and functionalities within a cloud architecture. We know this as security practitioners, but bad actors also know this, and they know this very well. So I think my biggest surprise is to see bad actors and bad APT groups use cloud services, just like we do every day."
⚑ Let your people be the heroes of the organization. When building security teams, it's essential to let them be heroes and give them exciting opportunities to grow. Jadee explains, "I think it's really all about the people. So my advice would be to find really great people who deliver quality work, continue to challenge them, and give them really interesting opportunities. It's funny. Lots of security practitioners aren't really motivated by tons of money. They're motivated by interesting opportunities. I also think it's really important that you don't make them adversaries in the organization."

Sound Security Advice That’s Perfect to Ignore

It appears our security awareness training is falling short at the point of taking any type of real action. While most people are aware of the need for secure passwords, they don’t create secure passwords. They are taking the easier way out rather than the secure path which isn’t that far from the easy path.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext.

Entry Level Position Available. 15+ Years Experience Required.

That headline is not a joke. 
An actual job listing on LinkedIn requested just that. We’re all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark.

Get All the Stress You Want, With None of the Authority

CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO’s stress seem that much more powerful? Is it that their job is still in constant development, or is the “C” in their name just in title, but not authority?
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai.

Cloud Security Reinvented: Kathy Wang

πŸ’‘ Guest: Kathy Wang, Chief Security Officer at Discord
Noteworthy: Kathy is a security executive and leader with a strong background in project management, research, and business development. She has worked in government, commercial, and technology startup environments and currently advises startups that offer security services/products.

Key Insights

⚑ The importance of access control in security. Improving access control is one of the best ways to prevent potential security problems. Kathy says, "If I think about this from a security perspective, and you look at it from a public cloud SaaS environment perspective, there are so many organizations right now where there are far too many people who have more access than they need in production environments. And so we're always looking for ways to understand, audit, and reduce all of those accesses, and this is super important for improving security posture because if you can't control or understand what access people have, then you've got all sorts of problems like insider threat as well as takeover or breach type of issues."
⚑ Security is a hard sell. Even though the number of cyber threats increases every year, security is still hard to sell. Kathy explains, "GitLab was even less of a security product company. They've built security features and security capabilities, which I was super happy to help contribute to from a CSO perspective, as in, ‘Would I use this; would I buy this?’ However, it's not the same thing as talking to customers constantly about, 'Hey, we've detected this for you. What do you think?' And then getting a response, 'You know what? Yeah, it's true. You did, but I'm not sure I want to pay for that kind of detection, though.' This is exactly what makes security such a hard sell. You could be accurate. You could be technically good, but what is that other factor that will make people want to spend money on the product? That's hard."
⚑ Think outside the box when building your security teams. The key to building highly effective security teams is to differentiate yourself. Kathy says, "Building security teams is not an easy thing to do, as you know, and we're always competing for talent with a whole bunch of other companies. So what can you do to really differentiate yourself? One of the things I learned is that you can actually go looking for talent outside of the normal pools of talent that people look for. And GitLab was really great for reinforcing that."

We Built This City on Outdated Software

“The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software,” said Robert Slaughter of Defense Unicorns on LinkedIn. That’s at the core of the third-party security issue.
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard.

Wrong Answers to Revealing Interview Questions

Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They’re looking not necessarily for a specific answer, but rather a kind of answer and they’re also looking to make sure you don’t answer the question a specific way. Don’t get caught in the trap.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis.

I Pity the Fool Who Builds a Homogeneous Cyber A-Team

If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It’s actually really hard to hire a diverse team because what people want to do is simply hire people who look, talk, and sound like them. People who come from the same background as you. While that may work for building friends, it’s not necessarily the best solution when building a team to secure your company.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and “Project Zero Trust.”
And here’s 
George’s cybersecurity personality test.

Who Do You Need to Trust When You Build a Zero Trust Architecture?

Uggh, just saying “zero trust” sends shivers down security professionals’ spines. The term is fraught with so many misnomers. The most important is 
who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that’s consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that “zero trust” program?
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.

The Best Interview Questions and the Answers You Want to Run From

You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?
This week’s episode is hosted by  
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell’s, Coca-Cola, and Time Warner.

It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.οΏΌ

Security professionals should turn in the cyber hero mentality for the “sidekick” role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can’t protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they’re running alongside different business units trying to find a way to make their process run smoother and more secure.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Clyde Williamson, product management, innovations, Protegrity.

Whn Good Decisions Go Bad

You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

Yuck! Now Everyone Has Touched My Data.


What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it’s out of your control.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

Cloud Security Reinvented: Allison Miller

πŸ’‘ Name: Allison Miller
πŸ’‘ What she does: Allison is the VP of Trust at Reddit.
πŸ’‘ Noteworthy: Allison was in marketing before dedicating her career to cybersecurity.

Cloud Security Reinvented: Amanda Fennell

πŸ’‘ Name: Amanda Fennell
πŸ’‘ What she does: She's the CIO and CSO at Relativity.
πŸ’‘ Noteworthy: Amanda joined the Relativity team in 2018 as the CSO, and her responsibilities expanded to include the role of the CIO in 2021. She's responsible for championing and directing security strategy in risk management and compliance practices, as well as building and supporting Relativity's information technology. Amanda also hosts Relativity's Security Sandbox podcast, which explores and explains the unique links between non-security topics and the security realm.

How Many Forms of ID Do I Need to Buy This Gift Card?

Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual.

What Does It Cost to Prove Security Is Working?


I Have So Little. Just Let Me Control Access to the Mail Server.


Cloud Security Reinvented: Roland Cloutier

Episode Summary

Cybersecurity is an ever-changing field. And since the emergence of the cloud, social media networks, and machine learning algorithms, the security space has continued to evolve to respond to the market's needs.

But some things never change — the willingness to learn, adapt, and improve remains the golden standard of cybersecurity.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Roland Cloutier, the Global Chief Security Officer at TikTok. They talk about the most significant changes since the emergence of cloud computing, what it's like to work at TikTok, and why technologists should always keep learning.



πŸ’‘ Name: Roland Cloutier

πŸ’‘ What he does: He's the Global Chief Security Officer at TikTok.

πŸ’‘ Company: TikTok

πŸ’‘ Noteworthy: As Global Chief Security Officer of TikTok, Roland Cloutier brings an unprecedented understanding and knowledge of global protection and security leadership to one of the world's leading media, social, and technology companies. He oversees the company's information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.

Cyber Ranch: Board Reporting Metrics Pt 2


Andy Ellis, CISO at Orca Security, is back for part 2 of this series on Board Reporting Metrics. In Episode 1, Andy and host Allan Alford addressed some of the most common questions posed by the board and shared their perspective on what the board needs to know from a cybersecurity standpoint. In this episode, they continue the conversation by fielding questions from LinkedIn on topics such as:

-Vulnerability and threat hunting metrics

-Top 3 metrics to report to the board and why

-Breach reporting implications and much more!

Cloud Security Reinvented: Andy Steingruebl


When someone says Pinterest, the first thing that comes to mind is a social platform and a place to seek inspiration. But for the people working behind the scenes, it's more than that.

In February 2021, Pinterest had 459 million active monthly users. That's a lot of data and traffic, and security measures must be put in place for an exceptional user experience. So how do they do it?

In this episode of Cloud Security Reinvented, our host Andy Ellis chats with Andy Steingruebl, the Chief Security Officer at Pinterest. The two discuss the difference between the on-premise and cloud era and what differentiates Pinterest from companies like PayPal. They also touch upon the best and worst on-premise practices and the future of technology.


πŸ’‘ Name: Andy Steingruebl

πŸ’‘ What he does: Andy is the Chief Security Officer at Pinterest.

πŸ’‘ Websites: Pinterest

πŸ’‘Noteworthy: Andy is an Information Security professional with more than 25 years of experience. He has extensive experience in most security management and architecture areas, including Policy, Compliance, Communication, Infrastructure, and Incident Response. He is an excellent communicator with the ability to communicate with all levels of the organization, customers, policymakers, and regulators. He has a track record of significantly contributing toward making the internet a safer, more secure place for users and companies.

Gartner Creates Another Category for Everyone to Ignore


Cloud Security Reinvented: Meg Anderson


Episode Summary

The cloud has been around for a while now. And ever since it emerged — two decades ago — it has brought in new ways to think about security, identity, and access management.

But at the end of the day, we still need to make sure that the right people have the right information at the right time.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Meg Anderson, the VP - CISO at Principal Financial Group. They talk about the changes in cloud security since the emergence of the cloud, some of the best and worst practices, and what the future holds for cloud security.



πŸ’‘ Name: Meg Anderson

πŸ’‘ What she does: She's the VP - CISO at Principal Financial Group.

πŸ’‘ Company: Principal Financial Group

πŸ’‘ Noteworthy: Meg participates in a number of CISO councils. She is a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), where she chairs the Strategy Committee and is on the FinCyber Advisory Group for the Carnegie Endowment for International Peace. Before the role of VP - CISO, Meg acquired over twenty years of technical and leadership experience in application development.

Decommission Our Legacy Tech or Just Shut Down the Business?


Cloud Security Reinvented: Sameer Sait


Episode Summary

It's been more than a decade since the cloud emerged as a new concept. And it's safe to say that it has practically become the new normal, especially since the COVID-19 outbreak.

However, when it comes to improving cyber security and risk management in the cloud, we still have a long way to go.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Sameer Sait, an information security expert and the former CISO of Amazon's Whole Foods Market. They talk about the shift in security mechanisms due to the explosion of the cloud, the importance of shared responsibility, and what we can learn from highly regulated industries. Tune into this episode to hear some insightful observations about the future of cybersecurity.



πŸ’‘ Name: Sameer Sait

πŸ’‘ What he does: He's the former CISO of Amazon's Whole Foods Market.

πŸ’‘ Company: N/A

πŸ’‘ Noteworthy: He's an information security and risk executive with 16+ years of global leadership experience at Fortune 100 firms.

Cyber Ranch: Board Reporting Metrics, pt 1


In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This episode is a master class in board communication in cybersecurity, and the conversation went into such depth that a Part 2 is already being planned.

Life’s Certainties: Death, Taxes, and Violating Security Policies


Securing Bridges

Cloud Security Reinvented: Justin Somaini


Security and privacy are burning topics in the cloud era. But not many companies have professionals dealing with these issues. Therefore, it's critical to make the topic of cybersecurity more accessible to business owners and board members.

In this episode of Cloud Security Reinvented, we get to hear from Justin Somaini, the Chief Security Officer of Unity Technologies. Justin and our host Andy Ellis discuss cloud security and how companies in the iGaming industry approach it.

They also discuss the past and present of cybersecurity and share predictions regarding the cloud's future. Justin also shares a valuable piece of advice anyone interested in becoming part of the security industry could benefit from.


πŸ’‘ Name: Justin Somaini

πŸ’‘ What he does: Justin is the Chief Security Officer of Unity Technologies.

πŸ’‘ Website: Unity Technologies

πŸ’‘ Noteworthy: Before joining Unity Technologies, Justin worked at PricewaterhouseCoopers and Charles Schwab.

Why CISOs Avoid the Dreaded “Request a Demo” Button


Cloud Security Reinvented: Nick Vigier


Episode Summary

Cloud security looks a lot different to an outside observer than to an insider. And everyone thinks that some companies are further along in their cloud maturity journey than they really are.

But there's still a lot of work to be done regarding cybersecurity, so organizations should focus more on becoming cloud-native rather than going for the less-demanding "lift-and-shift" migration method.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Vigier, a CISO and the owner of Rising Tide Security, LLC. They discuss the downsides of using the forklift migration method, the importance of shifting perspective, and why there is no security career ladder.



πŸ’‘ Name: Nick Vigier

πŸ’‘ What he does: He's the Former CISO at ID.me & DigitalOcean.

πŸ’‘ Company: Rising Tide Security

πŸ’‘ Noteworthy: Nick was a founding member of the "FDSecE" role at Palantir. The FDSecE team was part of the Business Development team. It consisted of information security experts responsible for acting as thought leaders with clients in topics ranging from security strategy to forensics.

What’s Next in Cybersecurity? Look at Last Year and Expect More


Cloud Security Reinvented: Nick Selby


Episode Summary

There's no universal rule for breaking into a new industry. And the same goes for starting a career in the information security field.

But one thing's for sure — if you let your passion guide you and you're willing to work hard, there's no limit to what you can accomplish.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Selby, the Director, Software Assurance Practice at Trail of Bits. They talk about what it's like working in cloud security, why attention to detail is crucial, and how cloud technology is democratizing innovation.



πŸ’‘ Name: Nick Selby

πŸ’‘ What he does: He's the Director, Software Assurance Practice at Trail of Bits.

πŸ’‘ Company: Trail of Bits

πŸ’‘ Noteworthy: He is the author and co-author of several books, including "Cyber Crime: A Basic Primer" and "Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between."

Are You Attending the “What to Worry About Next” Security Conference?


Breaking into Cybersecurity

Cloud Security Reinvented: Renee Guttman


Episode Summary

Over a long security career, not only do professionals grow and change, but the world they're operating within also changes. And talking about security, we are witnesses to the transition from local software to cloud security.

The cloud brought new trends in solving security problems. But certain practices from the pre-cloud era still resonate and are in use. At the same time, we still do some things that we should stop.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Renee Guttmann, a transformational leader in cybersecurity. Andy and Renee get into how building an on-premise model is blended with how the cloud could be leveraged, how security protocols have been modified for the cloud, and how the cloud has changed the approach to cybersecurity.



πŸ’‘ Name: Renee Guttmann

πŸ’‘ What she does: Chief Information Security/IT Executive.

πŸ’‘ Company: Cydome Security

πŸ’‘ Noteworthy: Renee has delivered world-class global information security programs for Coca-Cola, Time Warner, Royal Caribbean, Campbell, and Capital One, and helped establish the office of the CISO at Optiv. She advises startups on defining their products, services, and go-to-market strategies. On the community front, she partners with other CISOs on cybersecurity training and mentorship. She has been active as a Board Member and Advisor at a large children's mental health facility for almost a decade.

How to Be So Awesome CISOs Can’t Ignore You


Cloud Security Reinvented: Brian Haugli


Episode Summary

Implementing an effective security program has become a necessity over the past decade. And without a doubt, all businesses need to level up their security game to mitigate risks and protect their information.

But small- and mid-market companies are somehow left behind when it comes to security guidance and realistic capabilities.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis introduces Brian Haugli, the Managing Partner at SideChannel. They talk about the increasing demand for cybersecurity for all organizations, why the black-and-white view won't get us far in security, and the future of technology.



πŸ’‘ Name: Brian Haugli

πŸ’‘ What he does: He's the Managing Partner at SideChannel.

πŸ’‘ Company: SideChannel

πŸ’‘ Noteworthy: Brain is the co-author of "Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework."

πŸ’‘ Where to find Brian: LinkedIn


If the Network Is Up, Somebody Is Violating Our Acceptable Use Policy


Cloud Security Reinvented: Morey Haber


The cloud is the future for a reason. Besides its massive impact on security and more convenient file storage options, the cloud has fostered the creation of an environment where you can have all the information in the palm of your hand. And speaking of the cloud and technology, the best is yet to come.

However, its ability to deliver tons of information to users worldwide is a double-edged sword. The cloud has a blend of both true and false information, which makes you doubt the credibility of any source you read, whether it's Wikipedia or a random webpage.

In the new episode of Cloud Security Reinvented, Andy Ellis chats with Morey Haber, the Chief Security Officer at BeyondTrust. They get into the significance of the cloud compared to on-premise solutions, the most significant tech opportunities in the future, and the security loopholes that should have been eliminated a long time ago.



πŸ’‘ Name: Morey Haber

πŸ’‘ What he does: Morey is the Chief Security Officer at BeyondTrust.

πŸ’‘ Company: BeyondTrust

πŸ’‘ Noteworthy: Besides his role as a CSO, Morey is also a prolific writer. So far, he's published three books — Identity Attack Vectors, Privileged Attack Vectors, and Asset Attack Vectors.

πŸ’‘ Where to find Morey: LinkedIn

CISO Series: What We Lack In Security We’ll Make Up in School Spirit


Cloud Security Reinvented: Ryan Gurney


Cloud-based solutions are the future of technological advancement. The cloud has gone through various phases, and these changes have made it one of the most potent inventions of today.

Thanks to a broad range of cloud-based tools, even founders without a development background can start a company and release a product. But that's not the only advantage of the cloud. Technological development, alongside the cloud, could significantly reduce one of the most critical issues faced by the world — poverty.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Ryan Gurney, the CISO-in-Residence at YL Ventures. They have an interesting chat about the cloud, its benefits, the exhausting role of the CISOs, and the tech practices that no longer work.
Read More…

FIRST Impressions: Andy Ellis

Chris, Martin, and Andy chat building teams, navigating within organizations, career change, and interpretive dance.


CISO Series: Ignoring Your Vulnerabilities

Which vulnerability should you tackle first? Second? Which ones should you ignore? Probably a lot more than you think.

On this week’s CISO/Security Vendor Relationship Podcast, David Spark of CISO Series and I welcome sponsored guest Ed Bellis, CTO, co-founder, Kenna Security (now part of Cisco) to discuss vulnerability management among many other issues.


Could Security Reinvented: Dan Walsh


Cloud Security Reinvented: Chris Foulon


CISO Series: The Perfect Gift for a Cyber Crook

What do you give to the person who wants to learn how to steal everything?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome sponsored guest Jim Wachhaus, director of technical product marketing, CyCognito to discuss:

- How can we shore up our cybersecurity hygiene?
- What have we heard enough about with risk intelligence?
- Gifts to buy someone who is looking into red teaming.


Cloud Security Reinvented: Jonathan Jaffe