2022

Who Do You Need to Trust When You Build a Zero Trust Architecture?

https://cisoseries.com/who-do-you-need-to-trust-when-you-build-a-zero-trust-architecture/
Uggh, just saying “zero trust” sends shivers down security professionals’ spines. The term is fraught with so many misnomers. The most important is 
who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that’s consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that “zero trust” program?
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.

The Best Interview Questions and the Answers You Want to Run From

https://cisoseries.com/the-best-interview-questions-and-the-answers-you-want-to-run-from/
You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?
This week’s episode is hosted by  
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell’s, Coca-Cola, and Time Warner.

It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.οΏΌ

https://cisoseries.com/its-ok-to-look-like-a-cyber-hero-just-dont-act-like-one/
Security professionals should turn in the cyber hero mentality for the “sidekick” role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can’t protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they’re running alongside different business units trying to find a way to make their process run smoother and more secure.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Clyde Williamson, product management, innovations, Protegrity.

Whn Good Decisions Go Bad

https://cisoseries.com/when-good-decisions-go-bad/
You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

Yuck! Now Everyone Has Touched My Data.

https://cisoseries.com/yuck-now-everyone-has-touched-my-data/

What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it’s out of your control.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

Cloud Security Reinvented: Allison Miller

https://open.spotify.com/episode/0iVYSb340x2z112H0nBxOB
Guest-at-a-Glance
πŸ’‘ Name: Allison Miller
πŸ’‘ What she does: Allison is the VP of Trust at Reddit.
πŸ’‘ Noteworthy: Allison was in marketing before dedicating her career to cybersecurity.

Cloud Security Reinvented: Amanda Fennell

https://open.spotify.com/episode/3UKA35LWdXaKvR7Wi7xOUj
Guest-at-a-Glance
πŸ’‘ Name: Amanda Fennell
πŸ’‘ What she does: She's the CIO and CSO at Relativity.
πŸ’‘ Noteworthy: Amanda joined the Relativity team in 2018 as the CSO, and her responsibilities expanded to include the role of the CIO in 2021. She's responsible for championing and directing security strategy in risk management and compliance practices, as well as building and supporting Relativity's information technology. Amanda also hosts Relativity's Security Sandbox podcast, which explores and explains the unique links between non-security topics and the security realm.

How Many Forms of ID Do I Need to Buy This Gift Card?

https://cisoseries.com/how-many-forms-of-id-do-i-need-to-buy-this-gift-card/
Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual.

What Does It Cost to Prove Security Is Working?

https://cisoseries.com/what-does-it-cost-to-prove-security-is-working/

I Have So Little. Just Let Me Control Access to the Mail Server.

https://cisoseries.com/will-employees-eventually-violate-security-policies/

Cloud Security Reinvented: Roland Cloutier

https://open.spotify.com/episode/381QqF5KDLa7cdzVegq8Kn
Episode Summary

Cybersecurity is an ever-changing field. And since the emergence of the cloud, social media networks, and machine learning algorithms, the security space has continued to evolve to respond to the market's needs.

But some things never change — the willingness to learn, adapt, and improve remains the golden standard of cybersecurity.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Roland Cloutier, the Global Chief Security Officer at TikTok. They talk about the most significant changes since the emergence of cloud computing, what it's like to work at TikTok, and why technologists should always keep learning.

##

Guest-at-a-Glance

πŸ’‘ Name: Roland Cloutier

πŸ’‘ What he does: He's the Global Chief Security Officer at TikTok.

πŸ’‘ Company: TikTok

πŸ’‘ Noteworthy: As Global Chief Security Officer of TikTok, Roland Cloutier brings an unprecedented understanding and knowledge of global protection and security leadership to one of the world's leading media, social, and technology companies. He oversees the company's information protection, risk, workforce protection, crisis management, and investigative security operations worldwide.

Cyber Ranch: Board Reporting Metrics Pt 2

https://hackervalley.com/cyberranch/board-reporting-metrics-pt.-2-w-andy-ellis

Andy Ellis, CISO at Orca Security, is back for part 2 of this series on Board Reporting Metrics. In Episode 1, Andy and host Allan Alford addressed some of the most common questions posed by the board and shared their perspective on what the board needs to know from a cybersecurity standpoint. In this episode, they continue the conversation by fielding questions from LinkedIn on topics such as:

-Vulnerability and threat hunting metrics

-Top 3 metrics to report to the board and why

-Breach reporting implications and much more!



Cloud Security Reinvented: Andy Steingruebl

https://open.spotify.com/episode/5vf7duS2OlrUUqjARONtMb

When someone says Pinterest, the first thing that comes to mind is a social platform and a place to seek inspiration. But for the people working behind the scenes, it's more than that.

In February 2021, Pinterest had 459 million active monthly users. That's a lot of data and traffic, and security measures must be put in place for an exceptional user experience. So how do they do it?

In this episode of Cloud Security Reinvented, our host Andy Ellis chats with Andy Steingruebl, the Chief Security Officer at Pinterest. The two discuss the difference between the on-premise and cloud era and what differentiates Pinterest from companies like PayPal. They also touch upon the best and worst on-premise practices and the future of technology.

Guest-at-a-Glance

πŸ’‘ Name: Andy Steingruebl

πŸ’‘ What he does: Andy is the Chief Security Officer at Pinterest.

πŸ’‘ Websites: Pinterest

πŸ’‘Noteworthy: Andy is an Information Security professional with more than 25 years of experience. He has extensive experience in most security management and architecture areas, including Policy, Compliance, Communication, Infrastructure, and Incident Response. He is an excellent communicator with the ability to communicate with all levels of the organization, customers, policymakers, and regulators. He has a track record of significantly contributing toward making the internet a safer, more secure place for users and companies.

Gartner Creates Another Category for Everyone to Ignore

https://cisoseries.com/gartner-creates-another-category-for-everyone-to-ignore/

Cloud Security Reinvented: Meg Anderson

https://open.spotify.com/episode/4cWnHffaVFtWrf2fAOlfDU

Episode Summary

The cloud has been around for a while now. And ever since it emerged — two decades ago — it has brought in new ways to think about security, identity, and access management.

But at the end of the day, we still need to make sure that the right people have the right information at the right time.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Meg Anderson, the VP - CISO at Principal Financial Group. They talk about the changes in cloud security since the emergence of the cloud, some of the best and worst practices, and what the future holds for cloud security.

##

Guest-at-a-Glance

πŸ’‘ Name: Meg Anderson

πŸ’‘ What she does: She's the VP - CISO at Principal Financial Group.

πŸ’‘ Company: Principal Financial Group

πŸ’‘ Noteworthy: Meg participates in a number of CISO councils. She is a board member of the Financial Services Information Sharing and Analysis Center (FS-ISAC), where she chairs the Strategy Committee and is on the FinCyber Advisory Group for the Carnegie Endowment for International Peace. Before the role of VP - CISO, Meg acquired over twenty years of technical and leadership experience in application development.

Decommission Our Legacy Tech or Just Shut Down the Business?

https://cisoseries.com/decommission-our-legacy-tech-or-just-shut-down-the-business/

Cloud Security Reinvented: Sameer Sait

https://open.spotify.com/episode/0EyOmAwm6YHhtUzuhgF0iD

Episode Summary

It's been more than a decade since the cloud emerged as a new concept. And it's safe to say that it has practically become the new normal, especially since the COVID-19 outbreak.

However, when it comes to improving cyber security and risk management in the cloud, we still have a long way to go.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Sameer Sait, an information security expert and the former CISO of Amazon's Whole Foods Market. They talk about the shift in security mechanisms due to the explosion of the cloud, the importance of shared responsibility, and what we can learn from highly regulated industries. Tune into this episode to hear some insightful observations about the future of cybersecurity.

##

Guest-at-a-Glance

πŸ’‘ Name: Sameer Sait

πŸ’‘ What he does: He's the former CISO of Amazon's Whole Foods Market.

πŸ’‘ Company: N/A

πŸ’‘ Noteworthy: He's an information security and risk executive with 16+ years of global leadership experience at Fortune 100 firms.

Cyber Ranch: Board Reporting Metrics, pt 1

https://hackervalley.com/cyberranch/board-reporting-metrics-pt.-1-w-andy-ellis/

In this episode, Allan is joined by the CISO at Orca Security, Andy Ellis, to share his thoughts on board reporting metrics. What does the board need to know from a cybersecurity perspective? One of the questions is often: “Are we secure?” Is that even the right question? How much should you talk about compliance? Do you speak of IT assets? What about speaking to specific controls? Listen to this episode to hear the common questions posed by the board and how to answer them with metrics. In some cases, it is teaching them to ask different questions. This episode is a master class in board communication in cybersecurity, and the conversation went into such depth that a Part 2 is already being planned.

Life’s Certainties: Death, Taxes, and Violating Security Policies

https://cisoseries.com/lifes-certainties-death-taxes-and-violating-security-policies/

Securing Bridges

Cloud Security Reinvented: Justin Somaini

https://open.spotify.com/episode/0SidaJEUzBGCyy8yKVtq1E

Security and privacy are burning topics in the cloud era. But not many companies have professionals dealing with these issues. Therefore, it's critical to make the topic of cybersecurity more accessible to business owners and board members.

In this episode of Cloud Security Reinvented, we get to hear from Justin Somaini, the Chief Security Officer of Unity Technologies. Justin and our host Andy Ellis discuss cloud security and how companies in the iGaming industry approach it.

They also discuss the past and present of cybersecurity and share predictions regarding the cloud's future. Justin also shares a valuable piece of advice anyone interested in becoming part of the security industry could benefit from.

Guest-at-a-Glance

πŸ’‘ Name: Justin Somaini

πŸ’‘ What he does: Justin is the Chief Security Officer of Unity Technologies.

πŸ’‘ Website: Unity Technologies

πŸ’‘ Noteworthy: Before joining Unity Technologies, Justin worked at PricewaterhouseCoopers and Charles Schwab.

Why CISOs Avoid the Dreaded “Request a Demo” Button

https://cisoseries.com/why-cisos-avoid-the-dreaded-request-a-demo-button/

Cloud Security Reinvented: Nick Vigier

https://open.spotify.com/episode/6c3omCDomJUBH3xWEwAx1J

Episode Summary

Cloud security looks a lot different to an outside observer than to an insider. And everyone thinks that some companies are further along in their cloud maturity journey than they really are.

But there's still a lot of work to be done regarding cybersecurity, so organizations should focus more on becoming cloud-native rather than going for the less-demanding "lift-and-shift" migration method.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Vigier, a CISO and the owner of Rising Tide Security, LLC. They discuss the downsides of using the forklift migration method, the importance of shifting perspective, and why there is no security career ladder.

##

Guest-at-a-Glance

πŸ’‘ Name: Nick Vigier

πŸ’‘ What he does: He's the Former CISO at ID.me & DigitalOcean.

πŸ’‘ Company: Rising Tide Security

πŸ’‘ Noteworthy: Nick was a founding member of the "FDSecE" role at Palantir. The FDSecE team was part of the Business Development team. It consisted of information security experts responsible for acting as thought leaders with clients in topics ranging from security strategy to forensics.

What’s Next in Cybersecurity? Look at Last Year and Expect More

https://cisoseries.com/whats-next-in-cybersecurity-look-at-last-year-and-expect-more/

Cloud Security Reinvented: Nick Selby

https://open.spotify.com/episode/3knxTHDGGThKakRZ2ouWJB

Episode Summary

There's no universal rule for breaking into a new industry. And the same goes for starting a career in the information security field.

But one thing's for sure — if you let your passion guide you and you're willing to work hard, there's no limit to what you can accomplish.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis welcomes Nick Selby, the Director, Software Assurance Practice at Trail of Bits. They talk about what it's like working in cloud security, why attention to detail is crucial, and how cloud technology is democratizing innovation.

##

Guest-at-a-Glance

πŸ’‘ Name: Nick Selby

πŸ’‘ What he does: He's the Director, Software Assurance Practice at Trail of Bits.

πŸ’‘ Company: Trail of Bits

πŸ’‘ Noteworthy: He is the author and co-author of several books, including "Cyber Crime: A Basic Primer" and "Cyber Survival Manual: From Identity Theft to The Digital Apocalypse and Everything in Between."

Are You Attending the “What to Worry About Next” Security Conference?

https://cisoseries.com/are-you-attending-the-what-to-worry-about-next-security-conference/

Breaking into Cybersecurity

Cloud Security Reinvented: Renee Guttman

https://open.spotify.com/episode/2lNsoo9AFEHvYahkr2YBNR

Episode Summary

Over a long security career, not only do professionals grow and change, but the world they're operating within also changes. And talking about security, we are witnesses to the transition from local software to cloud security.

The cloud brought new trends in solving security problems. But certain practices from the pre-cloud era still resonate and are in use. At the same time, we still do some things that we should stop.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Renee Guttmann, a transformational leader in cybersecurity. Andy and Renee get into how building an on-premise model is blended with how the cloud could be leveraged, how security protocols have been modified for the cloud, and how the cloud has changed the approach to cybersecurity.

##

Guest-at-a-Glance

πŸ’‘ Name: Renee Guttmann

πŸ’‘ What she does: Chief Information Security/IT Executive.

πŸ’‘ Company: Cydome Security

πŸ’‘ Noteworthy: Renee has delivered world-class global information security programs for Coca-Cola, Time Warner, Royal Caribbean, Campbell, and Capital One, and helped establish the office of the CISO at Optiv. She advises startups on defining their products, services, and go-to-market strategies. On the community front, she partners with other CISOs on cybersecurity training and mentorship. She has been active as a Board Member and Advisor at a large children's mental health facility for almost a decade.

How to Be So Awesome CISOs Can’t Ignore You

https://cisoseries.com/how-to-be-so-awesome-cisos-cant-ignore-you/

Cloud Security Reinvented: Brian Haugli

https://open.spotify.com/episode/5gDdavIqVuWIOwOrvHmKZK

Episode Summary

Implementing an effective security program has become a necessity over the past decade. And without a doubt, all businesses need to level up their security game to mitigate risks and protect their information.

But small- and mid-market companies are somehow left behind when it comes to security guidance and realistic capabilities.

In this episode of the Cloud Security Reinvented podcast, our host Andy Ellis introduces Brian Haugli, the Managing Partner at SideChannel. They talk about the increasing demand for cybersecurity for all organizations, why the black-and-white view won't get us far in security, and the future of technology.

##

Guest-at-a-Glance

πŸ’‘ Name: Brian Haugli

πŸ’‘ What he does: He's the Managing Partner at SideChannel.

πŸ’‘ Company: SideChannel

πŸ’‘ Noteworthy: Brain is the co-author of "Cybersecurity Risk Management: Mastering the Fundamentals Using the NIST Cybersecurity Framework."

πŸ’‘ Where to find Brian: LinkedIn

##

If the Network Is Up, Somebody Is Violating Our Acceptable Use Policy

https://cisoseries.com/if-the-network-is-up-somebody-is-violating-our-acceptable-use-policy/

Cloud Security Reinvented: Morey Haber

https://open.spotify.com/episode/1MminP7AWPutYfASjJpM7Z

The cloud is the future for a reason. Besides its massive impact on security and more convenient file storage options, the cloud has fostered the creation of an environment where you can have all the information in the palm of your hand. And speaking of the cloud and technology, the best is yet to come.

However, its ability to deliver tons of information to users worldwide is a double-edged sword. The cloud has a blend of both true and false information, which makes you doubt the credibility of any source you read, whether it's Wikipedia or a random webpage.

In the new episode of Cloud Security Reinvented, Andy Ellis chats with Morey Haber, the Chief Security Officer at BeyondTrust. They get into the significance of the cloud compared to on-premise solutions, the most significant tech opportunities in the future, and the security loopholes that should have been eliminated a long time ago.

##

Guest-at-a-Glance

πŸ’‘ Name: Morey Haber

πŸ’‘ What he does: Morey is the Chief Security Officer at BeyondTrust.

πŸ’‘ Company: BeyondTrust

πŸ’‘ Noteworthy: Besides his role as a CSO, Morey is also a prolific writer. So far, he's published three books — Identity Attack Vectors, Privileged Attack Vectors, and Asset Attack Vectors.

πŸ’‘ Where to find Morey: LinkedIn

CISO Series: What We Lack In Security We’ll Make Up in School Spirit

https://cisoseries.com/what-we-lack-in-security-well-make-up-in-school-spirit/

Cloud Security Reinvented: Ryan Gurney

https://open.spotify.com/episode/58u0ezHnngNW1xQ0iGrxIr

Cloud-based solutions are the future of technological advancement. The cloud has gone through various phases, and these changes have made it one of the most potent inventions of today.

Thanks to a broad range of cloud-based tools, even founders without a development background can start a company and release a product. But that's not the only advantage of the cloud. Technological development, alongside the cloud, could significantly reduce one of the most critical issues faced by the world — poverty.

In this episode of Cloud Security Reinvented, Andy Ellis welcomes Ryan Gurney, the CISO-in-Residence at YL Ventures. They have an interesting chat about the cloud, its benefits, the exhausting role of the CISOs, and the tech practices that no longer work.
Read More…

FIRST Impressions: Andy Ellis

Chris, Martin, and Andy chat building teams, navigating within organizations, career change, and interpretive dance.

https://media.first.org/podcasts/FIRST-Impressions-Andy-Ellis.mp3

CISO Series: Ignoring Your Vulnerabilities

Which vulnerability should you tackle first? Second? Which ones should you ignore? Probably a lot more than you think.

On this week’s CISO/Security Vendor Relationship Podcast, David Spark of CISO Series and I welcome sponsored guest Ed Bellis, CTO, co-founder, Kenna Security (now part of Cisco) to discuss vulnerability management among many other issues.

LISTEN:
https://cisoseries.com/why-ignoring-most-of-your-vulnerabilities-is-the-best-strategy/

Could Security Reinvented: Dan Walsh

https://orca.security/resources/podcast/?wchannelid=v7ih6xfqse&wmediaid=l94vm4avi3

Cloud Security Reinvented: Chris Foulon

https://orca.security/resources/podcast/?wchannelid=v7ih6xfqse&wmediaid=h01zmfgs59

CISO Series: The Perfect Gift for a Cyber Crook

What do you give to the person who wants to learn how to steal everything?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome sponsored guest Jim Wachhaus, director of technical product marketing, CyCognito to discuss:

- How can we shore up our cybersecurity hygiene?
- What have we heard enough about with risk intelligence?
- Gifts to buy someone who is looking into red teaming.

LISTEN:
https://cisoseries.com/the-perfect-gift-for-a-cyber-crook/

Cloud Security Reinvented: Jonathan Jaffe

https://orca.security/resources/podcast/?wchannelid=v7ih6xfqse&wmediaid=hil9bg18er