CISO Series

Stir in a Little Merger and Acquisition, and Voilà, You’re a Target

https://cisoseries.com/stir-in-a-little-merger-and-acquisition-and-voila-youre-a-target/
There is a lot unknown before, during, and after a merger and that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure.
What does a proposed merger do to a security program?”
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nicole Ford (@nicoledgray), global vp and CISO, Rockwell Automation.

We’re Here. We’re Highly Unqualified. Get Used To It.

https://cisoseries.com/were-here-were-highly-unqualified-get-used-to-it/
“Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation,” asked a redditor on the cybersecurity subreddit who remembers a time when security personnel were seen as highly experienced technologists. But now they believe people view cybersecurity as an easy tech job to break into for easy money.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Stephen Cicirelli, CISO, American Bureau of Shipping.

Sound Security Advice That’s Perfect to Ignore

https://cisoseries.com/sound-security-advice-thats-perfect-to-ignore/
It appears our security awareness training is falling short at the point of taking any type of real action. While most people are aware of the need for secure passwords, they don’t create secure passwords. They are taking the easier way out rather than the secure path which isn’t that far from the easy path.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext.

Entry Level Position Available. 15+ Years Experience Required.

https://cisoseries.com/entry-level-position-available-15-years-experience-required/
That headline is not a joke. 
An actual job listing on LinkedIn requested just that. We’re all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark.

Get All the Stress You Want, With None of the Authority

https://cisoseries.com/get-all-the-stress-you-want-with-none-of-the-authority/
CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO’s stress seem that much more powerful? Is it that their job is still in constant development, or is the “C” in their name just in title, but not authority?
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai.

We Built This City on Outdated Software

https://cisoseries.com/we-built-this-city-on-outdated-software/
“The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software,” said Robert Slaughter of Defense Unicorns on LinkedIn. That’s at the core of the third-party security issue.
This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard.

Wrong Answers to Revealing Interview Questions

https://cisoseries.com/wrong-answers-to-revealing-interview-questions/
Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They’re looking not necessarily for a specific answer, but rather a kind of answer and they’re also looking to make sure you don’t answer the question a specific way. Don’t get caught in the trap.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis.

I Pity the Fool Who Builds a Homogeneous Cyber A-Team

https://cisoseries.com/i-pity-the-fool-who-builds-a-homogeneous-cyber-a-team/
If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It’s actually really hard to hire a diverse team because what people want to do is simply hire people who look, talk, and sound like them. People who come from the same background as you. While that may work for building friends, it’s not necessarily the best solution when building a team to secure your company.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and “Project Zero Trust.”
And here’s 
George’s cybersecurity personality test.

Who Do You Need to Trust When You Build a Zero Trust Architecture?

https://cisoseries.com/who-do-you-need-to-trust-when-you-build-a-zero-trust-architecture/
Uggh, just saying “zero trust” sends shivers down security professionals’ spines. The term is fraught with so many misnomers. The most important is 
who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that’s consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that “zero trust” program?
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.

The Best Interview Questions and the Answers You Want to Run From

https://cisoseries.com/the-best-interview-questions-and-the-answers-you-want-to-run-from/
You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?
This week’s episode is hosted by  
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell’s, Coca-Cola, and Time Warner.

It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.

https://cisoseries.com/its-ok-to-look-like-a-cyber-hero-just-dont-act-like-one/
Security professionals should turn in the cyber hero mentality for the “sidekick” role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can’t protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they’re running alongside different business units trying to find a way to make their process run smoother and more secure.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Clyde Williamson, product management, innovations, Protegrity.

Whn Good Decisions Go Bad

https://cisoseries.com/when-good-decisions-go-bad/
You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

Yuck! Now Everyone Has Touched My Data.

https://cisoseries.com/yuck-now-everyone-has-touched-my-data/

What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it’s out of your control.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

How Many Forms of ID Do I Need to Buy This Gift Card?

https://cisoseries.com/how-many-forms-of-id-do-i-need-to-buy-this-gift-card/
Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual.

What Does It Cost to Prove Security Is Working?

https://cisoseries.com/what-does-it-cost-to-prove-security-is-working/

I Have So Little. Just Let Me Control Access to the Mail Server.

https://cisoseries.com/will-employees-eventually-violate-security-policies/

Gartner Creates Another Category for Everyone to Ignore

https://cisoseries.com/gartner-creates-another-category-for-everyone-to-ignore/

Decommission Our Legacy Tech or Just Shut Down the Business?

https://cisoseries.com/decommission-our-legacy-tech-or-just-shut-down-the-business/

Life’s Certainties: Death, Taxes, and Violating Security Policies

https://cisoseries.com/lifes-certainties-death-taxes-and-violating-security-policies/

Why CISOs Avoid the Dreaded “Request a Demo” Button

https://cisoseries.com/why-cisos-avoid-the-dreaded-request-a-demo-button/

What’s Next in Cybersecurity? Look at Last Year and Expect More

https://cisoseries.com/whats-next-in-cybersecurity-look-at-last-year-and-expect-more/

Are You Attending the “What to Worry About Next” Security Conference?

https://cisoseries.com/are-you-attending-the-what-to-worry-about-next-security-conference/

How to Be So Awesome CISOs Can’t Ignore You

https://cisoseries.com/how-to-be-so-awesome-cisos-cant-ignore-you/

If the Network Is Up, Somebody Is Violating Our Acceptable Use Policy

https://cisoseries.com/if-the-network-is-up-somebody-is-violating-our-acceptable-use-policy/

CISO Series: What We Lack In Security We’ll Make Up in School Spirit

https://cisoseries.com/what-we-lack-in-security-well-make-up-in-school-spirit/

CISO Series: Ignoring Your Vulnerabilities

Which vulnerability should you tackle first? Second? Which ones should you ignore? Probably a lot more than you think.

On this week’s CISO/Security Vendor Relationship Podcast, David Spark of CISO Series and I welcome sponsored guest Ed Bellis, CTO, co-founder, Kenna Security (now part of Cisco) to discuss vulnerability management among many other issues.

LISTEN:
https://cisoseries.com/why-ignoring-most-of-your-vulnerabilities-is-the-best-strategy/

CISO Series: The Perfect Gift for a Cyber Crook

What do you give to the person who wants to learn how to steal everything?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome sponsored guest Jim Wachhaus, director of technical product marketing, CyCognito to discuss:

- How can we shore up our cybersecurity hygiene?
- What have we heard enough about with risk intelligence?
- Gifts to buy someone who is looking into red teaming.

LISTEN:
https://cisoseries.com/the-perfect-gift-for-a-cyber-crook/

CISO Series: We're very good at saying we care about diversity

It’s extremely easy to say you want to diversify. In fact, I’ll do it right now three times.

We want diversity.
We’re very pro diversity and it’s our focus for the next year.
Diversity is a very important part of our security program.
Please don’t ask to though look at the lack of diversity on our staff. It doesn’t match our rhetoric.


This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11.

LISTEN:
https://cisoseries.com/were-very-good-at-saying-we-care-about-diversity/

CISO Series: A Quick Way to Tell Which Vendors You Should Avoid

Do you really need to ask hundreds of questions to know if you want to work with a vendor?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome guest Nick Selby, CSO, Paxos Trust Company to discuss:

- How do you suss out security vendors to make sure they're not a risk?
- How do you battle a typosquatter?
- What types of preparations do you have in place to know you're well prepared for an incident?
- How should CISOs and CIOs share cybersecurity ownership?

LISTEN:
https://cisoseries.com/a-quick-way-to-tell-which-vendors-you-should-avoid/

CISO Series: What's the ROI of Nothing Happening?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome my colleague Ryan Gurney, CISO-in-residence, YL Ventures to discuss:

- What’s a better sign than “nothing happened” to indicate you did a good job in cybersecurity?
- What happens when your company wants to use a really insecure SaaS product?
- What a CISO-in-Residence does for a VC firm

LISTEN:
https://cisoseries.com/whats-the-roi-of-nothing-happening/

“There's an art to learning how to get other people to solve problems that is more powerful than doing it yourself.”

CISO Series: Could We Speak To Your CISO To Confirm He Received the Cupcakes?


This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts.

Listen here:
https://cisoseries.com/could-we-speak-to-your-ciso-to-confirm-he-received-the-cupcakes/

“It's generous to say that somebody saying military grade means they're meeting a specific standard.. anybody who's meeting a specific standard is going to tell you what their specific standard is.”

CISO Series: Make Your Friends Jealous with Our Hand-Crafted Passwords

This week’s CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo.

Listen here:
https://cisoseries.com/make-your-friends-jealous-with-our-hand-crafted-passwords


“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”

CISO Series: Are you asking how secure are we?

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air.
Listen here:
https://cisoseries.com/are-you-asking-how-secure-are-we-or-how-insecure-am-i/
“If you don't have a path for hiring that junior person and developing them all the way up to become a senior person, you know what you're not going to have?... Anybody.”

CISO Series: We Shame Others Because We’re So Right About Everything

Listen here: https://cisoseries.com/we-shame-others-because-were-so-right-about-everything/
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”

CISO Series: How Cisos Make it Worse for other CISOs

CISO Series / David Spark & Mike Johnson
https://cisoseries.com/how-cisos-make-it-worse-for-other-cisos/
(full transcript at link)