CISO Series

Who Do You Need to Trust When You Build a Zero Trust Architecture?

https://cisoseries.com/who-do-you-need-to-trust-when-you-build-a-zero-trust-architecture/
Uggh, just saying “zero trust” sends shivers down security professionals’ spines. The term is fraught with so many misnomers. The most important is 
who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that’s consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that “zero trust” program?
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.

The Best Interview Questions and the Answers You Want to Run From

https://cisoseries.com/the-best-interview-questions-and-the-answers-you-want-to-run-from/
You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?
This week’s episode is hosted by  
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell’s, Coca-Cola, and Time Warner.

It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.

https://cisoseries.com/its-ok-to-look-like-a-cyber-hero-just-dont-act-like-one/
Security professionals should turn in the cyber hero mentality for the “sidekick” role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can’t protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they’re running alongside different business units trying to find a way to make their process run smoother and more secure.
This week’s episode is hosted by 
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest Clyde Williamson, product management, innovations, Protegrity.

Whn Good Decisions Go Bad

https://cisoseries.com/when-good-decisions-go-bad/
You can make the right decision given the information you have, but everything is a risk, so there are times those good decisions are going to result in not the result you were hoping for. In essence, plenty of good decisions result in poor outcomes.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aviv Grafi, founder and CTO, Votiro and winner of season one of Capture the CISO.

Yuck! Now Everyone Has Touched My Data.

https://cisoseries.com/yuck-now-everyone-has-touched-my-data/

What can you do when your data keeps passing through different third party applications? Your data is being accessed and manipulated by more people, more applications, and more security policies that may not be aligned with your security policies. It seems once it leaves your environment, it’s out of your control.
This week’s episode is hosted by
David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Elliot Lewis (@ElliotDLewis), CEO, Keyavi.

How Many Forms of ID Do I Need to Buy This Gift Card?

https://cisoseries.com/how-many-forms-of-id-do-i-need-to-buy-this-gift-card/
Getting someone to purchase gift cards is a popular vector for theft. Given that the gift card theft technique is so well known, many online sites have put up additional barriers to purchasing gift cards. Trying to buy them legitimately has become increasingly difficult.

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Ariel Weintrab (@securitymermaid), CISO, MassMutual.

What Does It Cost to Prove Security Is Working?

https://cisoseries.com/what-does-it-cost-to-prove-security-is-working/

I Have So Little. Just Let Me Control Access to the Mail Server.

https://cisoseries.com/will-employees-eventually-violate-security-policies/

Gartner Creates Another Category for Everyone to Ignore

https://cisoseries.com/gartner-creates-another-category-for-everyone-to-ignore/

Decommission Our Legacy Tech or Just Shut Down the Business?

https://cisoseries.com/decommission-our-legacy-tech-or-just-shut-down-the-business/

Life’s Certainties: Death, Taxes, and Violating Security Policies

https://cisoseries.com/lifes-certainties-death-taxes-and-violating-security-policies/

Why CISOs Avoid the Dreaded “Request a Demo” Button

https://cisoseries.com/why-cisos-avoid-the-dreaded-request-a-demo-button/

What’s Next in Cybersecurity? Look at Last Year and Expect More

https://cisoseries.com/whats-next-in-cybersecurity-look-at-last-year-and-expect-more/

Are You Attending the “What to Worry About Next” Security Conference?

https://cisoseries.com/are-you-attending-the-what-to-worry-about-next-security-conference/

How to Be So Awesome CISOs Can’t Ignore You

https://cisoseries.com/how-to-be-so-awesome-cisos-cant-ignore-you/

If the Network Is Up, Somebody Is Violating Our Acceptable Use Policy

https://cisoseries.com/if-the-network-is-up-somebody-is-violating-our-acceptable-use-policy/

CISO Series: What We Lack In Security We’ll Make Up in School Spirit

https://cisoseries.com/what-we-lack-in-security-well-make-up-in-school-spirit/

CISO Series: Ignoring Your Vulnerabilities

Which vulnerability should you tackle first? Second? Which ones should you ignore? Probably a lot more than you think.

On this week’s CISO/Security Vendor Relationship Podcast, David Spark of CISO Series and I welcome sponsored guest Ed Bellis, CTO, co-founder, Kenna Security (now part of Cisco) to discuss vulnerability management among many other issues.

LISTEN:
https://cisoseries.com/why-ignoring-most-of-your-vulnerabilities-is-the-best-strategy/

CISO Series: The Perfect Gift for a Cyber Crook

What do you give to the person who wants to learn how to steal everything?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome sponsored guest Jim Wachhaus, director of technical product marketing, CyCognito to discuss:

- How can we shore up our cybersecurity hygiene?
- What have we heard enough about with risk intelligence?
- Gifts to buy someone who is looking into red teaming.

LISTEN:
https://cisoseries.com/the-perfect-gift-for-a-cyber-crook/

CISO Series: We're very good at saying we care about diversity

It’s extremely easy to say you want to diversify. In fact, I’ll do it right now three times.

We want diversity.
We’re very pro diversity and it’s our focus for the next year.
Diversity is a very important part of our security program.
Please don’t ask to though look at the lack of diversity on our staff. It doesn’t match our rhetoric.


This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Sujeet Bambawale (@sujeet), CISO, 7-11.

LISTEN:
https://cisoseries.com/were-very-good-at-saying-we-care-about-diversity/

CISO Series: A Quick Way to Tell Which Vendors You Should Avoid

Do you really need to ask hundreds of questions to know if you want to work with a vendor?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome guest Nick Selby, CSO, Paxos Trust Company to discuss:

- How do you suss out security vendors to make sure they're not a risk?
- How do you battle a typosquatter?
- What types of preparations do you have in place to know you're well prepared for an incident?
- How should CISOs and CIOs share cybersecurity ownership?

LISTEN:
https://cisoseries.com/a-quick-way-to-tell-which-vendors-you-should-avoid/

CISO Series: What's the ROI of Nothing Happening?

On this week’s CISO Series CISO/Security Vendor Relationship Podcast, David Spark and I welcome my colleague Ryan Gurney, CISO-in-residence, YL Ventures to discuss:

- What’s a better sign than “nothing happened” to indicate you did a good job in cybersecurity?
- What happens when your company wants to use a really insecure SaaS product?
- What a CISO-in-Residence does for a VC firm

LISTEN:
https://cisoseries.com/whats-the-roi-of-nothing-happening/

“There's an art to learning how to get other people to solve problems that is more powerful than doing it yourself.”

CISO Series: Could We Speak To Your CISO To Confirm He Received the Cupcakes?


This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Branden Newman, svp, CISO, MGM Resorts.

Listen here:
https://cisoseries.com/could-we-speak-to-your-ciso-to-confirm-he-received-the-cupcakes/

“It's generous to say that somebody saying military grade means they're meeting a specific standard.. anybody who's meeting a specific standard is going to tell you what their specific standard is.”

CISO Series: Make Your Friends Jealous with Our Hand-Crafted Passwords

This week’s CISO/Security Vendor Relationship Podcast was actually recorded in front of a small live audience at The Passwordless Summit in Newport, Rhode Island. The event was sponsored by HYPR, our sponsor for this episode as well. Joining me and my co-host, Andy Ellis (@csoandy), operating partner, YL Ventures, was our sponsored guest, Brian Heemsoth (@bheemsoth), head of cyber defense and monitoring, Wells Fargo.

Listen here:
https://cisoseries.com/make-your-friends-jealous-with-our-hand-crafted-passwords


“We're often throwing bodies at solutions as our technologies aren't adequate. We're driven by how many alerts can we show you.”

CISO Series: Are you asking how secure are we?

This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Kevin Morrison, CISO, Alaska Air.
Listen here:
https://cisoseries.com/are-you-asking-how-secure-are-we-or-how-insecure-am-i/
“If you don't have a path for hiring that junior person and developing them all the way up to become a senior person, you know what you're not going to have?... Anybody.”

CISO Series: We Shame Others Because We’re So Right About Everything

Listen here: https://cisoseries.com/we-shame-others-because-were-so-right-about-everything/
“I hate the ‘blame the user’ model of phishing tests. Phishing tests are to inform you about how bad your email infrastructure actually is. The user is just one piece of it.”

CISO Series: How Cisos Make it Worse for other CISOs

CISO Series / David Spark & Mike Johnson
https://cisoseries.com/how-cisos-make-it-worse-for-other-cisos/
(full transcript at link)