Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO\\u2019s architectural strategy?
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.\\xa0Our guest is Steve Zalewski who also hosts Defense in Depth.
Thanks to our podcast sponsor, AppOmni
Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk.
Get visibility to all 3rd party apps \\u2014 and their level of data access \\u2014 with AppOmni. Visit AppOmni.com to request a free risk assessment.
In this episode:
Listed in: Technology
When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that?
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.\\xa0We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.
Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
Listed in: Technology
If you\'re struggling to get your first job in security or you\'re trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it.
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski.
Thanks to our podcast sponsor, Egress
Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress\'s Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com.
In this episode:
Listed in: Technology
What should a cyber job description require, and what shouldn\'t it? What\'s reasonable and not reasonable?
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.
Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
All experienced security professionals were at one time very green. Entry level status means risk to your organization. That\'s if you give them too much access. What can you trust an entry level security professional to do that won\'t impose unnecessary risk? And how can those green professionals build trust to allow them to do more?
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Kemas Ohale, vp, global information security, Lippert.
Thanks to our podcast sponsor, Normalyze
Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches.
Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium.
In this episode:
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
"When the asset discovery market launched, every single company that offered a solution used the line, \\u201cYou can\\u2019t protect what you don\\u2019t know.\\u201d Everyone agreed with that.
Problem is, \\u201cwhat you don\\u2019t know\\u201d has grown\\u2026 a lot."
Check out this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Huxley Barbee (@huxley_barbee), security evangelist, runZero.
Thanks to our podcast sponsor, runZero
runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com.
In this episode:
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
If your CFO or Board was to ask: \\u2018How much could we lose to a cyber attack?\\u2019 Would you know?
Introducing SAFE - the industry\\u2019s most complete Cyber Risk Quantification solution to help you answer those crucial questions in real-time:
Learn more at www.safe.security
In this episode:
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
What do we want the Board and C-Suite to know about cybersecurity? If you could teach them one thing about cybersecurity that would stick, what would that be?
Check out\\xa0this post\\xa0and this post for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn and our guest Phil Huggins (@oracuk), CISO, NHS Test & Trace, Department of Health and Social Care.
Thanks to our podcast sponsor, Proofpoint
Sixty six percent of CISOs feel their organization is unprepared to handle a cyberattack and 58% consider human error to be their biggest cyber vulnerability. Proofpoint\'s 2021 Voice of the CISO report explores key challenges facing CISOs after an unprecedented twelve months. Get the report.
In this episode
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Do cybersecurity professionals even know what they\'re protecting? How aware are they of the data, its content and its sensitivity? What happens to your security posture when you do understand the data you\'re protecting? What can you do that you weren\'t able to do before?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, and Steve Zalewski, CISO, Levi Strauss, with our sponsored guest, Aidan Simister (@aidansimister), CEO, Lepide.
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores.\\xa0Lepide\\u2019s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats \\u2013 fast.
In this episode:
\\xa0
\\xa0
\\xa0
' -->Listed in: Technology
Startups are all about proving the value of their product and growth. At the beginning, all of their money is funneled into product and market development. When do they need a CISO, if at all?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, and guest co-host Jimmy Sanders (@jfireluv), head of cybersecurity for Netflix DVD and our guest is Bryan Zimmer (@bryanzimmer), head of security for Humu.
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores.\\xa0Lepide\\u2019s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats \\u2013 fast.
In this episode:
Listed in: Technology
By just doing their jobs, your employees are introducing risk to the business. They don\'t mean to be causing issues, but their simple actions and sometimes mistakes can cause great harm. Is it their fault, or is it security\'s fault for not creating the right systems?
Check out this post for the basis for our conversation on this week\\u2019s episode which features me, David Spark (@dspark), producer of CISO Series, co-host, Steve Zalewski, CISO, Levis, and our sponsored guest Mark Wojtasiak (@markwojtasiak), vp, portfolio strategy & product marketing, Code42 and author of Inside Jobs: Why Insider Risk is the Biggest Cyber Threat You Can\'t Ignore.
Thanks to our podcast sponsor, Code42
Redefine data security standards for the hybrid workforce. Check out Code42.
In this episode:
Listed in: Technology
Listed in: Technology
Companies want security people with experience and they want to grow cybersecurity leaders. It\'s often hard to find that experience, and while there are certification courses aplenty, courses in cybersecurity leadership are hard to find. One possible solution is mentoring, but that has its own hurdles.
Check out this post for the basis for our conversation on this week\\u2019s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host, Geoff Belknap (@geoffbelknap), CISO LinkedIn, and our guest Sean Catlett, CSO, Slack.
In this episode
\\xa0
' -->Listed in: Technology
How do cybersecurity professionals secure a huge event like the Olympics, the Superbowl, or a city\'s New Year\'s Eve party? What are the unique considerations that come into play?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tom\\xe1s Maldonado (@tomas_mald), CISO, NFL
Thanks to our podcast sponsor, Lepide
Ninety eight percent of all threats start with Active Directory and nearly always involve the compromise of data stored on enterprise data stores. Lepide\\u2019s unique combination of detailed auditing, anomaly detection, real time alerting, and real time data discovery and classification allows you to identify, prioritize and investigate threats - fast.
In this episode
\\xa0
' -->Listed in: Technology
What are you security people complaining about? As compared to 10, 15, 20 years ago, the technical aspects of cybersecurity are not that difficult. We\'ve got the control frameworks, tools, and training that are predecessors didn\'t have.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies, and our guest, John Overbaugh (@johnoverbaugh), vp, security, CareCentrix
Thanks to our podcast sponsor, Trend Micro as bold
Threat actors want what you\\u2019re storing in the cloud. Trend Micro\\u2019s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
In this episode
Listed in: Technology
The cloud is inherently insecure! The cloud will handle all your security needs. More data breaches happen in the cloud. These are just some of the many many myths of cloud security. Listen as we debunk as many as we possibly can.
Check out this post for the basis for our conversation on this week\\u2019s episode which features me, David Spark (@dspark), producer of CISO Series, guest co-host Steve Zalewski, CISO, Levis, and our sponsored guest Mark Nunnikhoven (@markna), vp, cloud research, Trend Micro.
Thanks to our podcast sponsor, Trend Micro
Threat actors want what you\\u2019re storing in the cloud. Trend Micro\\u2019s Cloud One platform provides cloud security from a single console, keeping you at your most resilient. Let what happens in the cloud, stay in the cloud.
In this episode
' -->
Listed in: Technology
In this episode
' -->
Listed in: Technology
It\'s hard to be a CISO. But, what\'s it like to be a CISO at a security vendor, doing the hard work while carrying the stigma of being a "vendor"?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Allan Alford (@AllanAlfordinTX), CTO/CISO, TrustMAPP, and host of The Cyber Ranch Podcast.
Thanks to our podcast sponsor, TrustMAPP
Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP\\u2019s data visualization helps you communicate with your board in a way they can understand \\u2013 and approve.
In this episode
Listed in: Technology
You\'re a CISO struggling with an influx of log data into your SIEM. What\'s the data you want to keep, and for how long? You want insights, but you also want to keep costs down. Holding onto everything is going to cost a fortune.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host Steve Zalewski, deputy CISO, Levis, and our guest Naomi Buckwalter (@ineedmorecyber), director of information security and IT at Beam Technologies .
Thanks to our podcast sponsor, TrustMAPP
Does your board want to see yet more heat maps? No, they do not. They want to see that security investments align with business goals, and that their costs are objectively justified. TrustMAPP\\u2019s data visualization helps you communicate with your board in a way they can understand \\u2013 and approve.
In this episode
\\xa0
\\xa0
' -->Listed in: Technology
Cybersecurity leaders are constantly looking for ways to improve how they think about risk, and how they communicate risk. But they\'re not the only ones. Others have been managing risk long before CISOs existed. So, who could be the best mentor to help a CISO gain better insight into business risk and how to communicate about it: the chief financial officer, or the legal department\'s general counsel?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest, David Schellhase (@davidschellhase), general counsel, Slack.
Thanks to our podcast sponsor, TrustMAPP
TrustMAPP delivers Security Performance Management, giving CISOs a real-time view of the effectiveness of their security program. TrustMAPP tells you where you are, where you\\u2019re going, and what it will take to get there. TrustMAPP gives organizations the ability to manage security as a business, quantifying and prioritizing remediation actions and costs. To learn about the MAPP methodology, download the white paper at https://trustmapp.com/mapp-paper/
In this episode
Listed in: Technology
How do you deal with data at end of life? Holding onto data too long can be very costly and increase risk. So how do you get rid of it... safely?
Check out this post for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Shawn Bowen, CISO,\\xa0Restaurant\\xa0Brands\\xa0International\\xa0(RBI), and our sponsored guest, Frank Milia, partner, (@ITAssetRecvry), IT Asset Management Group.
Thanks to our podcast sponsor, IT Asset Management
Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.\\xa0 Is it clear who is responsible for the performance of your data disposition practice? \\xa0\\xa0IT Asset Management Group\\u2019s\\xa0free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. \\xa0 \\xa0 \\xa0
Download the program guide today at\\xa0itamg.com/CISO
In this episode
\\xa0
\\xa0
' -->Listed in: Technology
You\'re a new CISO told to hold headcount even and find the resources to do 20% more work. We\'re already maxed out. So how do we do more? Coming up next we\'re getting smart and more efficient with security.
Check out\\xa0this post for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest, Mike Morgan, (@theywerecones) head of information security, infrastructure director, Foster Farms
Thanks to our podcast sponsor, IT Asset Management Group
Poorly managed IT asset disposal, lack of due diligence, and a disposal program without clearly defined responsible parties has now resulted in millions of dollars in regulatory penalties.\\xa0 Is it clear who is responsible for the performance of your data disposition practice? \\xa0\\xa0IT Asset Management Group\\u2019s\\xa0free program guide includes tips for establishing stakeholders at your organization and expectations for all practitioners. \\xa0 \\xa0 \\xa0
Download the program guide today at\\xa0itamg.com/CISO
In this episode
Listed in: Technology
Listed in: Technology
What metrics or indicators signal to you that an organization is \\u201cgood at security\\u201d?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Justin Berman (@justinmberman), former CISO, Dropbox.
Thanks to our podcast sponsor, Imperva
Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it\\u2019s stored and who\\u2019s accessing it. Start a free trial now.
In this episode
\\xa0
' -->Listed in: Technology
You\'re a new CISO at a new org given a headcount of ten to build a cybersecurity team. What\'s your strategy to build that team?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, guest co-host Steve Zalewski, Deputy CISO, Levis, and our guest JJ Agha (@jaysquaredx2), CISO, Compass.
Thanks to our podcast sponsor, Imperva
Face it, your data is everywhere! Imperva Data Security unifies compliance, security and privacy needs for any data store while saving you time and money. No matter where data lives, get confidence about what is happening with data, where it\\u2019s stored and who\\u2019s accessing it. Start a free trial now.
\\xa0
' -->Listed in: Technology
' -->
Listed in: Technology
Many professionals are required to obtain a license before they can do their job legally. The demands of cybersecurity professionals, especially CISOs, has become more critical as evidenced by the increasing number of regulations demanding a person oversee security and privacy controls. Should CISOs be licensed to maintain a minimum standard?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest Patrick Benoit (@patrickbenoit), vp, global head of GRC and BISO, CBRE.
Thanks to this week\'s podcast sponsor, F5
External threats to your organization\\u2019s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud.\\xa0Get\\xa0a\\xa0free\\xa0trial.
' -->
Listed in: Technology
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)
Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.
Thanks to this week\'s podcast sponsor, F5.
External threats to your organization\\u2019s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.
Listed in: Technology
For CISOs and other security leaders, suffering from imposter syndrome seems inevitable. How can you ever be really confident when there\'s an endless stream of threats and a landscape that changes without your knowledge?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest David Peach (@realdavidp), CISO and head of privacy, The Economist Group.
Thanks to this week\'s podcast sponsor, F5.
CISOs are dealing with the increasing sophistication of cyber attackers that are taking advantage of their applications. Find out how F5 helps organizations expand their security and see the unseen by watching the F5 Security Summit webinar. View it here.
Listed in: Technology
With every cybersecurity breach, we still don\'t seem to be getting through. Many companies don\'t seem to be taking cybersecurity seriously. What does it take? Obviously not scare tactics.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest Ben Sapiro, global CISO, Great-West LifeCo.
Thanks to this week\'s podcast sponsor, Sonatype.
Listed in: Technology
Where is your data? Who\'s accessing it? You may know if you have an identity access management solution, but what happens when that data leaves your control. What do you do then?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our sponsored guest is Elliot Lewis\\xa0(@elliotdlewis), CEO,\\xa0Keyavi Data.
Thanks to this week\'s podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner\\u2019s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at\\xa0keyavidata.com.
' -->
Listed in: Technology
Naomi Buckwalter, director of information security at Energage analyzed one thousand random information security job posts on LinkedIn. The most notable trend she found was that 43% of the posts had CISSP and 5-year experience requirements for entry level positions. Are companies trying to lowball cybersecurity professionals, or do they simply not know what an entry level cybersecurity job is.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest is Joseph Carrigan (@JTCarrigan), senior security engineer at Johns Hopkins University Information Security Institute, and co-host Hacking Humans podcast.
Thanks to this week\'s podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner\\u2019s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at\\xa0keyavidata.com.
\\xa0
\\xa0
\\xa0
' -->Listed in: Technology
Digital transformation. It\'s definition is broad. Meaning securing it is also broad. But there are some principles that can be followed as companies undergo each step in a deeper dive to make more and more of their processes essentially computerized.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest is Paul Asadoorian (@securityweekly), founder & CTO, Security Weekly, and chief innovation officer, Cyber Risk Alliance.
Thanks to this week\'s podcast sponsor, Keyavi Data.
Our Keyavi breaks new ground by making data itself intelligent and self-aware, so that it stays under its owner\\u2019s control and protects itself immediately, no matter where it is or who is attempting access. Keyavi is led by a team of renowned data security, encryption, and cyber forensics experts. See for yourself at keyavidata.com.
' -->
Listed in: Technology
Secrets, such as passwords and credentials, are out in the open just sitting there in code repositories. Why do these secrets even exist in public? What\'s their danger? And how can they be found and removed?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our sponsored guest is J\\xe9r\\xe9my Thomas, CEO, GitGuardian.
Thanks to this week\'s podcast sponsor GitGuardian.
GitGuardian empowers organizations to secure their secrets - such as API keys and other credentials - from being exposed in compromised places or leaked publicly. GitGuardian offers a threat intelligence solution focused on detecting secrets leaked on public GitHub and an automated secrets detection solution which tightly integrates with your DevOps pipeline.
' -->
Listed in: Technology
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-measuring-the-success-of-your-security-program/)
How does a CISO measure the performance of their security program? Sure, there are metrics, but what are you measuring against? Is it a framework or the quality of protection? How do you tell if your program is improving and growing?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our sponsored guest is Chad Boeckmann (@SDS_Advisor), CEO, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you\\u2019re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
' -->
Listed in: Technology
All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-privacy-is-an-uphill-battle/)
Privacy is an uphill battle. The problem is those gathering the data aren\'t the ones tasked with protecting the privacy of those users for whom that data represents.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire Podcast.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you\\u2019re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
' -->
Listed in: Technology
What\'s the legal responsibility of a CISO? New cases are placing the liability for certain aspects of security incidents squarely on the CISO. And attorney-client privilege has been overruled lately too. What does this mean for corporate and for CISO risk?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest is Evan Wolff, partner at Crowell & Moring.
Thank to our episode sponsor, TrustMAPP.
TrustMAPP delivers continuous, automated Security Performance Management, a real-time view of your cybersecurity maturity. TrustMAPP tells you where you are, where you\\u2019re going, and what it will take to get there. TrustMAPP lets you manage security as a business, quantifying and prioritizing remediation actions and costs.
\\xa0
' -->Listed in: Technology
Is XDR changing the investigative landscape for security professionals? The "X" in XDR extends traditional endpoint detection and response or EDR to also include network and cloud sensors. Having this full breadth, XDR can contextualize alerts to tell a more cogent story as to what\'s going on in your environment.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest is Dave Bittner (@bittner), host, The CyberWire.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they\\u2019re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
Listed in: Technology
Many cybersecurity professionals use derogatory terms towards their users, like calling them "dumb" because they fell for a phish or some type of online scam. It can be detrimental, even behind their back, and it doesn\'t foster a stronger security culture.
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest Dustin Wilcox, CISO, Anthem.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they\\u2019re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
Listed in: Technology
Where is the best education for our cyber staff of the future? Where does college fit in or not fit in?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our guest Dan Walsh, CISO, Rally Health.
Thanks to our sponsor, Hunters.
Attackers always find new ways to bypass organizational defenses. While their traces hide in the data, they\\u2019re also extremely difficult to detect. Hunters.AI is a context-fueled XDR solution that harnesses top-tier threat hunting expertise and ML to autonomously detect, investigate and correlate attack findings across cloud, network, and endpoint.
' -->
Listed in: Technology
What happens when red team engagements go sideways? The idea of real world testing of your defenses sounds great, but how do you close the loop and what happens if it\'s not closed?
Check out\\xa0this post\\xa0for the basis for our conversation on this week\\u2019s episode which features me,\\xa0David Spark\\xa0(@dspark), producer of CISO Series, co-host\\xa0Allan Alford\\xa0(@allanalfordintx), and our sponsored guest, Dan DeCloss, founder and CEO, PlexTrac.
Thanks to this week\\u2019s podcast sponsor, PlexTrac.
PlexTrac\\xa0is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.
' -->
Listed in: Technology
' -->
Listed in: Technology
Listed in: Technology
Listed in: Technology
Check out this post for the basis of our conversation on this week\\u2019s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and guest\\xa0Ian Amit (@iiamit), CSO, Cimpress.
Here also is my original article with Allan Alford when he first launched this engage with vendors campaign.
Thanks to this week\'s podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an\\xa0enterprise cloud security platform\\xa0that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.\\xa0
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
Check out this post for the basis of our conversation on this week\\u2019s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and sponsored guest Sandy Bird, CTO and co-founder, Sonrai Security.
Sandy was the co-founder and CTO of Q1 Labs, which was acquired by IBM in 2011. At IBM, Sandy became the CTO for the global security business and worked closely with research, development, marketing, and sales to develop new and innovative solutions to help the IBM Security business grow to ~$2B in annual revenue.
Thanks to this week\'s podcast sponsor, Sonrai Security.
Identity and data access complexity are exploding in your public cloud. 10,000+ pieces of compute, 1000s of roles, and a dizzying array of interdependencies and inheritances. Sonrai Security delivers an\\xa0enterprise cloud security platform\\xa0that identifies and monitors every possible relationship between identities and data that exists inside your public cloud.\\xa0
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
\\xa0
' -->Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
\\xa0
' -->Listed in: Technology
' -->
Listed in: Technology
\\xa0
' -->Listed in: Technology
' -->
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Check out this post\\xa0for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the producer of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our guest is Norman Hunt (@normanhunt3), deputy CISO, GEICO.
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
' -->
Listed in: Technology
\\xa0
' -->Listed in: Technology
\\xa0
' -->Listed in: Technology
Check out this LinkedIn post for the basis of this show\'s conversation on shared responsibility of security with a digital transformation to the cloud.
This episode is co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our sponsored guest for this episode is Paul Calatayud (@paulcatalayud), CSO for Americas, Palo Alto Networks.
Thanks to this week\\u2019s podcast sponsor, Palo Alto Networks.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
Listed in: Technology
Check out this tweet and the ensuing discussion for the information on the study and the concerns people have about the history of poor security in consumer-grade networking products.
This episode is co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our guest for this episode is Michael L. Woodson (@mlwoodson), CISO, MBTA.
Palo Alto Networks, the global cybersecurity leader, is shaping the cloud-centric future with technology that is transforming the way people and organizations operate. By delivering an integrated platform and empowering a growing ecosystem of partners, we are at the forefront of protecting tens of thousands of organizations across clouds, networks, and mobile devices.
Listed in: Technology
Check out this post\\xa0initiated by Sean Walls, vp, CISO of Visionworks, who asked, "If you were building a security program from scratch, would you align with ISO 27001, NIST CSF, or another framework, and why?"
That conversation sparked this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our guest for this episode is Omar Khawaja (@smallersecurity), CISO, Highmark Health.
Thanks to this week\\u2019s podcast sponsor, Palo Alto Networks.
Listed in: Technology
First, just look at the darn thing and it\'ll start to make sense.
Listed in: Technology
Listed in: Technology
\\xa0
Creative Commons photo attribution to Joybot.
' -->Listed in: Technology
And here are some items Anne Marie mentioned at the end of the show:
' -->
Listed in: Technology
Listed in: Technology
Listed in: Technology
"I\'ve got all the security I need."
"I\'m not a target for hackers."
These are just a few of the many rationalizations companies make when they\'re in denial of cyberthreats. Why are these excuses still prevalent and how should a cyberprofessional respond?
Check out this post by Ian Murphy, co-founder of LMNTRIX, for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our guest for this episode is Gary Hayslip (@ghayslip), CISO, Softbank Investment Advisers.
Thanks to this week\\u2019s podcast sponsor, Varonis.
The most powerful way to find, protect, and monitor sensitive data at scale. Get total control over your unstructured data in the cloud and on-premises. See it in action in a\\xa0live cyberattack simulation lab.
Listed in: Technology
Listed in: Technology
Listed in: Technology
Anomali harnesses threat data, information, and intelligence to drive effective cyber security decisions.
Listed in: Technology
Check out this post and this post for the discussion that is the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our sponsored guest for this episode is Ian McShane (@ianmcshane), VP, product marketing, Endgame.
Endgame makes endpoint protection as simple as anti-virus. Their converged endpoint security platform is transforming security programs - their people, processes and technology - with the most powerful endpoint protection and simplest user experience, ensuring analysts of any skill level can stop targeted attacks before damage and loss.\\xa0To learn more visit\\xa0www.endgame.com.
\\xa0
' -->Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Check out this post and this post for the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our guest for this episode is the co-host of the CISO/Security\\xa0Vendor\\xa0Relationship\\xa0Podcast, Mike Johnson.
Listed in: Technology
Check out this post and discussion for the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX).\\xa0Our sponsored guest for this episode is Chip Witt (@rt_clik), head of product strategy for SpyCloud.
Learn more\\xa0about how you can protect employees and customers from account takeover with SpyCloud.
\\xa0
' -->Listed in: Technology
Listed in: Technology
\\xa0
' -->Listed in: Technology
And here\'s Jan Schaumann\'s presentation at BsidesNYC 2016 entitled "Defense at Scale". Matt mentioned it on the show.
\\xa0
' -->Listed in: Technology
\\xa0
' -->Listed in: Technology
\\xa0
' -->Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Check out this post and discussion\\xa0for the basis of our conversation on this week\\u2019s episode co-hosted by me,\\xa0David Spark\\xa0(@dspark), the creator of\\xa0CISO Series\\xa0and\\xa0Allan Alford\\xa0(@AllanAlfordinTX), CISO at\\xa0Mitel.\\xa0Our guest for this episode is Eric Cowperthwaite, director of information security, Esterline.
Got feedback?\\xa0Join the conversation on LinkedIn.
As a professional services company, Praetorian helps enterprise customers solve complex cybersecurity problems. We are the security experts.
' -->
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
On this episode of\\xa0Defense in Depth, you\\u2019ll learn:
' -->
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology
Listed in: Technology