CISO Stories Podcast (Audio)

As technology has enabled high speed access and massive amounts of inexpensive storage, data is being created at a logarithmic hockey-stick pace. Not all this data is important for the organization, however the organization must understand what data is important to run the business. Join us as we discuss this dilemma, with an eye to protecting essential information. Good data governance processes are essential for effective security. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-174

Security is both overcooked and underdeveloped at the same time, and we keep doubling down on insanity. Our own community is at great fault for pushing fear and ignoring service, leading to consistent, negative experiences for all other stakeholders in the organization - and ultimately the CISOs themselves. "Do more cyber" never had, does not, and never will lead to better outcomes, yet this is all everyone is talking about. The trifecta of fear (we fear it, we don't understand it, we know we must have it) is used effectively by vendors to drive an ever-increasing wedge into IT budgets, even as the actual utilization ratio of security tools is precipitously low (my estimate is 5%). Frustration abounds, the CISO job is a revolving door, and nobody's happy. Now the regulators are getting involved in all the wrong ways (see the recent SEC action against Tim Brown) - and it's entirely our fault. This segment is sponsored by Spirion. Visit https://cisostoriespodcast.com/spirion to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-173

The terminology of ICS has morphed into OT (Operational Technology) security; however many organizations are lacking in addressing the OT security controls. As some companies talk about air gapping as the primary method of securing OT, the reality is many times true air gapping does not exist. Join us as we discuss why these gaps occur and what needs to be done to secure OT. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-172

For manufacturing companies, technology has taken over a good deal of the day-to-day operations occurring on the manufacturing floor. Things like robotics, CNC machines and automated inventory management. There are even systems that track what tools are used, by whom and for how long. This technology often works outside of or flies under the radar of traditional IT processes. For critical infrastructure, we are hooking up legacy systems to larger networks. Industrial control systems, that were never designed to be attached to the Internet, are now exposed to a wide array of new threats and attacks. Aside from those risks, digital sensors can be attached to almost anything these days, making everything "smart". And with the ability for sensors to also be controllers the risks levels are rising quickly. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-171

Manufacturing environments rely heavily on Operational Technology (OT) systems – such as industrial control systems, supervisory control, PLCs etc. to manage production processes. Compromises of these networks and systems can have devastating consequences, including: • Production disruptions and downtime • Safety hazards: • Data breaches and intellectual property theft: • Financial losses: Ransomware attacks can cripple operations and demand hefty payments. Manufacturing is a lucrative target for Ransomware. • There is little tolerance for downtime. • Difficulty in managing OT environments (different skillsets) • Increasing connectivity between IT and OT due to digital transformation Incidents such as the well documented Colonial Pipeline attack along with other manufacturing companies like Dole, and Brunswick continue to highlight the growing threat landscape for OT security in manufacturing. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-170

The cybersecurity threat landscape is constantly evolving, and experience has shown that everyone and every organization is prone to being breached. How do you prepare for what seems inevitable? You assume breach and plan accordingly. Cyber resilience has become a top priority as organizations figure out how to build a network that can either continue functioning or can recover quickly when faced with cybersecurity attack. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-169

Operational Technology (OT) security is concerned with protecting embedded, purpose-built technologies enabling our industrial processes. You also may have heard "adjacent" buzzwords like Internet of Things (IOT) and Fog (like "cloud" but close to the ground). OT security has significant challenges in terms of cost/size/weight, capability, ability to be updated, and robustness (often, OT failures can endanger lives). More recently, as cyber warfare evolves, OT is one of two main attack vectors. This session will explore the threats, and ability to manage them, using war stories. This segment is sponsored by Arctic Wolf. Visit https://www.cisostoriespodcast.com/arcticwolf to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-168

Third-Party Risk Management is essential for safeguarding an organization's assets, reputation, and operations. By identifying, assessing, and managing risks associated with external partners, organizations can enhance their resilience, protect sensitive information, and maintain the trust of stakeholders in an increasingly interconnected business ecosystem. We have seen the threat landscape change in the last few years. It has always been important to properly identify, categorize, and address risks created by our vendors and strategic partners, to now having to understand the entire supply chain, and how interruptions can affect your business. Even more recently, with the rise of Business Email Compromise (BEC), risks may also come from organizations you have no previous relationship or agreements with. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-167

Schneider Electric has over 52,000 suppliers and sells hundreds of thousands of products of which 15,000 would be classified as intelligent products. To address risks stemming from third-party suppliers, and in recognition of the risks posed to customers, we have a holistic approach to value chain security, by implementing security controls at every level (R&D, Design, Manufacturing, Distribution, Staging, Commissioning and Operating). This approach is guided by policies and regulations, continuously evolving to improve our maturity. On the Third-party Cyber posture level, Schneider Electric partners across the industry to raise cybersecurity maturity, with the World Economic Forum (WEF), ISA Global Cybersecurity Alliance (ISAGCA), and Cyber Tech Accord. We specifically have a tiered third-party risk management program which evaluates suppliers through evidenced-based reviews of their secure development processes and cybersecurity posture. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-166

Breaches at software vendors used by many organizations have highlighted the external software supplier risk, requiring organizations to be even more diligent. Join us as we discuss the supply chain issues and their relationship to software supply chain issues and how organizations should approach environment with supplier software risk, geo-political risk, environmental concerns to maintain business resiliency. This segment is sponsored by VISO TRUST. Visit https://cisostoriespodcast.com/visotrust to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-165

With CISA just putting out new "secure by design" guidance, Lexmark CISO Bryan Willett pulls the curtain back on the curtain back on how Lexmark is approaching secure-by-design in its products Lexmark is at the forefront of secure by design as their products constantly touch highly confidential information in regulated industries, along with an established security record validated by IDC, Quocirca, and Bitsight. Bryan talks about the impact of secure by design on hardware manufacturers; the steps his company has taken to secure its products, monitor suppliers, and push updates; and his thoughts on the CISA guidance. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-164

Generative AI security and integrity. This is important to me because it's a cool new commercially available technology that promises efficiency and time savings--and therefore everyone wants to use it without a thorough understanding of how to secure data used with it or correcting model bias introduced through improper governance. The implications, particularly in the healthcare space, are significant where AI-driven care decisions can drift away from optimal care and have the potential to expose significant care gaps. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-163

Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-162

Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corporate success. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-161

Generative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. You can learn more at http://www.bill-franks.com. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-160

Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve's 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing both their jobs and personal lives. Join us as we discuss this critical issue as we navigate 2024 for better CISO and team health. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit Steve's Website: www.greenshoeconsulting.com for more information. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-159

Over the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion in our teams? Fitzgerald, T. 2019. Chapter 4 Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-158

Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-157

More and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a Governance, Risk and Compliance (GRC) perspective. Fitzgerald, T. 2019. Chapter 1: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-156

Identity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges organizations are facing today to secure the perimeter – the identity perimeter. Fitzgerald, T. 2019. Chapter 5 Cybersecurity Organization Structure in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 131-169. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-155

"High Consequences Cyber" are high-risk, high-stakes cyber projects that can make or break a company or make or break the CISO's reputation. These include issues such as, how do you architect your networks if you are a multinational with exposure to high-risk countries? What are key choices you can make when moving critical workloads such as email and collaboration to the cloud? What's the role of authentication in the age of cloud, and why do companies keep messing it up? How do you educate the board on critical or strategic initiatives while gaining their confidence that the program is well-run? If you're coming into a new organization, how do you evaluate the team and determine how to level it up? During this month CISO Stories is focusing on Identity Management, and we discuss Andy's views on password less identities and Zero Trust. Fitzgerald, T. 2019. Chapter 15: The CISO and the Board of Directors in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 491-511. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Jaquith, A. 2007. Security Metrics: Replacing Fear, Uncertainty, and Doubt, 1st Ed, Addison-Wesley, Upper Saddle river, NJ. https://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989 Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-154

There's been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also focuses on Identity Management this month, we also discuss architecting identities to meet the needs of many different types of users vs a one-size-fits-all approach. Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-153

Are there really millions of open information security jobs available? Or is much of the numbers hyped up? Join us as we discuss these numbers , boot camps, regional differences, and where these job openings come from. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-152

Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! This segment is sponsored by Bitwarden. Visit https://cisostoriespodcast.com/bitwarden to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-151

Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-150

As a CISO, the opportunities we must positively cultivate the cybersecurity landscape for our organizations are endless. From driving projects to implementing innovative technologies to strengthening basic cybersecurity hygiene, reshaping the organization's culture, protecting from ransomware, and diversifying the cyber workforce, the CISO is a certified change-maker! Let's get excited about security! This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://securityweekly.com/csp-149

In security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-148

Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis's, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-147

A key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss some of the flaws present in measuring risk today and considerations to improve our risk management approach. https://www.howtomeasureanything.com/cybersecurity Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-146

Join us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it's important for cybersecurity professionals to acknowledge that they are just as important as information in our protection, and that it requires specific out of the box thinking to secure effectively. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-145

Technical people, CISOs included, may have challenges communicating well with executive management due to a different career path evolution . To maximize our success, we must all improve our communication skills with technical and non-technical people. Join us as we discuss some of the nuanced communications and areas to pay closer attention to. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-144

Cybersecurity touches all our lives, however there is a belief that only experts in all of the technical disciplines need to apply. The term 'cybersecurity' does not invoke a personal sense of responsibility to care for the protection of data. Join us as we discuss the concept of reframing cybersecurity to "Data Care", like the concepts used in the healthcare industry to advance personal responsibility as well as to attract people to the field that may not have considered it previously. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-143

Security tools have become overwhelming in number, yet companies continue to get breached. With all the recent focus on artificial intelligence, security leaders must avoid neglect of natural intelligence. When your opponent is thinking and adapting to your every move, can you really afford to neglect your most critical defenses? Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-142

In the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years' probation. Join the former CISO of Uber as we discuss the events which led to the prosecution case, the results of the trial and aftermath, and the implications for CISOs and what is needed to move the cybersecurity industry forward. This segment is sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-141

MidCap enterprise security is challenge – SMB's have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-140

With cybersecurity emerging as a board-level agenda item, collaboration is becoming increasingly high-stakes and multifaceted. Join us as we examine the opportunities and potential pitfalls of this new era, as well as the skills needed. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-139

Skills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-138

Top-performing CISOs shared with me their hacks for creating a team atmosphere, getting excellent and consistent results, and creating buy-in from management for their budgets, projects, and big ideas. This discussion goes beyond risk management into the realm of performance excellence. Impact Leaders Pod Training for Cyber Teams is a unique 8-week program to up-level performance in information technology professionals and teams. Participants grow leadership, emotional intelligence, teamwork, and performance excellence while excelling at their daily job responsibilities. For more information contact Steve or visit impactleaderscoaching.com Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-137

There are a ton of entry-level candidates for security roles, but we need mid- to late- career cyber candidates to fill our open positions. Hiring managers need to partner with non-security people to build and maintain that pipeline. Let's talk about how to go about getting this done. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-136

Deploying SASE (Secure Access Service Edge) is a critical step on your Zero Trust journey. It is not without risk, especially to the end user experience. Join us as we discuss our lessons-learned fresh from the deployment trenches. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-135

Come listen in on hearing a CISO's story of going from carpenter to psychotherapist to security leader. The stories told will help anyone working in cyber - from those looking to break into cyber to those who are battle tested and looking for new support or coping strategies. Morin, A. 2017. 13 Things Mentally Strong People Don't Do. Harper Collins. 13 Things Mentally Strong People Don't Do: Take Back Your Power, Embrace Change, Face Your Fears, and Train Your Brain for Happiness and Success: Morin, Amy: 9780062358301: Amazon.com: Books This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-134

Cyber Risk Governance or Cyber Risk Management has been an often talked about concept for more nearly two decades yet remains one of the most elusive and sought after outcomes by every C-level executive across every line of business in every industry sector and particularly in the Board room. In this session, we are going to jump into the shoes of the C-level executives and Board members as we describe "what they want" and how we achieve the visual representation of cyber risk in a way that is easily consumable in a language that is universally understood across three levels of stakeholders (Operational/Technical, IT Management, C-level / Board). This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-133

Discussion about what it means to be strategic as a CISO and, more importantly, what specific, tactical steps are you can take to bring that into reality. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-132

NIST recently released the initial draft of a major update to its cybersecurity guidelines for protecting sensitive unclassified information. The update is intended to help federal agencies and government contractors implement cybersecurity requirements more consistently. The revised draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171 Revision 3), will be of particular interest to the many thousands of businesses that contract with the federal government. Federal rules that govern the protection of controlled unclassified information (CUI), which includes such sensitive data as health information, critical energy infrastructure information and intellectual property, reference the SP 800-171 security requirements. Systems that store CUI often support government programs containing critical assets, such as design specifications for weapons systems, communications systems, and space systems. The changes are intended in part to help these businesses better understand how to implement the specific cybersecurity safeguards provided in a closely related NIST publication, SP 800-53 Rev. 5. The authors have aligned the language of the two publications, so that businesses can more readily apply SP 800-53's catalog of technical tools, or "controls," to achieve SP 800-171's cybersecurity outcomes. The update is designed to help maintain consistent defenses against high-level threats to information security. Many of the newly added requirements specifically address threats to CUI, which recently has been a target of state-level espionage. NIST wants to implement and maintain state-of-the-practice defenses because the threat space of hostile adversaries is changing constantly. Protecting CUI is critical to the national and economic security interests of the United States. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-131

As a function of CISOs responsibilities, the best are multi-faceted leaders that shift between cyber, technical, and business domains in response to shifting cyber-risk landscape. This level of adaptability makes them portable to other CISO roles in different industries, and C-level roles that they may not have thought of and frankly, others may not have thought of for them. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-130

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-129

At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Show Notes: https://securityweekly.com/csp-129

Navigate the complexities of building high performing teams in security, risk management, and business resilience uncovering the strategy, frameworks and tactics. Join us as we explore the nuances of collaboration, strategy formulation, and innovative thinking that empower these teams to excel in challenging business and risk management environments. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-128

In today's hyper connected world how do you create a global cyber program that can deliver locally. You start by creating a culture - a culture rooted to delivering high impact with low ego. Culture eats strategy for breakfast ... Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-127

10,500 storefronts. 2.3 million associates worldwide. $572.8 billion in revenue. Today's cybersecurity landscape is complex, as attacks can deliver disruption in the blink of an eye. The focus of Walmart's Information Security team is to secure our operating environment in the service of building and maintaining trust with our customers, associates and stakeholders. To perform at the necessary scale, it takes a village of intelligent associates, a reliance on technologies like automation and a vigilant mindset to stay ahead of adversarial threats. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-126