CISO Stories Podcast (Audio)

As your organization increases the cybersecurity talent to protect and defend the information assets, how do you know what skills are needed? What tasks are to be performed and what knowledge is necessary to perform these functions? The NIST NICE Framework helps define the job and assist the CISO in hiring as well as measuring the capability along the career path. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_GregWitte_Article.pdf Witte, G. 2019. Using NICE Framework to Attract Talent In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 422. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp75

Where the CISO should report has been debated for many years, with the predominant view being "anywhere but the CIO", while even in 2022, most CISOs are reporting to the CIO! Which reporting structure viewpoint is right? This podcast will examine the pros and cons of reporting to the CIO and other departments. Join Stephen as he shares his experience as a Former CISO for several large financial institutions, along with his current views. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_StephenFried_Article.pdf Fried, S. 2019. The Best Reporting Relationship for a CISO May Not Be What You Think! In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 174-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp74

Managing cybersecurity defense inside an organization is an enormously complex endeavor, considering the interconnections, vendor relationships, cloud, and mobile proliferation of the data. While many of these computing technologies have a clear purpose and usefulness, many times organizations minimize the complexity when presenting to the Board. Should we? Join us as we discuss a different approach to better communications. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_EdwardAmoroso_Article.pdf Amoroso, E. 2019. Educating Senior Management in Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 150-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp73

Careers can just happen, or they can be planned. Join us as we discuss making the decision to become a CISO and then taking the steps necessary to develop the skills to attain the job and thrive in the role. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_ShaunCavanaugh_Article.pdf Cavanaugh, S. 2019. From Techie to CISO – Identify Where you Want to Be and How to Get There. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 480-481. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp72

The cybersecurity field has traditionally been male dominated and there is clearly a desire to attract more women into the field. Join us as we discuss practical tips for women advancement to leadership positions, how to stand apart when climbing the leadership ladder, and advice for leading effective teams. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_StayMill_Article.pdf Mill, S. 2019. Women In Leadership – Practical Advice. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 425 Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp71

The security spend is increasing year over year as hackers become more sophisticated, organized, and opportunistic. Join us as we discuss ways to determine and evaluate the cost of cybersecurity to ensure the organization is spending the appropriate amount to reduce the risk to an acceptable level. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_DevonBryan_Article.pdf Bryan, D. 2019. The Cost of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 501-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp70

A key function of the CISO is to provide an accurate organizational picture of the risk the organization is currently accepting and communicate the strategy for enhancing the security maturity in support of the business goals. The way you prepare and communicate is just as important as the message. Join us as we discuss how to improve the delivery of the message. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonWitty_Article.pdf Witty, J. 2019. Projecting Confidence when Presenting to the Board of Directors. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 493-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp69

Security metrics are often a struggle to establish by security departments. These metrics may be taking too narrow of a view, whereby metrics visible and embraced by other areas can improve the security program success. Join us as we discuss these metrics. Additionally, Caroline is graciously offering her Linkedin metrics course focused on establishing objectives and measuring progress towards the objectives, to CISO STORIES listeners at no cost at https://www.linkedin.com/learning/learning-security-metrics/why-are-security-metrics-important?autoplay=true To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_CarolineWong_Article.pdf Wong, C. 2019. Sharing the Metrics Goal Between Departments. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 158-9. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp68

Organizations want to know, how are we doing with respect to security? Companies can accept risks they are aware of, and don't want to outspend the competitors with the industry vertical. They also need a way to understand and benchmark the effectiveness of the security program. Join us as we discuss how to ensure the threats are being evaluated. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonTaule_Article.pdf Taule, J. 2019. Keeping Up with The Jones (When Your Neighbors Are Bad Actors). In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 156-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp67 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

We have four generations predominantly in the workforce today, boomers, generation X, Millennials, and Generation Z. Each generation was influenced by different world events, shaping values towards work, family, and technology. The past few years have brought a changing view towards work, with remote and hybrid working. Join us as we discuss these challenges. McGaw, C. 2019. Optimizing Four Generations in The Workforce. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 443-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp66 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In addition to serving as a CISO for several large companies, Phil was instrumental in co-founding the Cloud Security Alliance (CSA) and creating the Cloud Controls Matrix (CCM) to identify what standards from the many frameworks such as NIST, ISO27000, COBIT, HIPAA, PCIDSS, etc. would be applicable to the cloud environment. Join Phil as he discusses his view of these frameworks and his approach to security today. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Phil_Agcaoili_Article.pdf Agcaoili, P. 2019. Leveraging Control Frameworks. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 223-227. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp65 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Organizations are developing technology at a rapid pace today to maintain business relevance and adapt to changing conditions. Rebecca talks about the importance of ensuring change control is implemented and the real impacts if not implemented correctly. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Rebecca_Herold_Article.pdf Herold, R. 2019 Change Controls Are More Necessary Than Ever. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 119-120. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp64 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

One of the most important and impactful tasks of the CISO is presenting to the Board of Directors and Senior Management. The Board needs to have the confidence the CISO is able to determine risk and provide recommendations of cost-effective business-oriented solutions. Listen to Adel as he shares his experience in working with many organizations to reduce risk. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Adel_Melek_Article.pdf Melek, A. 2019. Determining Risk Appetite with the Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 505. Fitzgerald, T. CRC Press, Boca Raton, Fl www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp63 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

For security leaders, it can be hard to catch a break when faced with the increasingly challenging task of defending their organizations from evolving threats while simultaneously fighting the battle of the budget in an effort to do more with less. What issues should CISOs be prioritizing, and how can they get the most bang for their buck with regard to minimizing potential risks and maximizing potential outcomes? CISO Stories Podcast hosts Sam Curry, CSO at Cybereason, and Todd Fitzgerald, VP of Strategy at the Cybersecurity Collaborative, are joined by an esteemed panel of accomplished security leaders to discuss these challenges and more. Join our panel of seasoned CISOs from multiple industries as they share their valuable perspectives on: - Ransomware and the impact on global stability - Supply chain attacks and trusted infection vectors - Detection and response across the network and in the Cloud - Incident Response readiness - Attracting and retaining the right talent Show Notes: https://securityweekly.com/csp62 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Why are we failing at security, and will we ever graduate from Cyber-Kindergarten? The industry has arguably made a lot of progress over the last three decades, yet the attackers still enjoy a distinct advantage. Wayman Cummings, VP of Security Operations at Unisys, joins the podcast to discuss how industry stagnation impacts the security for our critical infrastructure when that rises to the level of national security, what value true public-private partnerships can bring, and more… Show Notes: https://securityweekly.com/csp61 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Sharing sensitive information on a website is likely to solicit a 'No Way" response from the CISO. Renee was faced with these decisions early in her career and needed a way to determine and communicate the right pragmatic and ethical decision. She developed the 'Six-Month Rule", which has evolved into the "Six-Minute Rule" to guide these decisions. Just us as Renee articulates how to help appropriate stakeholders make informed risk/reward decisions. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Renee_Guttmann-Stark_Article.pdf Guttmann-Stark, R. 2019 Six-Minute Rule. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 194-195. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp60 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990's and now represent over 20 industry sectors. Grant shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Grant_Sewell_Article.pdf Sewell, G. 2019. Experience with an Information Sharing and Analysis Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 116. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp59 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Richard spent several decades serving Presidents of both parties and understands what is necessary to implement effective security programs. Join us as he provides pragmatic tips for working with the Board of Directors to effectively communicate the investment need and articulate the benefits in terms the Board can support. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Richard_A_Clarke_Article.pdf Clarke, R. A. 2019 Getting the Board on Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 499. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp58 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, co-founder and CEO of Zero Networks, takes us deeper… Show Notes: https://securityweekly.com/csp57 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Jack_Jones_Article.pdf Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp56 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin describes how to leverage the current environment to "find" new sources of budget to fund the right cybersecurity investments. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_KevinRichards_Article.pdf Richards, K. 2019. Creating Budget Where There Is No Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 482. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp55 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp54 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact that IT governance is eroding as easily and quickly should tell IT and infosec teams that they need to ditch their legacy models of service delivery and adopt an approach that addresses the current business needs and digital transformations many companies are undertaking. The security implications of this are significant in that security programs are not typically sized nor funded to deal with one technology approach yet alone two. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change. Show Notes: https://securityweekly.com/csp53 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security concerns. Steve discusses approaches to remaining compliant with the various laws (i.e., restricting where the data may reside) when moving to the cloud. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Steve_Orrin_Article.pdf Orrin, S. 2019. Why Hardware Matters in Moving Securely to The Cloud. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 122. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp52 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if there are 90 of these organizations? Join this podcast to learn from a healthcare CISO who tackled this dilemma and subsequently changed a government law! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Samantha_Thomas_Article.pdf Thomas, S. 2019. Privacy Hunger Games: Change the Rules. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 344. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp51 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Listen to Dawn-Marie, who has navigated organizations as a CISO during crisis and consultant to "play like you practice." To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Dawn-Marie_Hutchinson_Article.pdf Hutchinson, D. 2019. Server Room to War Room…Enterprise Incident Response. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 214-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp50 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

As if CISOs don't have enough to focus on, here's a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest "fads" like CASB, ZTNA, SASE and more… Show Notes: https://securityweekly.com/csp49 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, and we need to find a better way. This session explores the experience of creating over 300 models using data science, machine learning, and automated incident response to increase the security posture for a major organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Jim_Routh_Article.pdf Routh, J. 2019. Model-Driven Security is Making Fundamental Changes to Security Posture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 163-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp48 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? Join this podcast to learn from the multiple term-elected ISSA International President. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Candy_Alexander_Article.pdf Alexander, C. 2019. CISO approach to Training. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 478. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund the investments. Join this podcast to learn how to show senior management that funding these initiatives is more than risk avoidance and a cost to the bottom line. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Chris_Apgar_Article.pdf Apgar, C. 2019. Security and Senior Management – Buy-In Is Critical to Success. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 139. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Show Notes: https://securityweekly.com/csp46 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Growth begins outside of your comfort zones, so some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable… Show Notes: https://securityweekly.com/csp45 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Cybersecurity programs have evolved from the early days of compliance with regulations. Regulations are important and provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security? Join this podcast as the differences between compliance and true security are discussed. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/11/CISOSTORIES_Mark_Burnette_ArticleV1.pdf Burnette, M. 2019. The Benefits of Focusing on Risk vs Compliance. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 18. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp44 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Ricardo_LaFosse_Article.pdf Lafosse, R. 2019. Success Implementing A Shared Security Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 159. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp43 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Data is everywhere today as users are working remotely, storing information in the cloud, downloading to USB drives and so on. Join this podcast to learn from a Healthcare CISO and some of the typical common events which take place to expose sensitive information. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_William_Miaoulis_Article.pdf Miaoulis, W. 2019. Do You Know Where Your Data Is? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 368. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp42 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust? Should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? What does the future hold for our efforts to find the right balance between them? Show Notes: https://securityweekly.com/csp41 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

The interviewee created the landmark 'gold standard' policy guidance in the book Information Security Policies Made Easy, now in its 13th version, and has extensively researched and helped organizations develop relevant policies. This podcast discusses the 5 key mistakes individuals make in creating and delivering policies to the organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Charles_Cresson_Wood_Article.pdf Wood, C. 2019. Five Pitfalls to Avoid When Issuing Information Security and Privacy Policies In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 413. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Learn how to prepare and reduce the risk of the next ransomware event. The guest walks through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don't miss this podcast for valuable insights from a real-life scenario. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Todd_Inskeep_Article.pdf Inskeep, T. 2019. Dealing with Notpetya. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 204. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp39 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

October is Security Awareness Month! Security Awareness programs must grab the employee's attention if they are to succeed. Join the interviewee as he explains how he successfully engaged the workforce through creative and visible security awareness methods! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Steven_Lentz_Article.pdf Lentz, S. 2019. Security Awareness That Works. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 151. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp38 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! https://www.securityweek.com/nist-publishes-cybersecurity-workforce-framework https://www.securityweek.com/professionalizing-cybersecurity-practitioners-0 https://www.securityweek.com/cylance-launches-next-gen-endpoint-security-consumers https://www.securityweek.com/cisos-and-quest-cybersecurity-metrics-fit-business https://www.securityweek.com/whats-real-value-cost-breach-studies Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Kathy Wang, CISO at Very Good Security, discusses challenges in extending detection and response capabilities to cloud deployments while also ensuring correlations across traditional networks, endpoints, mobile, and user identities. She explains how managing multi-cloud deployments impact this approach, and how organizations can ensure they have the visibility required to detect and remediate earlier. Show Notes: https://securityweekly.com/csp37 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Every organization must be able to respond to an attack quickly. Join this podcast to learn key steps to implement in an incident response plan without breaking the bank. Sam approaches this issue by simplifying incident response into the 3 'P's. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Sam_Monasteri_Article.pdf Monasteri, S. 2019. Security from Scratch: Incident Response on a Shoestring Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 161. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp36 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

All organizations must have security awareness training programs to teach basics to end users. Similarly, the technical teams need to be exposed to flexible training that is interesting to them. Join this podcast to learn how to bring company groups together and form your own DEFCON-type event in-house or in partnership with other organizations. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Kevin_Novak_Article.pdf Novak, K. 2019. Fiscally Responsible Ways to Train/Build Community. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 153. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp35 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Figuring out what to do after a breach is the wrong time to start the planning process. Communications strategies must be in place well beforehand and there are many benefits to the cybersecurity program for implementing these strategies in advance. Join this podcast to understand how teams benefit from relationships with communication and public relation specialists on their teams. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Melanie_Ensign_Article.pdf Ensign, M. 2019. Importance of Communications before, during, and after the Breach. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 191. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp34 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

Rachel, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature. This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

It seems CISOs are typically lamenting that the security budgets are insufficient. While this can represent a significant problem in achieving information security goals, what happens when you get the funding you asked for and asked to spend it in less time than expected? Join this session for an investment lesson learned you won't want to miss! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_James_Christiansen_Article.pdf Christiansen, J. 2019. Too Much Security Money? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 502. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp32 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/

For many organizations, large and small, it would be impractical to "skill up" to manage all aspects of cybersecurity. Managed Security Service Providers provide many different services. Join this podcast to learn how to work with the MSSP to ensure that the organization is obtaining the most value. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jonathan_Nguyen-Duy_Article.pdf Nguyen-Duy, J. 2019. Managing the MSSP. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 135. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Show Notes: https://securityweekly.com/csp31

We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, is it that the organization did not 'get it' or was it our approach? Join this podcast to learn how to achieve that buy-in. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_David_Nolan_Article.pdf Nolan, D. 2019. Achieving Security Buy-In: Change the Approach, Not the Culture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 470. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp30 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Kerissa Varma, Group Chief Information Security Officer of Old Mutual Limited, one of the largest financial services organizations on the African continent, discusses the cybersecurity skills shortage and her initiative to recruit brilliant minds from across an array of fields who have skill sets applicable to cybersecurity, but they might not even know it… This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

A recent global research report conducted by Cybereason, titled "Ransomware: The True Cost to Business", revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization's brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies. An esteemed panel of subject matter experts will examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack. The event was produced as a live webinar version of the CISO Stories Podcast, a weekly podcast that takes a deep dive on security leadership issues and is produced by Cybereason and the CyberRisk Alliance's Cybersecurity Collaborative, a prominent CISO networking group. Show Notes: https://securityweekly.com/csp28 View the Cybereason Ransomware Report here: https://www.cybereason.com/ebook-ransomware-the-true-cost-to-business This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

CISOs are approached frequently by salespersons to buy products to reduce risk. How do you manage these relationships? Join this podcast to learn how to respond to the salesperson, reduce time, and select the best products with reduced wasted interaction. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Kevin_Morrison_Article.pdf Morrison, K. 2019. Managing the Security Product Salesperson. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 69. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp27 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!

Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster. Join this podcast to learn how security can be imbedded into agile software development to produced fast and secure code. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Glenn_Kapetansky_Article.pdf Kapetansky, G. 2019. Integrating Security with SDLC/Agile Development In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 27. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/