Defense in Depth

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian. In this episode: How to manage data leaks outside your perimeter? When data leaks increasingly come from third-parties, what can you do to protect your organization? How do we even begin to address this problem? Is there a one size fits all fix? Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render. In this episode: In today's current climate, is the role of the CISO still worth it? Does the position carry a lot of potential liability? Do the upsides still outweigh the risks? Do CISOs tend to have more responsibility than authority? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding is effective for both sides? What are the mistakes CISOs should avoid, and what are the best ways to excel? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec's learning library and cyber range.

All links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within your organizations, particularly with your boss? How can you consciously build these relationships with an eye to leveling up your career? How do you develop soft skills? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec's learning library and cyber range.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude. In this episode: Why does it take so long to integrate new tools and get them up to speed? Are we always in a state where we are always lacking readiness? What should we be measuring? Do we focus too much on singular events? Thanks to our podcast sponsor, Prelude Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn't blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an organization but what happens when you collect too much? Do you put risk on both your organization and for any individuals that data belongs too? Is it still wise to collect as much data as possible? How can CISOs embrace data minimization that doesn't clash with the needs of the business? Thanks to our podcast sponsor, Material Security Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.

All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It's a huge attack surface that we're only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M. In this episode: Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry? What's unique about cybersecurity startups? What's the most common reason you've seen a cyber startup not succeed? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Derek Fisher, Executive director of product security, JPMorgan. In this episode: A security program shouldn't stop at compliance, but that doesn't mean we should undervalue it, right? Why are we so quick to dismiss compliance as simple check boxes? Why is compliance important and why is it often getting a bad name these days? What are the elements that make a great solution? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Alexandra Landegger, Executive Director and CISO, Collins Aerospace. In this episode: Why do mergers and acquisitions always present challenges to an organization? When it comes to cybersecurity, how involved should a CISO be before AND after an acquisition? Can cybersecurity considerations make or break a deal? What skills did you find yourself flexing with your first M&A experience? Thanks to our podcast sponsor, Aphinia! Join Aphinia, a professional tribe of superheroes fighting cybercriminals. If you are a CISO, VP or a Director of cybersecurity, get instant free access to thousands of your peers, career advice, networking opportunities, consulting gigs and more. Join the good guys' team because the only way to succeed is together: https://aphinia.com/#signup_form

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian. In this episode: When did we all agree that red teaming was about validating security? Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined? Is this making it hard to see its value? Can moving red teaming upstream be more valuable to your organization? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Adam Glick, CISO, PSG. In this episode: Vendors need to reach out to CISOs, but what does a successful approach look like? Do vendors often spray and pray with outreach, rather than doing a bare minimum of research? What else can vendors do to try to create meaningful outreach to CISOs? How do you like security sales professionals to build a relationship with you? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Erik Decker, CISO, Intermountain Health. In this episode: Why are we all struggling trying to manage third-party risk? Why do the hated questionnaires seem like compliance checkbox efforts? Does anyone believe it reduces risk? What's the right approach and how do you strike the right balance? Thanks to our podcast sponsor, Praetorian Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Trevor Hilligoss, senior director of security research, SpyCloud. In this episode: What are the things that raise red flags that you're about to experience an attack? What signals set off your Spidey sense that things could go sideways? What are the early warning signs an attack is underway? Did you learn anything new? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, David Christensen, VP, CISO, PlanSource. In this episode: How do you actually focus your patching efforts on the vulnerabilities that are seen as universally holding the most risk? With limited resources, is it possible to "patch all the things"? How do we focus patching efforts to fix the most vital issues quickly? What are the risks we're dealing with? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Jerich Beason, CISO, WM. In this episode: Does generative AI come with a new set of risks? How can we address these risks to take advantage of its benefits? How do we approach a much desired technology we're not so sure how we should secure? How can we take what we've learned from past technological advances and apply it to mitigate risks with generative AI? Thanks to our podcast sponsor, SpyCloud Get ahead of ransomware attacks by acting on a common precursor: infostealer malware. SpyCloud recaptures what's stolen from infostealer-infected systems, and alerts your team to take action before compromised authentication data can be used by criminals to target your business. Get our latest research and check your malware exposure at spycloud.com/ciso.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys. In this episode: How can one create a security program around unknown problems? Don't we know a lot of the things we lack visibility into that can cause security issues? But what about the things you don't even know about in the first place? Will that thing we don't even know to look at, ever cause a security issue? Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com.

All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Russell Spitler, CEO and co-founder, Nudge Security. In this episode: Are businesses walking a tightrope with generative AI? How can organizations implement generative AI responsibly? What can we learn from previous transitions that can help us responsibly bring generative AI into the workplace milieu? What else are we missing? Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches.

All links and images for this episode can be found on CISO Series. In increasingly complex technical defenses, threat actors frequently target the human element. This makes them a top attack vectors, but are they actually the weak leak in your defenses? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Christina Shannon, CIO, KIK Consumer Products. Thanks to our podcast sponsor, SPHERE SPHERE is the Identity Hygiene pioneer. It closes the loop on ownership, certification, and remediation challenges through an automated remediation process. By working with the IAM and PAM solutions organizations have in place, SPHEREboard automates discovery and remediation on an ongoing basis. Learn more at sphereco.com! In this episode: Threat actors frequently target the human element, but are they actually the weak leak in your defenses? Have we been treating humans wrong in our environment? Is the blame on security professionals for failing to design security systems to set humans up for success? Is it disingenuous to presume that cybersecurity would be perfect if not for users?

All links and images for this episode can be found on CISO Series. We often talk about the contradiction of seemingly entry-level security jobs requiring years of experience. But maybe that's because entry-level jobs don't actually exist. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us this week is our guest Jay Wilson, CISO, Insurity. Thanks to our podcast sponsor, SlashNext SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext's generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today. In this episode: What's "entry level" in cybersecurity and does it even exist? What causes the contradiction of seemingly entry-level security jobs requiring years of experience? Why does it seem like there are still no entry level jobs? How do job candidates get creative with their experience to get a foot in the door?

All links and images for this episode can be found on CISO Series. The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our guest, Jamil Farshchi, CISO, Equifax. Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches. In this episode: The Securities and Exchange Commission issued new cyber rules. What do these new rules mean for CISOs and will they ultimately improve our cybersecurity posture? Are these rules something to celebrate, or are they just going to make a CISOs compliance efforts even more difficult? For those companies who actually follow the guidance, will this step up their cyber game considerably?

All links and images for this episode can be found on CISO Series. Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Lee Parrish, CISO, Newell Brands. Thanks to our podcast sponsor, Censys In this episode: Everyone sees value in security professionals coming together, but what specific value does a huge expo like RSA deliver? Are trade shows like RSA getting so big that there's not enough economic value for a CISO to attend? Or do these events have enough industry gravity to justify the spend? Will FOMO continue to force vendors to sponsor big shows like RSA?

All links and images for this episode can be found on CISO Series. Work from home flourished during the pandemic. Many workers love it and don't want to go back. Some organizations are pushing for a return to the office. Is in-office work necessary to improve productivity and cybersecurity posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us for the episode is our guest, Shawn Bowen, CISO, World Kinect Corporation. Thanks to our podcast sponsor, Nudge Security Nudge Security provides complete visibility of every SaaS and cloud account ever created by anyone in your org, in minutes. No agents, browser plug-ins or network proxies required. With this visibility, you can discover shadow IT, manage your SaaS attack surface, secure SaaS access, and respond effectively to SaaS breaches. In this episode: Is in-office work necessary to improve productivity and cybersecurity posture? Is this push for return to office just an effort for managers to return to the "good 'ole days" with no other rationale? So technology can be great from anywhere, but people cannot? Does successful work from home require a mature approach to leadership?

All links and images for this episode can be found on CISO Series. Large language models and generative AI are today's disruptive technology. This is not the first time companies just want to ban a new technology that everyone loves. Yet, we're doing it all over again. Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Carla Sweeney, SVP, InfoSec, Red Ventures. Thanks to our podcast sponsor, Censys Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world's largest certificate database (>10B). Learn more at www.censys.com. In this episode: Whether its ChatGPT or BYOD, people are going to use desirable new tech. So if our job isn't to stop it, how do we secure it? Are tools like ChatGPT so different from what we've seen before that we can't apply lessons already learned? What risks are we solving for with it and where do we go from there? Is this just a security issue?

All links and images for this episode can be found on CISO Series. What do the people least in the know about cyber, want to know? What are they asking? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Caitlin Sarian, AKA cybersecuritygirl on TikTok. Thanks to our podcast sponsor, DataBee from Comcast Technology Solutions DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business. In this episode: What do the people least in the know about cyber, want to know? What are they asking? How important is it to understand what concerns the average person? Are these reasonable concerns or do you think they're directed by media pressure? How do regular, everyday people know what is safe and best practices without a clear path or studying cybersecurity in depth?

All links and images for this episode can be found on CISO Series. A security data lake, a data repository of everything you need to analyze and get analyzed sounds wonderful. But priming that lake, and stocking it with the data you want to get the insights you need is a more difficult task than it seems. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Matt Tharp, Head of Field Engineering, Comcast DataBee. Thanks to our podcast sponsor, Comcast Technology Solutions In this episode: What exactly is a data lake? How are people thinking about and handling the risks? If you want security data lakes to be successful, what customer problem are you trying to solve? How can you make it both dead simple to use AND highly effective?

All links and images for this episode can be found on CISO Series. A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? There are so many phases to execute properly. Blow it with any one of them and your threat intelligence effort is moot. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us today is our special guest Jon Oltsik, distinguished analyst and fellow, Enterprise Strategy Group. Thanks to our podcast sponsor, Comcast DataBee™, from Comcast Technology Solutions, is a cloud-native security, risk and compliance data fabric platform that transforms your security data chaos into connected outcomes. Built by security professionals for security professionals, DataBee enables users to examine the past, react to the present, and protect the future of the business. In this episode: A threat intelligence program sounds like a sound effort in any security program. But, can you pull it off? Which phase of a threat intelligence program gives you the most trouble, and why? What has been your personal experience, and does it change organization to organization? How do you measure the success of the program to prove the value of the work being done?

All links and images for this episode can be found on CISO Series. When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Tim Brown, CISO, Solarwinds. Thanks to our podcast sponsor, Push Security Do you have visibility of all the SaaS apps your employees are storing corporate data on? Are employees protecting all their accounts against identity-based attacks? Discover all the SaaS your employees use - including shadow apps and identities - and secure your data. Find out more at pushsecurity.com. In this episode: When you have an incident and you're engulfed by the stress that lasts more than a day, how do you manage and deal with it? And not only how do you manage your stress, but how do you manage everyone else's? During a major incident, which stress is more difficult to manage? Your own, or those around you? How is this everyone's concern?

All links and images for this episode can be found on CISO Series. We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest Jack Chapman, vp, threat intelligence, Egress. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com. In this episode: We all know that our employees need to be more security aware, but what are the methods to get them there? How can we make our employees more security conscious? What does it take to get security to "stick" with your coworkers? Why does security remain so darn difficult?

All links and images for this episode can be found on CISO Series. Users have tried to upload sensitive company information and PII, personally identifiable information, into ChatGPT. Those who are successful getting the data in, have now made that data free to all. Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest Suha Can, CISO, Grammarly. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: Will people's misuse of these generative AI programs be our greatest downfall to security and privacy? Is AI the problem? Or is poor human judgement the problem? Is it better to get started with any guardrails until setting up a full policy? What are we going to do now?

All links and images for this episode can be found on CISO Series. The demand for cybertalent is sky high. It's very competitive to get those people with skills. What if you were to train your staff and give them the skills you want? Essentially, what if you were to grow your own unicorn? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our special guest, Jesse Whaley, CISO, Amtrak. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev. In this episode: What if you were to train your staff and give them the skills you want? What if you were to grow your own unicorn? What's the best way to grow your staff? How do you figure out the right mix of talent and prioritize the hiring, training, on the job, and other experiences?

All links and images for this episode can be found on CISO Series. What are we doing to improve access management? Make it too loose and it's the number one way organizations get breached. Put on too many controls and now you've got irritated users just trying to do their job. How does each organization find their sweet spot? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Paul Guthrie (@pguthrie), information security officer, Blend. Thanks to our podcast sponsor, Opal Opal is building the next generation of intelligent identity. Identity is one of the last great enterprise frontiers. It's fragmented with legacy architecture. Opal's mission is to empower teams to understand and calibrate access end to end, and to build identity security for scale. Learn more by at www.opal.dev In this episode: What is the one most significant action you've taken to improve access management? What are we doing to improve access management? What is the correct balance between too many controls and not enough? How does each organization find their sweet spot?

All links and images for this episode can be found on CISO Series. With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Steve Zalewski who also hosts Defense in Depth. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: With the growth of business-led IT, does SaaS security need to be a specific focus in a CISO's architectural strategy? Is the problem the architecture of the applications themselves or the fact that a non-security group is bringing these applications online? Is it both? Is this problem solvable? What technical controls can you put in place to mitigate risk from apps you deem risky?

All links and images for this episode can be found on CISO Series. When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. We welcome our sponsored guest Amer Deeba, CEO and Co-founder, Normalyze. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: When it comes to data, compliance, and reducing risk, where are we gaining control? Where are we losing control? And what are we doing about that? Is "losing control" inevitable? Is SaaS really extremely difficult to work with at scale?

All links and images for this episode can be found on CISO Series. If you're struggling to get your first job in security or you're trying to get back into the industry after being laid off, you need to lean on your security community. But like networking, you should find it before you need it. Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Thanks to our podcast sponsor, Egress Egress helps organization stop email security risks is by addressing both inbound and outbound threats together,. We recognize that people get hacked, make mistakes, and break the rules. Egress's Intelligent Cloud Email Security suite uses patented self-learning technology to detect sophisticated inbound and outbound threats, and protect against data loss. Learn more at egress.com. In this episode: Are you struggling to get your first job in security or trying to get back into the industry after being laid off? What is the importance of building your security community network ? What should you look for in a community? What should you expect to put into it, and what should you expect to get back?

All links and images for this episode can be found on CISO Series. What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Rob Duhart (@robduhart), deputy CISO, Walmart. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: What should a cyber job description require, and what shouldn't it? What's reasonable and not reasonable? Do these completely unrealistic job descriptions hurt the entire industry? What is it we need to put in a cyber job description, and what do we need to leave out? Who's losing out here?

All links and images for this episode can be found on CISO Series. Since so much technology today is not launched by the IT department, but by business units themselves. How do security professionals engage with business and application owners and have a conversation about security policy and procedures? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Harold Byun (@haroldnhoward), chief product officer, AppOmni. Thanks to our podcast sponsor, AppOmni Do you know which 3rd party apps are connected to your SaaS platforms? After all, one compromised 3rd party app could put your entire SaaS ecosystem at risk. Get visibility to all 3rd party apps — and their level of data access — with AppOmni. Visit AppOmni.com to request a free risk assessment. In this episode: What's your experience talking about security policy and procedures with business and application owners? How do security professionals engage with business and application owners? How do they have a conversation about security policy and procedures? Is there anything you learned that you didn't realize before?

All links and images for this episode can be found on CISO Series. There are millions of cybersecurity jobs open. Over time, that number has just been growing. What we're doing now does not seem to be working. So what's it going to take to fill all these jobs quickly? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Rich Gautier, former CISO for the U.S. Department of Justice, Criminal Division. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: There are millions of cybersecurity jobs open. What's it going to take to fill all these jobs quickly? Are job description requirements partially to blame for holding back the industry from tapping into greater diversity of expertise? Is it better off if you hire, train, culturally integrate, and reward that person? Does burn out and a steep learning curve keep adding to the problem?

All links and images for this episode can be found on CISO Series. How do you create a positive security culture? It's rarely the first concept anyone wants to embrace, yet it's important everyone understands their responsibility. So what do you do, and how do you overcome inevitable roadblocks? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest, Jadee Hanson, CISO/CIO for Code42. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How do you create a positive security culture? Where do we run into struggles when trying to create a positive security culture? Given its importance, why is it rarely the first concept anyone wants to embrace? What do you do, and how do you overcome inevitable roadblocks?

All links and images for this episode can be found on CISO Series. All experienced security professionals were at one time very green. Entry level status means risk to your organization. That's if you give them too much access. What can you trust an entry level security professional to do that won't impose unnecessary risk? And how can those green professionals build trust to allow them to do more? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Kemas Ohale, vp, global information security, Lippert. Thanks to our podcast sponsor, Normalyze Normalyze is a cloud data security platform that continuously discovers sensitive data and their access paths across your cloud environments. Normalyze provides the ability to analyze, prioritize and respond to data threats to prevent damaging data breaches. Discover, visualize, and secure your cloud data in minutes with Normalyze Freemium. In this episode: What can you trust an entry level security professional to do that won't impose unnecessary risk? How can those green professionals build trust to allow them to do more? What can they do with zero experience? How can they graduate upwards?

All links and images for this episode can be found on CISO Series. What do we need to do to fix our processes to truly reduce risk and vulnerabilities? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Amad Fida (@brinqa), CEO, Brinqa. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: What do we need to do to fix our processes to truly reduce risk and vulnerabilities? How to work with all departments to improve process, communication, and motivation? Why does security need to be treated as a function of the enterprise risk program? What are the elements that make a great solution?

All links and images for this episode can be found on CISO Series. Security professionals talk a lot about the reputational damage from breaches. And it seems logical, but major companies still do get breached and their reputation seems spared. What's the reality of what breaches can do to a company's reputation? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Cecil Pineda, CISO, R1. Thanks to our podcast sponsor, Brinqa Understand your cyber assets, prioritize vulnerabilities, automate remediation, and continuously monitor cyber hygiene across the entire attack surface — infrastructure, applications and cloud — with Brinqa. See how at brinqa.com. In this episode: Security professionals talk a lot about the reputational damage from breaches, so why do companies still get breached? What's the reality of what breaches can do to a company's reputation? Does a breach really result in lasting reputation damage? Are we more accepting of breaches now?

All links and images for this episode can be found on CISO Series. Do RFPs or request for proposals work as intended? It seems they're loaded with flaws yet for some organizations who must follow processes, they become necessary evils for both buyers and sellers. What can we do to improve the process? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our guest Keith McCartney (@kmflgator), vp, security and IT, DNAnexus. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud's programmatic risk and compliance verification tools. In this episode: Do RFPs or request for proposals work as intended? Does it seem they're loaded with flaws? Have they become necessary evils for both buyers and sellers? What can we do to improve the process?

All links and images for this episode can be found on CISO Series. What are the moves we should be making in cloud to improve our security? What constitutes a good cloud security posture? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Andy Ellis, operating partner, YL Ventures. We welcome our sponsored guest Yoav Alon, CTO, Orca Security. Thanks to our podcast sponsor, Orca Security Orca Security is the pioneer of agentless cloud security that is trusted by hundreds of enterprises globally. With continuous first-to-market innovations and expertise, the Orca Platform ensures security teams quickly identify and remediate risks to keep their businesses secure. Connect your first account in minutes by visiting www.orca.security. In this episode: What does successful cloud security look like? What are the moves we should be making in the cloud to improve our security? What constitutes a good cloud security posture? What should we be measuring when it comes to cloud security?

All links and images for this episode can be found on CISO Series. One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Joy Forsythe, VP, Security, Thrive Global. Thanks to our podcast sponsor, Code42 Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com. In this episode: How should vendors engage with CISOs who are tired of being targeted? How can vendors reach CISOs who have had enough of the security vendor marketing emails and cold sales calls? Does CISO represent most CISOs today? Is the sales "system" essentially broken?

All links and images for this episode can be found on CISO Series. Do we really need more categories of security products? Every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect. Do new categories of security products help or hurt the industry? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Corey Elinburg (@celinburg), CISO, CommonSpirit Health. Thanks to our podcast sponsor, Egress In this episode: Do we really need more categories of security products? Does it seem like every new Gartner magic quadrant complicates the marketplace but at the same time helps us understand the other vectors we need to protect? Do new categories of security products help or hurt the industry? Does this make it hard to keep up to date on all new products?

All links and images for this episode can be found on CISO Series. How can security leaders and how do they go about matching business case to every security action you want to take? Is this the right way to sell security to the board? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sravish Sridhar (@sravish), founder and CEO, TrustCloud. Thanks to our podcast sponsor, TrustCloud TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud's programmatic risk and compliance verification tools. In this episode: How can security leaders best make a case for security? How do you go about matching business cases to every security action you want to take? Is this the right way to sell security to the board? How do you show that security can be aligned to business objectives?