Defense in Depth

In this podcast, Erik Decker, CISO of Intermountain Health, joins the hosts to discuss the struggles faced in managing third-party risk. They explore the ineffectiveness of questionnaires and debate the right approach. They also touch on the future of supply chain risk, the benefits of a centralized platform for risk information, and the importance of communication and building relationships with vendors.

Learn about indicators and signals of cyber attacks, prevalence of phishing attacks, understanding targeted attacks in the help desk, correlation between infostealers and ransomware, trust in cyberattacks, discussion on attack indicators and the need for innovation.

David Christensen, VP, CISO, PlanSource, joins the hosts to discuss the challenge of focusing patching efforts on the most critical vulnerabilities. They emphasize the need for prioritization based on business impact, discuss different types of vulnerabilities, and highlight the challenges faced by organizations. The importance of learning vulnerability management basics is also emphasized.

Guest Jerich Beason, CISO, WM, discusses the risks of generative AI and the need for understanding, prioritizing safety, and adapting to its transformative nature. The chapter also explores building a trusted security framework and the challenges and evolution of AI.

Guest Himaja Motheram from Censys discusses building a security program around unknown unknowns. The podcast explores strategies for anticipating, detecting, and responding to unknown unknowns. It emphasizes the importance of executive buy-in, resources, and individual involvement in creating a security culture. The distinction between known unknowns and unknown unknowns is explored, along with the role of technology and human creativity. The shift of security responsibility to the user is discussed, as well as the value of worst-case scenario simulations and relationship-building in cybersecurity.

In this engaging discussion, Russell Spitler, CEO of Nudge Security, dives into the responsible adoption of generative AI in businesses. He emphasizes that rather than banning AI, companies should focus on understanding usage patterns and risks. Russell highlights the urgent need for visibility into AI applications and critiques the gap between policy and real enforcement. He also contrasts low-risk tasks with high-stakes actions, advocating for treating AI as an augmentation tool. The conversation is packed with practical insights for navigating the evolving AI landscape.

In this podcast, cybersecurity expert guest_name discusses the role of humans in cybersecurity and whether they are the weakest link. The conversation explores understanding human behavior, security awareness training, weaknesses in top management, and the shift to focusing on human risk. It also highlights the importance of involving developers in the security team, implementing security measures like multi-factor authentication, and educating employees on security vulnerabilities.

In this episode, Jay Wilson joins the hosts to discuss the nonexistence of entry-level jobs in cybersecurity. They explore the reasons behind this contradiction and how job candidates can creatively gain experience to break into the industry. The importance of stories and personal growth in convincing potential employers is highlighted, along with the responsibility of industry professionals to help newcomers. The chapter also discusses the hiring process, networking, and the need for cybersecurity professionals to care about the businesses they protect.

Jamil Farshchi, CISO at Equifax, discusses the new SEC rules for cybersecurity and their implications for CISOs. They explore the potential effects on cybersecurity, the importance of transparency and measuring risk, and the need for bidirectional context between cybersecurity and the business stakeholders.

Guest Lee Parri joins the hosts to discuss the value of RSA, Black Hat, and Mega Cyber Tradeshows. They explore the economic value for CISOs attending trade shows like RSA and the industry gravity these events have. They also debate the significance and benefits of major cybersecurity corporations sponsoring and having a presence at security conferences. Additionally, they discuss the location of the RSA conference, the value of attending RSA, and the available cybersecurity slots and stickers at conferences.