Defense in Depth

All links and images for this episode can be found on CISO Series Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian. Thanks to our podcast sponsor, Tessian 95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop "OH SH*T!" moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data. In this episode: What do you do for the attacks your rule sets can't catch? Would it help if we eliminated email systems as the standard b2b toolset for communications? Are there any better ways to handle spearphishing? Are you ready to add BCC - Business communications compromise to your threat list?

All links and images for this episode can be found on CISO Series Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants. In this episode: Is cybersecurity becoming too complex? Should we change the way we talk about security to management? Maybe it's time to reframe the argument?

All links and images for this episode can be found on CISO Series Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard. Thanks to our podcast sponsor, Tessian 95% of breaches are caused by human error. But you can prevent them. Learn how Tessian can stop "OH SH*T!" moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data. Why are we still holding back on security convergence? Is it a matter of "if" or "when"? What happens when physical and info security are run by different departments? How can we measure the risks?

All links and images for this episode can be found on CISO Series In most jobs there's often a clear indicator if you're doing a good job. In security, specifically security leadership, it's not so easy to tell. "Nothing happening" is not an effective measurement. So how should security performance be graded? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Deneen DeFiore (@deneendefiore), CISO, United Airlines. Thanks to our podcast sponsor, Tessian In this episode: How should security performance be graded? Is "keeping it simple" the best option? What's the best measurement option?

All links and images for this episode can be found on CISO Series If we're going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly. Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, Eclypsium. Thanks to our podcast sponsor, Eclypsium Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants. Moving from a reactive to a proactive attitude Accelerating teams' ability to respond before damage happens Stopping marketing informing your strategy Patching "fast enough to matter"

All links and images for this episode can be found on CISO Series Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices? Check out this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: Are cyber professionals over the age of 40 being discriminated in hiring practices? Is "older experience" a threat to younger managers? Do older professionals have too much attitude? What other work options exist for the 40+ expert?

All links and images for this episode can be found on CISO Series How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there? Check out this post and this post for the discussion that is the basis of our conversation on this week's episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys. Thanks to our podcast sponsor, Qualys Qualys is a pioneer and leading provider of cloud-based security and compliance solutions. In this episode: How do we turn the tide from reactive to proactive patch management? Do cultural differences make a difference? Do we need a new framework or template?

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security. Thanks to our podcast sponsor, Qualys In this episode: What role should HR play in the hiring process of cybersecurity candidates? What happens when HR's algorithms don't see the right keywords? What are some better ways to get noticed by a human decision maker?

All links and images for this episode can be found on CISO Series Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Andy Ellis (@csoandy), operating partner, YL Ventures. Thanks to our podcast sponsor, Varonis What is your ransomware blast radius? The average user can access 17 million files. Varonis reduces your blast radius in days, not years. Combined with advanced detection that monitors every file touch, ransomware doesn't stand a chance. Get a free risk assessment. In this episode: What are some "positive vendor engagement" characteristics? What tips can we share with vendors who want to build a lasting good impression? How can a vendor go about building trust?

All links and images for this episode can be found on CISO Series When a senior person at your company asks you, "Are we secure?" how should you respond? Check out this post for the basis for our conversation on this week's episode which features me, David Spark (@dspark), producer of CISO Series, co-host Steve Zalewski, and our guest Paul Truitt, principal US cyber practice leader, Mazars. Thanks to our podcast sponsor, Varonis Still in the news is REvil's ransomware attack on Kaseya VSA servers. Varonis is here to help mitigate the blast radius of such attacks. Want a step-by-step guide on what you should be looking for? Learn more about how to prevent ransomware. In this episode: When a senior, non-technical person asks, "Are we secure?" how do you respond?" What does this question say about an executive's engagement level? Why are they asking this now? How relevant/accurate is this question anyway?