Defense in Depth

Rob Allen, the chief product officer at ThreatLocker, dives into the crucial 'deny by default' principle in zero trust security. He discusses whether zero trust can be retrofitted and the business case behind this approach. The conversation highlights the balance between enhancing cybersecurity and maintaining operational productivity. They tackle the complexities organizations face when transitioning to zero trust and stress the importance of contextual security measures tailored to each organization's needs.

Bil Harmer, an operating partner and CISO at Craft Ventures, dives into the intriguing concept of Field CISOs, shedding light on their evolving responsibilities. He clarifies the distinction between traditional and field CISOs and discusses the importance of genuine cybersecurity expertise in these roles. The conversation touches on the legal responsibilities and credibility concerns that come with the position, emphasizing the need for established credentials. Harmer also highlights the collaborative nature of the Field CISO role in enhancing organizational security.

Jim Bowie, CISO at Tampa General Hospital, discusses the importance of connecting cybersecurity to business goals, balancing technical and soft skills, and evolving risk management strategies. The podcast emphasizes effective communication, empathy, and understanding in cybersecurity leadership.

Andrew Cannata, CISO at Primo Water, joins the discussion on M&A cybersecurity risks. Topics include IPO vulnerability, context changes in M&A, and ambiguity's impact on risk. The importance of cybersecurity diligence and employee awareness during mergers highlighted. Emphasizes security controls, challenges in merging cultures, and data protection. Explores post-merger changes in security programs, privacy, and attacker tactics. The significance of maintaining strong cybersecurity measures during organizational changes like mergers to avoid cyber threats.

CEO Shirley Salzman from SeeMetrics discusses the purpose of metrics in storytelling, answering business questions, and effective communication. Experts touch on efficiency, challenges in security metrics, contrasting security mindsets, and tackling ransomware attacks. The importance of continuous monitoring, dynamic dashboards, and risk tolerance in security metrics are highlighted, along with a promotion for cybersecurity templates and metrics solutions by Cmetrix.

CEO of Push Security, Adam Bateman, discusses securing identities in the cloud. Topics include common security mistakes, importance of understanding identities and single sign-on, challenges in identity implementations, monitoring unused permissions, and building tools for flagging risky behavior.

Lamont Orange, CISO at Cyera, discusses the importance of data security within the Defense in Depth strategy, emphasizing automation and knowing what to protect. They explore how Cyera's AI-powered platform provides visibility, risk context, and actionable guidance for data security in various environments.

Tomer Gershoni, CSO at Zoominfo, discusses moving beyond technology, the art of a CISO, always operating in context, and elevating the CISO conversation. The podcast emphasizes aligning security with business objectives, evolving CISO roles towards business orientation, and focusing on cybersecurity for business continuity.

Neil Watkins, SVP technology and cybersecurity services at i3 Verticals, discusses the importance of visibility in cybersecurity, emphasizing the need for practical guidance and remediation solutions. The conversation explores challenges in managing cybersecurity incidents, advocating for self-healing systems and collaboration within the industry.

Sasha Pereira, VP of Infrastructure and CISO at WASH, discusses the value of entry-level cybersecurity skills gained from working at the help desk. Topics include the overlooked nature of help desk experience, the ideal path to break into cybersecurity, and the importance of empathy and understanding business operations in the field.