102 episodes

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Defense in Depth David Spark

    • Technology

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

    DDoS Solutions

    DDoS Solutions

    How seamless are Distributed Denial of Service or DDoS solutions today? If you get a denial of service attack, how quickly can these solutions snap into action with no manual response by the user?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Alastair Cooke (@demitasenz), analyst, GigaOm.
    Huge thanks to our podcast sponsor, MazeBolt

    In this episode:
    Where should a DDoS solution reside? What vital elements should go into a DDoS solution? Do we need more automation and intelligence in these solutions? How involved should the customer be with their DDoS solution? 

    • 28 min
    Making Cybersecurity Faster and More Responsive

    Making Cybersecurity Faster and More Responsive

    All links and images for this episode can be found on CISO Series
    Knowing is only one-third the battle. Another third is responding. And the last third is responding quickly. It’s not enough to just have the first two thirds. We need to be faster, but how?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Jason Elrod (@jasonelrod), CISO, MultiCare Health System.
    Thanks to our podcast sponsor, Eclypsium

    Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
    In this episode:
    What can we do as a pragmatic first step to make our cybersecurity teams quicker and more responsive? Would continuous authorization and real time emergency messaging help? Should we improve test automation? What about people - better teaching & work conditions?  

    • 30 min
    Promises of Automation

    Promises of Automation

    All links and images for this episode can be found on CISO Series
    Automation was supposed to make cybersecurity professionals’ lives simpler. And it was supposed to solve the talent shortage. Has any of that actually happened?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our guest is Brian Lozada (@brianl1775), CISO, HBOMax.
    Thanks to our podcast sponsor, deepwatch

    Increasing ransomware attacks and their evolving sophistication have been putting more pressure on security teams than ever before. Luckily, managed detection and response (or MDR) has emerged as a critical component for improving security operations, reducing ransomware risk, and minimizing the overall impact an attack can have. Visit deepwatch.com to see how we help to prevent breaches for our customers, by working together.
    In this episode:
    Should we be disappointed with what automation has actually delivered? Is it a tools vs people thing? Should we be better at assessing the impact of automation? Should we change the way we hire to help with automation?

    • 26 min
    When Social Engineering Bypasses Our Cyber Tools

    When Social Engineering Bypasses Our Cyber Tools

    All links and images for this episode can be found on CISO Series
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Our sponsored guest is Josh Yavor (@schwascore), CISO, Tessian.
    Thanks to our podcast sponsor, Tessian

    95% of breaches are caused by human error.
    But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.
    In this episode:
    What do you do for the attacks your rule sets can't catch? Would it help if we eliminated email systems as the standard b2b toolset for communications? Are there any better ways to handle spearphishing? Are you ready to add BCC - Business communications compromise to your threat list?

    • 28 min
    How Can We Simplify Security?

    How Can We Simplify Security?

    All links and images for this episode can be found on CISO Series
    Why is cybersecurity becoming so complex? What is one thing we can do, even if it's small, to head us off in the right direction of simplicity?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Leda Muller, CISO at Stanford, Residential and Dining Enterprises.
    Thanks to our podcast sponsor, Eclypsium

    Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
    In this episode:
    Is cybersecurity becoming too complex? Should we change the way we talk about security to management? Maybe it's time to reframe the argument?  
     
     
     
     
     
     

    • 28 min
    Convergence of Physical and Digital Security

    Convergence of Physical and Digital Security

    All links and images for this episode can be found on CISO Series
    Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence.
    Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard.
    Thanks to our podcast sponsor, Tessian

    95% of breaches are caused by human error.
    But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.
    Why are we still holding back on security convergence? Is it a matter of "if" or "when"? What happens when physical and info security are run by different departments? How can we measure the risks?   
     

    • 30 min

Top Podcasts In Technology

Jack Rhysider
De Standaard
Lex Fridman
Tech45
Computer Club - Freddy & Smollie
frenchspin

You Might Also Like

CISO Series
Mike Johnson and David Spark
Recorded Future
CyberWire, Inc.
ITWC
Johannes B. Ullrich