The Cyber Security Council

Brian Greene and Scott Brammer
The Cyber Security Council

The Cyber Security Council (TCSC) is a community forum for Cyber leaders. Its mission is to elevate premier voices in cyber, and strengthen the cyber community itself. TCSC seeks to demystify and simplify cyber across the business landscape.

  1. 3 DAYS AGO

    State of the CISO Market - 2025 - with Michael Piacente

    Are you a CISO looking for a new CISO gig? Well, here's what you need to know. Summary In this conversation, Scott Brammer and Michael Piacente discuss the evolving landscape of the CISO job market for 2025. They explore key trends, challenges, and the skills required for CISOs to thrive in a competitive environment. Michael shares insights on the current state of the market, the different archetypes of CISOs, and the headwinds they face, including economic factors and hiring challenges. The discussion also highlights the importance of effective communication and the need for CISOs to adapt to various organizational contexts. In this conversation, Michael Piacente discusses the intricacies of the CISO role, emphasizing the importance of preparation and practice in interviews, the evolving responsibilities of CISOs, particularly in privacy and AI, and the current dynamics of compensation and job market trends. He highlights the significance of role-playing in interviews, the necessity for CISOs to adapt their approach based on their position in the interview process, and the growing importance of privacy as a skill. Additionally, he addresses the challenges in the job market, including the concept of the 'security poverty line' and the need for CISOs to be proactive in their career development and education. Takeaways - The CISO job market is experiencing an oversupply of candidates. - CISOs are often seen as scapegoats during security breaches. - There are three main archetypes of CISOs based on company size and maturity. - CISOs need to possess strong technical and business skills. - Effective communication is crucial for CISOs to convey complex topics. - The hiring process for CISOs is often unclear and convoluted. - CISOs must adapt their skills to different organizational needs. - Understanding the financial backing of a company is essential for CISOs. - Candidates often struggle to articulate their qualifications effectively. - The CISO role is increasingly recognized as a critical executive position. - Role-playing is essential for effective interview preparation. - It's normal to struggle with interviewing; practice is key. - Understanding your position in the interview process is crucial. - CISOs must ask insightful questions during interviews. - Privacy skills are increasingly important for CISOs. - AI is reshaping the responsibilities of CISOs. - Compensation for CISOs varies widely based on company size and industry. - The job market for CISOs is competitive and evolving. - CISOs should advocate for appropriate compensation and benefits. - Evaluating job postings critically is vital for career success. Special Guest Michael Piacente https://www.linkedin.com/in/moderncisosearch/ Managing Partner, Hitch Partners https://www.hitchpartners.com/ 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene TCSC Partner Dan Piercy LinkedIn: https://www.linkedin.com/in/dan-piercy-4b759b57/ Keywords CISO, job market, executive roles, cybersecurity, trends, skills, hiring process, archetypes, challenges, 2025, CISO, interviews, role-playing, privacy, AI, compensation, job market, security, education, career development

    50 min

  2. 3 DAYS AGO

    Cyber Product Strategy with Damien Lewke

    Summary In this episode, Scott Brammer interviews Damien Lewke, a cybersecurity leader and motivator, discussing his journey into cybersecurity, the importance of product management, and strategies for effective go-to-market approaches. Damien emphasizes the significance of understanding customer pain points, building a solid business case, and the unique challenges faced in cybersecurity product development. He shares insights on how to prioritize features and develop a roadmap that aligns with customer needs, while also addressing the complexities of scaling within larger organizations. In this conversation, Damien Lewke and Scott Brammer delve into the intricacies of product management within the cybersecurity sector. They discuss the challenges of balancing product development with organizational needs, share success stories from their experiences, and explore the impact of AI on product strategy. Lewke emphasizes the importance of understanding customer needs, the role of Agile methodologies, and the significance of mentorship in career development. The discussion also highlights the differences between product management and solutions architecture, providing insights into effective tools for guiding product direction. Takeaways Cybersecurity is a socio-technical problem involving human and machine interactions. Understanding customer pain points is crucial for product management. Building a business case is essential for gaining senior leadership support. Engaging engineering teams with customer feedback enhances product development. Scaling challenges arise in larger organizations due to complexity. Unique challenges in cybersecurity include compliance and data management. Prioritizing features should focus on customer value and impact. The 80-20 rule applies to engineering value and effort. -Effective go-to-market strategies must be integrated into product development. We need to change something that's not even product focused. Generating revenue is crucial for product management. Accountability to the roadmap is essential for PMs. Agile principles should guide product management. Building a threat intelligence platform requires customer feedback. Bringing a product to market involves understanding customer needs. Compliance is critical before implementing AI solutions. Mentorship is vital for career growth in product management. Product management is often a thankless job. Solutions architecture focuses on customer implementation. Special Guest Damien Lewke LinkedIn: https://www.linkedin.com/in/damienlewke/ CEO/Founder | MIT CSAIL | Threat Hunting | Cyber Product Management 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene TCSC Partner Dan Piercy LinkedIn: https://www.linkedin.com/in/dan-piercy-4b759b57/ Keywords cybersecurity, product management, go-to-market strategy, customer engagement, product development, engineering, business case, scaling, challenges, economics, product management, cybersecurity, AI, career advice, product strategy, success stories, tech debt, Agile, solutions architecture, customer feedback

    55 min

  3. 3 DAYS AGO

    Guerilla Cyber Dispatch - Salt Typhoon

    Summary The conversation delves into the Salt Typhoon cyber attack, described as the worst telecommunications hack in U.S. history. Scott Brammer discusses the implications of the attack, the timeline of events, and the responses from government agencies. He highlights the seriousness of the threat posed by nation-state actors and the need for enhanced cybersecurity measures. The discussion also touches on the evolving attitudes towards encryption and the importance of protecting sensitive communications. Takeaways Salt Typhoon is a significant milestone in cybersecurity history. The attack targeted U.S. telecommunications infrastructure, causing widespread disruption. Encryption is now being recommended for everyday users by intelligence agencies. The attack has implications for both government and private sector cybersecurity strategies. Salt Typhoon has been linked to a Chinese hacking group. The timeline of the attack reveals a coordinated and sophisticated effort. Government officials are reevaluating their approach to encryption for citizens. Cybersecurity burnout is a real issue for professionals in the field. The attack has prompted discussions about national infrastructure resilience. Future conversations will focus on the details of government alerts and responses. Sound Bites "The attack is serious, the adversary is serious." "Stay cyber, stay safe." We need more "Guerrilla Cyber Dispatchers". 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene TCSC Partner Dan Piercy LinkedIn: https://www.linkedin.com/in/dan-piercy-4b759b57/ Keywords Salt Typhoon, cybersecurity, telecommunications hack, Chinese hackers, encryption, national security, incident response, cyber threats, telecommunications infrastructure, advanced persistent threats

    26 min

  4. 01/12/2024

    Hockey and Data Breaches with Bankim Tejani

    Can a Hockey Referee overcome a Data Breach? Yes. Summary In this episode of the Cyber Security Council Podcast, Scott Brammer interviews Bankim Tejani, a distinguished engineer and CISO, who shares his extensive experience in cybersecurity, particularly focusing on the MyFitnessPal data breach. The conversation explores Bankim's career journey from software development to security, the importance of emotional intelligence in crisis management, and the lessons learned from navigating organizational politics in application security. Bankim emphasizes the significance of trust, values, and leadership in incident response, particularly during high-pressure situations like data breaches. Takeaways - Bankim Tejani has a diverse background in software development and security. - The MyFitnessPal data breach was disclosed within four days, showcasing effective incident response. - Building trust within teams is crucial for effective incident management. - Emotional intelligence plays a key role in navigating crises. - Hockey refereeing has taught Bankim valuable decision-making skills under pressure. - Positioning within an organization can impact the effectiveness of security measures. - Organizational politics can hinder the implementation of effective security practices. - Lessons learned from past projects can shape future security strategies. - Values and leadership are essential in guiding incident response efforts. - The importance of timely communication during a data breach cannot be overstated. Special Guest Bankim Tejani https://www.linkedin.com/in/bankimtejani/ Senior Director of AppSec at major Texas-based company 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene Keywords data breaches, cybersecurity, incident response, MyFitnessPal, security architecture, emotional intelligence, career progression, software development, AppSec, leadership

    59 min

  5. 25/11/2024

    Open Source Security with Feross Aboukhadijeh

    Open Source Security is being revitalized. Summary In this conversation, Feross Aboukhadijeh, founder and CEO of Socket, discusses the evolution of open source security, the challenges faced in the software supply chain, and how Socket addresses these issues through real-time threat detection and developer education. He emphasizes the importance of trust in open source dependencies and shares insights on the proactive measures Socket takes to ensure security. The discussion also covers the integration of Socket into developer workflows and the company's success stories in the cybersecurity landscape. Feross is an entrepreneur with a successful exit on his resume. Feross is also a graduate of Stanford, an active venture capital investor, and a talented open source developer who has built WebTorrent, assisted Brave Software, and uplifted Javascript projects. Takeaways - Socket is a developer-first security platform. - Open source security has been an afterthought despite its widespread use. - Software supply chain attacks are on the rise, necessitating better security measures. - Socket provides real-time threat detection for open source dependencies. - The platform integrates seamlessly into developer workflows, enhancing security without hindering productivity. - Developers often pull in dependencies without reviewing their code, increasing risk. - Socket's deep package inspection identifies malicious activity in real-time. - The company has seen success with major clients in AI and finance sectors. - Socket's approach is proactive, addressing vulnerabilities before they can be exploited. - The team at Socket is focused on efficiency and strategic growth. Special Guest Feross Aboukhadijeh https://www.linkedin.com/in/feross/ CEO and Co-Founder at Socket https://www.socket.dev Sound Bites "Secure your dependencies, ship with confidence." "We're helping people to trust the foundation." "We're doing a much deeper scan of the package." "We want to get ahead of it and be as early as possible." "It's the easiest security tool that anyone's ever used." "Developers love it, really." "We're used at a lot of the largest AI companies." "A players hire A players, but B players hire C players." 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene Keywords Socket, open source security, software supply chain, developer tools, cybersecurity, threat detection, software vulnerabilities, real-time scanning, developer education

    42 min

  6. 17/11/2024

    Attack Chains with Sunil Gottumukkala

    When a leader in operating system security speaks, you would be wise to listen. Summary In this conversation, Scott Brammer interviews Sunil Gottumukkala, CEO and co-founder of Averlon, a cloud security platform. Sunil shares his extensive background in cybersecurity, including his time at Microsoft and Salesforce, and discusses the unique approach Averlon takes to address real-world breach risks. He emphasizes the importance of understanding how attackers operate and the need for effective communication between security and engineering teams. Sunil also reflects on his entrepreneurial journey, the milestones Averlon has achieved since coming out of stealth mode, and the innovative technologies that set Averlon apart in the cybersecurity landscape. Sunil covers the evolving landscape of AI in cybersecurity, emphasizing the importance of generative AI as a differentiator. He shares insights on targeting clients who are adopting cloud technologies and highlights success stories from early adopters. He reflects on his foundational experiences at Microsoft (running operating system security!!) and offers advice for aspiring leaders in the tech industry. He also delves into the challenges of navigating venture capital and the importance of software resilience and liability in cybersecurity. Takeaways - Averlon focuses on proactive cloud security. - Averlon aims to predict and prevent cloud attacks. - The long-term vision is to focus on exploitable risks. - Understanding attacker behavior is crucial for risk reduction. - Stealth mode can hinder valuable customer feedback. - Building a strong founding team is essential for success. - Generative AI can enhance cybersecurity solutions. - Effective communication with engineering teams is key. - Real-world breach risk should guide security efforts. - Customer conversations improve product execution. - Averlon's technology visualizes vulnerabilities in an attack chain. - The future of cybersecurity relies on collaboration and innovation. - AI is not just a buzzword; it's a key differentiator. - Generative AI must provide defenders with an asymmetric advantage. - Success stories highlight the importance of effective communication. - Microsoft taught me the discipline of building at scale. - Aspiring leaders should focus on the scope of their impact. - Sales and marketing skills are crucial for startup success. - Invest in resilience and demand it from vendors. Special Guest Sunil Gottumukkala https://www.linkedin.com/in/sunilgottumukkala/ CEO and Co-Founder at Averlon Former Microsoft Partner Former SVP Salesforce Also mentioned in this episode: Vishal Agarwal https://www.linkedin.com/in/vishal-agarwal-55789355/ CTO and Co-Founder at Averlon 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene Keywords Averlon, cybersecurity, cloud security, AI planning, generative AI, Sunil Gotumukala, risk reduction, stealth mode, engineering collaboration, attack chain, AI, cybersecurity, cloud security, generative AI, venture capital, software resilience, startup challenges, client success, leadership advice, software liability

    53 min

  7. 04/11/2024

    Browser Security with Ryan Boerner

    In this episode of the Cybersecurity Council podcast, host Scott Brammer interviews Ryan Berner, founder and CEO of KeepAware, a browser security service. They discuss Ryan's entrepreneurial journey, the mission and vision of KeepAware, and the unique features that set it apart in the cybersecurity landscape. Ryan shares insights on the importance of browser security, the challenges of identity management, and the company's growth trajectory. The conversation also touches on the technical differentiators of KeepAware, the current status of the startup, and the future roadmap for expanding its capabilities. Special Guest CEO/Founder Ryan Boerner https://www.linkedin.com/in/ryan-boerner-8bb0349b/ https://keepaware.com/ Takeaways - KeepAware focuses on browser security to prevent targeted threats. - Ryan Berner's entrepreneurial journey began with a passion for security. - The browser is often a blind spot for security teams. - KeepAware aims to provide additional visibility and prevention layers. - Ryan balances his role as CEO with hands-on technical work. - The company's secret sauce lies in DOM tree analysis. - KeepAware is currently in the seed stage, proving use cases. - Traction is seen in organizations heavily using browsers. - Identity management is crucial in the context of browser security. - The future roadmap includes expanding integrations beyond the browser. Sound Bites "I realized the browser is just really a blind spot." "Our mission is to stop people targeted threats." "We want to provide a prevention layer." 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd

    49 min

  8. 22/10/2024

    Reinventing Incident Response with Matt Hartley

    "We're reinventing incident management and incident response." In this episode of The Cyber Security Council podcast, Scott Brammer interviews Matt Hartley, co-founder and chief product officer of BreachRx, an innovative incident response platform. They discuss the importance of proactive incident management, the unique features of BreachRx, and how organizations can prepare for and respond to cybersecurity incidents effectively. Matt emphasizes the need for a structured approach to incident response that involves all facets of a business, not just the security team. The conversation also touches on the regulatory landscape and how BreachRx helps organizations navigate compliance requirements while minimizing legal risks. Matt Hartley discusses the evolution of incident response practices, emphasizing the importance of adapting to legal challenges and customer needs. He shares insights on how BreachRx is designed to facilitate effective incident response and the significance of tabletop exercises in enhancing organizational maturity. Hartley also reflects on his journey as a co-founder, the growth of his team, and the lessons learned from mentorship and community engagement. Takeaways - BreachRx is reinventing incident management and response. - Proactive preparation is essential for effective incident response. - Incident response is a business problem, not just a security issue. - Organizations must understand their obligations during an incident. - BreachRx operationalizes the entire incident response process. - The cost of a simple data breach can be as high as $10 million. - Companies of all sizes need incident response solutions. - Regulatory compliance is a key focus for BreachRx. - The platform helps prevent legal issues during incidents. - Effective incident response requires collaboration across the organization. - Incident response practices have significantly evolved in recent years. - Legal privilege is crucial in incident response communications. - Listening to customers is key to product development. - Tabletop exercises help organizations understand their incident response maturity. - Engaging all stakeholders in exercises enhances preparedness. - CISOs often lack knowledge about the legal implications of incidents. - The journey of co-founding BreachRx began with recognizing regulatory changes. - Team growth is essential for the success of a startup. - Mentorship and community engagement provide valuable insights. - Every skill learned in the past is utilized in building a startup. Special Guest Matt Hartley https://www.linkedin.com/in/wmhartl/ Chief Product Officer for BreachRx Sound Bites "We're reinventing incident management and incident response." "You have to be proactively prepared if you want a successful response." "We're the very first platform to operationalize the full incident response process." "You have to get out of your office." "This is the best exercise I've ever been in." "We need to make these decisions." 👉 Follow The Cyber Security Council and tune in to our podcast! 🔔 Don't forget to follow, like and subscribe. The Cyber Security Council: Website: https://lnkd.in/gkbqBPW3 LinkedIn: https://lnkd.in/ggkcxHTi YouTube: https://bit.ly/4dlQErn Apple Podcast: https://bit.ly/3WpeCvd TCSC Host Scott Brammer LinkedIn: https://www.linkedin.com/in/scott-brammer TCSC President Brian Greene LinkedIn: https://www.linkedin.com/in/brigreene Keywords cybersecurity, incident response, BreachRx, incident management, proactive preparation, regulatory compliance, business resilience, CISO, data breach, operational efficiency, incident response, cybersecurity, legal challenges, customer feedback, tabletop exercises, BreachRx, product development, team growth, mentorship, CISO

    53 min
See All (24)

About

The Cyber Security Council (TCSC) is a community forum for Cyber leaders. Its mission is to elevate premier voices in cyber, and strengthen the cyber community itself. TCSC seeks to demystify and simplify cyber across the business landscape.

Information

  • Creator
    Brian Greene and Scott Brammer
  • Years Active
    2024 - 2025
  • Episodes
    24
  • Show Website
    The Cyber Security Council
  • Provider

    Raymond Scott Brammer has not identified itself as a trader for this podcast. If you are a consumer in the European Economic Area, consumer rights do not apply to agreements between you and the provider.

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada