The Cyber Ranch Podcast Allan Alford

In this show, Allan interviews seven guests and asks them questions from a list of 21:
Omkhar Arasaratnam“How do we leverage LLMs for our own use in cybersecurity?”"How do you challenge your own precepts and assumptions to stay current in your role?"
Ofer Klein“How do you describe what you do in cybersecurity to someone at a cocktail party who knows nothing about cyber?""How do you explain to the business the value you bring and the risks you solve?"
Rick Doten"What message do you have for your fellow CISOs?""In this cybersecurity community there is hostility between vendors and practitioners.  What is your best moment with a vendor?"
Sahil Agarwal“How do you measure and articulate the risk that AI represents to the business?""Governance, Risk Management and Compliance - Where should the priority be?"
Roger Brotz"What would you like your fellows CISOs to know?""What are we still getting wrong in cybersecurity?"
Tyson Martin"How do we take on more accountability as business leaders?""How do we overcome our defaults, precepts and assumptions?  How do you get past your own biases and blind spots?"
Sponsored by our good friends at Semperis.
It's a great series of a guests, and a great series of answers.  Y'all be good now!

In this show, Allan interviews seven guests and asks them questions from a list of 21:
 
Chris "Cpat" Patteson
“Why do so many CISOs think cybersecurity insurance is snake oil?”
 
Johann Balaguer
“People, process, technology - Which is the most important and why?”
"What do you want your fellow community of CISOs to know?"
 
Lee Krause
“What are we still doing wrong in cybersecurity?"
 
Ken Foster
“What are we still doing wrong in cybersecurity?"
"How do we articulate risk to the business?"
 
Marty Momdjian
"Walk me through how to solvie the nightmare of repeat incidents?"
 
Michael Calderin
“IA&M: Who should own it, and why?  CIO?  CISO?”
"What is the definition of progress in cybersecurity?  Is there an end state?"
 
Mike Britton
"People, Process, Technology: Which is the most important?"
"I&AM: Who should own it?  CISO or CIO?"
"What's your favorite part of the RSA conference?"
 
Sponsored by our good friends at Semperis.
 
It's a great series of a guests, and a great series of answers.  Y'all be good now!

In this show, Allan interviews nine guests and asks them questions from a list of 21:
 
Dr. Deanna Caputo
“How do you measure and articulate risk to the business?”
“People, process or technology?”
 
Carlos Guerrero
“How do we foster community in cybersecurity?”
 
Elliott Franklin
“Governance, Risk Management, and Compliance – Which of the three is most important?”
“What does progress look like in cybersecurity?”
 
Corey Bodzin
“With regards to AI & LLM, what is the impact to infrastructure?”
 
Evgeniy Kharam
“How integral is Identity & Access Management to the cybersecurity mission?”
“How well is traditional DLP technology meeting its mission and what else can we do?”
 
Gary Hayslip
“What does RSA mean to you?”
 
Kelly Shortridge
“What does progress mean to you in cybersecurity?”
“What is the end goal of cybersecurity?”
 
George Kamide & George Al-Koura
“What are you getting out of RSA?”
 
Kevin Jackson
“What are we doing wrong in cybersecurity?”
 
Sponsored by our good friends at Semperis.
 
It's a great series of a guests, and a great series of answers.  Y'all be good now!

Howdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast!  What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!)  I am your host, Allan Alford, CEO of Alford & Adams Consulting.  I have co-host on this episode, Dani Woolf, of the Audience 1st podcast!    On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off).  What we’re doing on this joint endeavor is interviewing various CISOs and other folks about their roles in cyber.  This week’s show focuses on the pros of cybersecurity – we covered the negatives last week, and this week we cover the positives.  My listeners should know by now that I like to end on a positive note…
 
WARNING: Some naughty language

Howdy, y’all, and welcome to The Cyber Ranch Podcast… AND The Audience 1st Podcast!  What you are about to hear was recorded LIVE! at the CISO XC conference in Dallas-Fort Worth, Texas (my very favorite conference!)  I am your host, Allan Alford, CEO of Alford & Adams Consulting.  I have co-host on this episode, Dani Woolf, of the Audience 1st podcast!  On her show, Dani interviews security buyers so vendors can more efficiently market and sell to them without ruffling their feathers (or piss them off).  What we’re doing on this joint endeavor is interviewing various CISOs and other folks about their roles in cyber.  This week’s show focuses on the cons of cybersecurity – the beefs, gripes, grumps, complaints and fears about cybersecurity.  Next week we’ll end on a positive note, but this show as an opportunity for CISOs to scream into the void.  Without further ado, here we go…
 
WARNING:  Some naughty language this episode.

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  That’s Drew Simonis, CISO @ Juniper Networks, former CSO @ Hewlett Packard Enterprise, former CISO at Willis – you get the idea.  Drew’s posts on LinkedIn are pure fire – not in the hot takes way, but because of the quality of the thinking behind them.  Drew has also been on the show a couple of times now, and we keep inviting him back because he’s always worth hearing from.  Drew and Allan were chatting this afternoon about the idea that oftentimes cybersecurity does not matter – and that that’s okay!  So we decided to record a show on that topic.
 
Drew and Allan share some real-world stories where they put security on hold for the benefit of the business:
VP of R&D had been told he had to get a new product off the ground that was only quasi-planned for. He had properly allocated headcount, but realized his cloud costs were going to rise dramatically.  At the time Allan had a big security initiative he was pushing for out-of-bandwidth.  They met and talked.  His out-of-bandwidth need was stronger than Allan's in terms of benefits to the business.  Allan backed him AND also made sure that his extra cloud spend included a few more security features in AWS.  Win-win.  Drew has a similar tale.
Flat-out, Top line was declining and we could not figure out specifically why. New competitor explained some of it, but not all of it.  Market fatigue?  But that was not all of it.  CRO wanted more sales folks to throw at the problem.  CISO backed him and agave away project budget to support him.
Company had a mismanaged an expansion. Building was paid for, but nobody had thought about the IT costs and headcount.  CIO was trying to figure out where to get bodies to populate the new site.  Allan gave up 2 headcount for 2 more quarters.
Startup: CISO took on Marketing department temporarily when head of Marketing left. Slowed down the security focus, but Marketing needed some hands-on attention beyond what the CEO could give.  It paid off for the business.
CISO Joined forces with head of Pro Services to push through a security initiative that benefited key customers for him (contracts he could now secure), but also gave me some more generalized security comfort.
Spent huge amount of what could have been security operations time training sales teams on security as differentiator in the market. Benefited top line.
Drew and Allan share many more stories and break down why in each of these cases, deprioritizing daily security operations was the right thing to do!
Y'all be good now!