CvCISO Podcast

SecurityStudio
CvCISO Podcast

Welcome to "The CvCISO Podcast" - an extension of SecurityStudio's vCISO training program. Designed to keep the conversation alive beyond the confines of traditional training, this podcast is your ongoing resource for all things related to Virtual Chief Information Security Officers (vCISOs). This podcast is a space where vCISOs can continue to explore, discuss, and evolve their understanding of the cybersecurity landscape. Join us as we delve into the experiences, perspectives, and challenges that vCISOs face. From sharing success stories to dissecting tough lessons learned, we cover it all. The goal of the podcast is to build a community where vCISOs can come together to learn from one another. Through engaging discussions and thought-provoking questions from the vCISO community, we keep the conversation dynamic and relevant. This isn't just a podcast - it's a dynamic platform where your voice matters. So, whether you're a seasoned vCISO or just starting, join us on the "CvCISO Podcast" as we continue the journey of learning and growth together. Hosts: Jordon Darling (Vice President, Top Dog PC Services) https://www.linkedin.com/in/jordon-darling/ Evan Francen (Founder and CEO, SecurityStudio) https://www.linkedin.com/in/evanfrancen/ Meg Perron (CvCISO Training Academy Director, SecurityStudio) https://www.linkedin.com/in/meg-perron-mba/ To find out more information about SecurityStudio's CvCISO Training Program visit: www.cvciso.com Follow SecurityStudio on LinkedIn: https://www.linkedin.com/company/11486715 Email cvcisopodcast@securitystudio.com with questions or topics you'd like our hosts to tackle!  

  1. DEC 6

    CvCISO Podcast Episode 34: Routines and Habits

    Summary   In this episode, the speakers explore various themes surrounding self-care, routines, and habits. They discuss the importance of embracing natural beauty, the significance of hydration and morning rituals, and the symbolism behind daily habits like showering. The conversation also delves into the social aspects of habits, particularly focusing on smoking and drinking, and how these habits can foster connections or lead to negative consequences. In this conversation, the speakers explore various personal habits and their impacts on mental health, relationships, and overall well-being. The conversation also touches on the significance of gratitude and contentment in daily life, emphasizing that true joy comes from appreciating what one has rather than seeking more material possessions.   Takeaways The hosts enjoy Fridays and dislike Mondays, reflecting a common sentiment.Exploring habits can reveal different facets of personality.Routines don't have to be work-related; they can encompass all aspects of life.The discussion on habits can lead to deeper insights about personal growth.The hosts share personal anecdotes related to their routines.Morning routines can set a positive tone for the day.Hydration is essential for overall health.Symbolic actions can provide mental clarity.Daily habits can help wash away past negativity.Social habits can lead to meaningful conversations.Bad habits often come with social stigma.Finding balance in habits is crucial for well-being.Every day offers a new opportunity for growth.Being transparent about habits can foster connection. Stress relief can come from various habits, but it's essential to evaluate their impact.Alcoholism can manifest in different ways, and personal choices play a significant role.Sugar addiction is a common struggle that many face.Financial planning can enhance intimacy in relationships by reducing stress.Preparing for help, like cleaning services, can create a smoother experience.Gratitude practices can shift perspective and enhance daily joy.Contentment is more valuable than material wealth.Distractions can lead to ungratefulness; intentional gratitude is necessary.Finding joy in simple things can lead to a more fulfilling life.It's important to recognize the gifts in our lives and appreciate them.

    52 min

  2. DEC 2

    CvCISO Podcast Episode 33: Navigating the Assessment Landscape Pt 3

    Summary In this episode of the CvCISO Podcast, the hosts engage in a light-hearted conversation that transitions into a serious discussion about access control policies, the role of IT in managing access, and the importance of user account reviews. They explore the risks associated with shared accounts and the significance of system and service accounts in cybersecurity. The episode concludes with a focus on authentication and password management, emphasizing the need for robust security practices. In this conversation, the participants discuss various aspects of organizational security, focusing on password policies, password management systems, encryption, mobile device security, remote work policies, and monitoring of remote connections. They reflect on the challenges and solutions related to these topics, emphasizing the importance of training, access control, and the need for clear policies to protect sensitive information.   Takeaways Access control policies are crucial for organizational security.IT plays a vital role in managing access requests and approvals.Regular reviews of user accounts are necessary to maintain security.Shared accounts pose significant security risks that need addressing.System and service accounts require careful inventory and review.Authentication processes must be secure to prevent impersonation.Training and awareness on password management are essential for employees.Policies should be clear and usable to enhance compliance.Transparency in assessments leads to better security outcomes. Changing password policies can be frustrating but necessary for security.Implementing a password management system can ease the burden on employees.Regular password changes can protect against potential breaches.Encryption is essential for protecting sensitive data in transit and at rest.Mobile devices should have enforced security measures like PINs.Remote work requires clear policies to protect organizational data.Monitoring remote connections is crucial for maintaining security.Regular assessments can help identify gaps in security practices.Collaboration between HR and IT is vital for effective training.Creating a culture of security awareness is important for all employees.

    57 min

  3. NOV 23

    CvCISO Podcast Episode 32: Navigating the Assessment Landscape Pt 2

    Summary In this episode of the CvCISO Podcast, the hosts continue their assessment discussion, focusing on the roles of CEO, CFO, and VC. They explore the importance of separation of duties, risk management, and the impact of experience on wisdom. The conversation transitions into the assessment process, covering topics such as screening and background checks, security policies, employee monitoring, and training for privileged users. The hosts emphasize the need for awareness training and the significance of having a structured approach to security in small businesses. In this conversation, the speakers delve into various aspects of information security, focusing on the definitions and roles of privileged users, the importance of post-employment processes, and the management of assets and inventories. They discuss the need for formal information classification guidelines and the handling of removable media. The conversation also touches on the disposal of media, the inventory of cloud services, and the relationship between compliance and risk management, emphasizing the importance of foundational security practices over compliance minutiae.   Takeaways Separation of duties is crucial in risk management.Experience with pain can lead to wisdom.High turnover necessitates thorough background checks.Employee training should include security awareness.Privileged users require specialized training.Monitoring employees can help detect cybersecurity events.Transparency is key during technical difficulties.Assessments can reveal gaps in security practices.Risk acceptance is a legitimate strategy.Regular reviews of security policies are essential.All admins are considered privileged users.It's essential to define what constitutes a privileged user in an organization.A solid onboarding and offboarding process is crucial for security.Asset management includes both physical devices and software.Information classification should be formalized to enhance security.Removable media poses unique risks that need to be managed.Media disposal processes should be clearly defined and followed.Organizations often lack a complete inventory of cloud services.Compliance requirements can influence how assessments are conducted.It's important to focus on foundational security practices rather than compliance minutiae.

    54 min

  4. NOV 18

    CvCISO Podcast Episode 31: Navigating the Assessment Landscape Pt 1

    Summary In this episode, the hosts engage in a mock assessment to explore the intricacies of conducting information security assessments. They discuss the importance of understanding risk management, setting expectations, and building rapport with clients. The conversation highlights the human factors involved in assessments, the significance of administrative controls, and the need for clear communication about policies and insurance. Through their dialogue, they aim to demystify the assessment process and provide insights into effective risk management strategies. In this conversation, the speakers discuss effective strategies for conducting assessments in information security, emphasizing the importance of not wasting executives' time and the need for clear communication. They share personal experiences and challenges faced during assessments, highlighting the significance of accountability and the necessity of a robust information security framework. The discussion also touches on the importance of learning from experiences and the value of maintaining a balance between technical expertise and people skills. Takeaways  Assessments are a learning experience, not a performance.Different perspectives bring value to security assessments.It's important to set clear expectations for assessments.Risk management is a business issue, not just an IT issue.Building rapport is crucial for effective assessments.Honesty in responses leads to better outcomes.Administrative controls are often overlooked but essential.Handling discomfort during assessments is part of the process.Policies should be active and reviewed regularly.Cyber insurance is a critical component of risk management.Gather as much quality information as possible during assessments.Don't strive for perfection; it's normal to misunderstand questions.Follow-up questions are essential after the initial assessment.Expect that things will get lost in translation during assessments.It's important to set clear expectations with executives upfront.Learning from mistakes is a crucial part of the assessment process.Accountability in information security should be clearly defined.Building a task list post-assessment can help manage follow-ups.Communication skills are as important as technical knowledge in assessments.Emulating successful strategies while maintaining your own style is beneficial.

    52 min

  5. NOV 12

    CvCISO Podcast Episode 30: Tips and Tricks for Your First Assessment

    Summary   In this episode, the hosts share insights on overcoming intimidation, the value of community support, and practical tips for new assessors to build confidence and improve their skills. The conversation emphasizes the significance of being oneself and learning from experiences, even when they feel uncomfortable. In this engaging conversation, the speakers explore the importance of authenticity in assessments, the value of learning through experience, and the significance of mentorship in career progression. They share personal anecdotes that highlight the lessons learned from real-life scenarios, emphasizing the need for collaboration and continuous improvement in training programs. The discussion also touches on the future direction of their initiatives, including a risk assessment series, while maintaining a lighthearted tone with humor and insights. Takeaways  Authenticity is crucial in assessments; just be yourself.It's normal to feel like an imposter, even with years of experience.Community support is vital for personal and professional growth.Expectations should be set at the beginning of assessments.Assessments should be conversational, not mechanical.Learning from mistakes is part of the growth process.Comfort zones can hinder growth; embrace discomfort.Practice assessments can help build confidence.Asking questions is a strength, not a weakness.Authenticity is key in assessments.Value is determined by the customer's perception.Learning through experience is invaluable.Mentorship is crucial for career progression.Mock interviews can help bridge skill gaps.Training should focus on practical application.Collaboration enhances learning outcomes.Continuous improvement is essential in programs.Humor can facilitate deeper discussions.Real-life scenarios provide the best learning opportunities.

    40 min
  6. Episode 29: Keeping it Real - The Scary Side of vCISO Work

    OCT 31

    Episode 29: Keeping it Real - The Scary Side of vCISO Work

    Summary In this episode, the hosts discuss the scary aspects of being a Virtual Chief Information Security Officer (vCISO), including the challenges of limited control and high accountability, navigating client expectations, and the constantly shifting threat landscape. They emphasize the importance of understanding roles and responsibilities, combating fear with knowledge, and the value of community support in the cybersecurity field. In this conversation, the speakers delve into the complexities of professional roles in cybersecurity, emphasizing the importance of authenticity, the pressure to justify one's value, and the realities of on-call responsibilities. They discuss the inevitability of breaches and the necessity of preparation, as well as the legal and regulatory challenges that professionals face in the industry. The dialogue highlights the need for self-reflection, accountability, and the importance of having a solid plan in place to navigate these challenges effectively. Takeaways  Being a vCISO involves limited control but high accountability.Clients often expect VCSOs to make decisions, which can be frustratingClear communication about roles and responsibilities is crucial.The threat landscape is constantly changing, but fundamentals remain the same.Education and preparation can alleviate fears about breaches.Documentation is important for accountability and clarity.Community support is vital for staying informed and reducing anxiety.Understanding context helps combat fear in cybersecurity.It's okay not to know everything; collaboration is key.Staying focused on fundamentals helps navigate distractions.  Admit when you don't know something; it's an opportunity for education.The biggest need in cybersecurity is not technical skills, but people skills.Constantly question your value and how you provide it.It's essential to communicate your contributions to clients regularly.Being on call should be expected if it's part of your role.Breaches are inevitable; preparation is key.Understanding the threat landscape reduces fear of breaches.Legal accountability in cybersecurity is often lacking.Document your decisions to protect against negligence claims.Self-reflection is crucial in understanding your response to pressure.

    40 min

  7. OCT 25

    Episode 28: Truth or Myth

    Summary In this episode, the hosts engage in a lively discussion about various statements related to cybersecurity, exploring whether they are truths or myths. They delve into the costs associated with cybersecurity, the role of VCISOs, the importance of communication in cybersecurity, and the relevance of the CVCISO course. The conversation emphasizes the need for a proper understanding of cybersecurity's value and the fun aspects of being a VCISO. In this conversation, the speakers discuss the importance of finding joy in work, the misconceptions surrounding cybersecurity responsibilities, the vulnerability of small businesses to cyber threats, and the critical role of leadership in organizational success. They emphasize the need for authenticity, mental health awareness, and the significance of creating a positive work environment. Takeaways  Cybersecurity costs can be perspective-based and context-dependent.Understanding your cybersecurity budget is crucial for effective risk management.The role of a VCISO is to consult and influence decision-making in organizations.Communication with the CEO is essential for a VCISO's effectiveness.The CVCISO course is open to anyone interested in information security leadership.Creating a culture around information security can help justify budgets.Fun and excitement in cybersecurity can lead to better engagement and results.Risk management is a critical aspect of cybersecurity that should not be overlooked.The importance of having a seat at the table for cybersecurity discussions.Building trust and credibility is essential for a VCISO's success. Finding fun in work can enhance customer loyalty.Burnout is a significant issue in the cybersecurity field.You cannot outsource ultimate responsibility for cybersecurity.Small businesses are often targeted by cyber attackers.Leadership is crucial for organizational success.Authenticity in the workplace can reduce burnout.Mental health challenges are prevalent in high-stress jobs.Creating a fun work environment can improve morale.Understanding your vulnerabilities is key to cybersecurity.Investing in leadership development is essential for growth.

    51 min

  8. OCT 18

    Episode 27: Handling Objections as a vCISO

    SUMMARY In this episode of the CvCISO Podcast, hosts Evan, Jordon, and Meg engage in a lively discussion about overcoming objections in vCISO consulting, the importance of framing security in business terms, and leveraging data to support their recommendations. They also touch on personal challenges and the role of emotional intelligence in navigating objections, emphasizing the need for clear communication and understanding the root causes of objections. In this engaging conversation, the speakers explore various themes including the importance of humor in communication, the need for flexibility and challenging ideas, and the significance of building credibility through quick wins. They discuss strategies for anticipating objections, utilizing emotional intelligence, and focusing on long-term gains. The conversation also emphasizes the value of engaging champions and allies within organizations. Takeaways Understanding the root cause of objections is crucial.Framing security recommendations in business terms can enhance acceptance.Using data and case studies strengthens arguments in consulting.Emotional intelligence helps in managing objections effectively.Building trust is essential for successful consulting relationships.Anticipating objections can prepare you for discussions.Clear communication is key to overcoming resistance.Different stakeholders may require different approaches to decision-making.It's important to separate personal feelings from professional objections.Continuous learning from experiences enhances consulting skills. Humor can enhance conversations and make them more engaging.Challenging ideas is essential for growth and understanding.Flexibility in presenting solutions is crucial.Building credibility often comes from achieving quick wins.Anticipating objections can prepare you for better discussions.Emotional intelligence plays a key role in effective communication.Focusing on long-term gains can outweigh short-term costs.Engaging champions within an organization can facilitate change.Staying solution-oriented helps maintain focus during discussions.

    1 hr
See All (34)

Ratings & Reviews

5
out of 5
2 Ratings

About

Welcome to "The CvCISO Podcast" - an extension of SecurityStudio's vCISO training program. Designed to keep the conversation alive beyond the confines of traditional training, this podcast is your ongoing resource for all things related to Virtual Chief Information Security Officers (vCISOs). This podcast is a space where vCISOs can continue to explore, discuss, and evolve their understanding of the cybersecurity landscape. Join us as we delve into the experiences, perspectives, and challenges that vCISOs face. From sharing success stories to dissecting tough lessons learned, we cover it all. The goal of the podcast is to build a community where vCISOs can come together to learn from one another. Through engaging discussions and thought-provoking questions from the vCISO community, we keep the conversation dynamic and relevant. This isn't just a podcast - it's a dynamic platform where your voice matters. So, whether you're a seasoned vCISO or just starting, join us on the "CvCISO Podcast" as we continue the journey of learning and growth together. Hosts: Jordon Darling (Vice President, Top Dog PC Services) https://www.linkedin.com/in/jordon-darling/ Evan Francen (Founder and CEO, SecurityStudio) https://www.linkedin.com/in/evanfrancen/ Meg Perron (CvCISO Training Academy Director, SecurityStudio) https://www.linkedin.com/in/meg-perron-mba/ To find out more information about SecurityStudio's CvCISO Training Program visit: www.cvciso.com Follow SecurityStudio on LinkedIn: https://www.linkedin.com/company/11486715 Email cvcisopodcast@securitystudio.com with questions or topics you'd like our hosts to tackle!  

Information

  • Creator
    SecurityStudio
  • Years Active
    2K
  • Episodes
    34
  • Rating
    Explicit
  • Copyright
    © SecurityStudio
  • Show Website
    CvCISO Podcast

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada