CvCISO Podcast

SecurityStudio
  • 5.0 (2)
  • TECHNOLOGY
  • UPDATED WEEKLY
CvCISO Podcast

Welcome to "The CvCISO Podcast" - an extension of SecurityStudio's vCISO training program. Designed to keep the conversation alive beyond the confines of traditional training, this podcast is your ongoing resource for all things related to Virtual Chief Information Security Officers (vCISOs). This podcast is a space where vCISOs can continue to explore, discuss, and evolve their understanding of the cybersecurity landscape. Join us as we delve into the experiences, perspectives, and challenges that vCISOs face. From sharing success stories to dissecting tough lessons learned, we cover it all. The goal of the podcast is to build a community where vCISOs can come together to learn from one another. Through engaging discussions and thought-provoking questions from the vCISO community, we keep the conversation dynamic and relevant. This isn't just a podcast - it's a dynamic platform where your voice matters. So, whether you're a seasoned vCISO or just starting, join us on the "CvCISO Podcast" as we continue the journey of learning and growth together. Hosts: Jordon Darling (Vice President, Top Dog PC Services) https://www.linkedin.com/in/jordon-darling/ Evan Francen (Founder and CEO, SecurityStudio) https://www.linkedin.com/in/evanfrancen/ Meg Perron (CvCISO Training Academy Director, SecurityStudio) https://www.linkedin.com/in/meg-perron-mba/ To find out more information about SecurityStudio's CvCISO Training Program visit: www.cvciso.com Follow SecurityStudio on LinkedIn: https://www.linkedin.com/company/11486715 Email cvcisopodcast@securitystudio.com with questions or topics you'd like our hosts to tackle!  

  1. 6 DAYS AGO

    CvCISO Podcast Episode 39: vCISO Role in BCI and DRP

    Summary In this episode, the hosts and guests delve into the concept of Zero Trust Architecture, discussing its legitimacy, implementation challenges, and the importance of understanding its principles. They explore how Zero Trust can enhance security while also serving as a business strategy that can potentially reduce costs and increase revenue through better risk management and compliance. The conversation highlights the complexities of adopting Zero Trust in large organizations and emphasizes the need for clear definitions and practical steps to implement it effectively. In this conversation, the speakers delve into the critical aspects of security policies, breach notifications, and the implementation of Zero Trust frameworks. They discuss the importance of understanding the business value of security measures, enhancing user experience while maintaining security, and the necessity of situational awareness in cybersecurity. The conversation emphasizes the need for effective communication with stakeholders to ensure that security measures are understood and valued, ultimately leading to better risk management and organizational success.  TakeawaysZero Trust is a legitimate security principle, not just a buzzword.Implementation of Zero Trust is complex and requires careful planning.Default deny is a core principle of Zero Trust.Understanding egress and ingress is crucial for effective security.Zero Trust can help reduce cyber insurance costs.Asset management is essential for Zero Trust implementation.Complex environments pose significant challenges to adopting Zero Trust.Risk management is at the heart of Zero Trust strategies.Business processes should be aligned with security measures.Zero Trust can enhance business credibility and partnerships. Breach notifications should be included in contracts to ensure transparency.Zero Trust can lead to increased efficiency and potential cost savings for businesses.Understanding the business processes is crucial for effective security implementation.User experience must be considered when implementing security measures.Situational awareness is key to making informed security decisions.Risk management is an ongoing process, not a one-time fix.Effective communication about security measures can build trust with stakeholders.Security professionals should be prepared to demonstrate the business value of their initiatives.Zero Trust should be implemented in phases, focusing on critical components first.Frameworks should guide security practices, not dictate them.

    56 min

  2. JAN 17

    CvCISO Podcast Episode 38: Zero Trust: Is it Real?

    In this episode, the hosts and guests delve into the concept of Zero Trust Architecture, discussing its legitimacy, implementation challenges, and the importance of understanding its principles. They explore how Zero Trust can enhance security while also serving as a business strategy that can potentially reduce costs and increase revenue through better risk management and compliance. The conversation highlights the complexities of adopting Zero Trust in large organizations and emphasizes the need for clear definitions and practical steps to implement it effectively. In this conversation, the speakers delve into the critical aspects of security policies, breach notifications, and the implementation of Zero Trust frameworks. They discuss the importance of understanding the business value of security measures, enhancing user experience while maintaining security, and the necessity of situational awareness in cybersecurity. The conversation emphasizes the need for effective communication with stakeholders to ensure that security measures are understood and valued, ultimately leading to better risk management and organizational success. Takeaways Zero Trust is a legitimate security principle, not just a buzzword.Implementation of Zero Trust is complex and requires careful planning.Default deny is a core principle of Zero Trust.Understanding egress and ingress is crucial for effective security.Zero Trust can help reduce cyber insurance costs.Asset management is essential for Zero Trust implementation.Complex environments pose significant challenges to adopting Zero Trust.Risk management is at the heart of Zero Trust strategies.Business processes should be aligned with security measures.Zero Trust can enhance business credibility and partnerships. Breach notifications should be included in contracts to ensure transparency.Zero Trust can lead to increased efficiency and potential cost savings for businesses.Understanding the business processes is crucial for effective security implementation.User experience must be considered when implementing security measures.Situational awareness is key to making informed security decisions.Risk management is an ongoing process, not a one-time fix.Effective communication about security measures can build trust with stakeholders.Security professionals should be prepared to demonstrate the business value of their initiatives.Zero Trust should be implemented in phases, focusing on critical components first.Frameworks should guide security practices, not dictate them.

    57 min

  3. JAN 10

    CvCISO Podcast Episode 37: MN Local Chapter 2024 Year in Review

    In this episode of the CvCISO Podcast, the hosts and guests discuss the Minnesota Local Chapter's progress, focusing on community building, mental health check-ins, and the importance of support structures in the information security field. They share insights on how the chapter has fostered a sense of belonging and collaboration among its members, highlighting accomplishments and future goals for growth and authenticity within the community. In this engaging conversation, the participants explore various themes including the humorous use of iPhone shortcuts, the importance of authenticity in professional relationships, and the value of diverse perspectives in the cybersecurity community. They discuss their vision for the local chapter in 2025, emphasizing community involvement and the role of continuing education in professional growth. The conversation highlights the collaborative spirit of the group and their commitment to supporting one another in their respective journeys. Takeaways The Minnesota Local Chapter has been meeting for seven months.Mental health check-ins are a key part of the meetings.Building a supportive community is essential for personal and professional growth.Members share resources and experiences to help each other.Authenticity and transparency are crucial for a thriving community.Regular attendance has led to a consistent group of participants.The chapter aims to expand and replicate its model in other regions.Food and shared meals enhance the community experience.Members feel comfortable discussing personal and professional challenges.The group values both fun and professional development in their meetings. Authenticity in professional relationships fosters better collaboration.Diverse perspectives enhance understanding and decision-making.Community involvement is crucial for personal and professional growth.Starting a local chapter can be done with just a few people.Continuing education is essential in the cybersecurity field.Networking within the community leads to shared resources and ideas.Humor can be a great icebreaker in professional settings.Encouraging others to start their own groups can expand the community.The local chapter serves as a platform for ongoing learning and support.Building relationships is key to success in any industry.

    52 min

  4. 12/27/2024

    CvCISO Podcast Episode 36: A Year in Review

    Summary   In this episode, the hosts discuss updates on the CvCISO Academy, reflecting on the past year and looking forward to 2025. They emphasize the importance of community engagement, new leadership roles, and the need for standardization in cybersecurity practices. The conversation also touches on personal growth and the value of continuous learning, with lighthearted moments shared among the hosts. In this conversation, the speakers discuss the importance of uplifting relationships, continuous learning, and situational awareness in both personal and professional contexts. They explore how these themes relate to cybersecurity, highlighting key events and trends from 2024, the impact of major data breaches, and the accountability of organizations in protecting sensitive information. The discussion also touches on the role of technology and AI in cybersecurity, emerging trends for 2025, and the value of cyber insurance. Ultimately, the conversation emphasizes the importance of love and support in fostering growth and resilience. Takeaways  The Academy is evolving with new leadership and growth opportunities.Community engagement is crucial for the success of the CvCISO program.Standardization in cybersecurity practices is necessary for better service delivery.Continuous learning is essential in the cybersecurity field.The hosts emphasize the importance of personal growth and self-awareness.Plans for 2025 include more community support and resources.Monthly chats will be introduced to foster community connections.Silly moments can help lighten the mood during stressful times.The commitment to the Academy and its programs remains strong. There are people who uplift you.Continuous learning opens up new opportunities.Situational awareness is crucial in everyday life. It helps identify threats.Key cybersecurity events shape the industry's landscape.Data breaches can have severe consequences for individuals.Accountability for breaches often lies with the board of directors.Technology plays a significant role in cybersecurity effectiveness.AI is both a tool for improvement and a potential threat.Cyber insurance can provide financial benefits if managed correctly.

    58 min

  5. 12/20/2024

    CvCISO Podcast Episode 35: vCISO Habits and Routines

    Summary   In this episode of the CvCISO Podcast, hosts Evan, Meg, and Jordon discuss the essential routines and habits for vCISOs, emphasizing the importance of building strong relationships, understanding pricing, and the value of intangibles in cybersecurity. They explore the pathways to entering the cybersecurity field, including education and gaining practical experience, while also addressing the confusion surrounding the industry and the need for clear communication. In this conversation, Evan Francen discusses the importance of effective communication and relationship-building in the role of a Virtual Chief Security Officer (vCISO). He emphasizes the need for thorough preparation, the value of face-to-face interactions, and the significance of understanding cultural differences in establishing trust. The discussion also highlights the importance of collaboration over competition in the security industry, the necessity of providing genuine value to clients, and the role of authenticity in business relationships.   Takeaways Be yourself to build trust and credibility.Leverage your network for support and resources.Intangibles are crucial in cybersecurity roles.Education is available through various channels.Experience is essential and cannot be rushed.Practical skills can be gained through volunteer work.Understand the value you bring to clients.The cybersecurity landscape can be confusing.Strong relationships dictate effective communication.Initiative is key to standing out in job applications.Preparation is key to effective client interactions.Face-to-face meetings can significantly enhance relationships.Cultural understanding is crucial in building trust.Collaboration within the industry can lead to better outcomes.Authenticity fosters stronger business relationships.Providing value is essential for long-term client retention.Understanding the people behind businesses is vital.Regular education on both security and business is important.Establishing mutual accountability enhances client trust.Being genuine in business leads to better client relationships.

    51 min

  6. 12/06/2024

    CvCISO Podcast Episode 34: Routines and Habits

    Summary   In this episode, the speakers explore various themes surrounding self-care, routines, and habits. They discuss the importance of embracing natural beauty, the significance of hydration and morning rituals, and the symbolism behind daily habits like showering. The conversation also delves into the social aspects of habits, particularly focusing on smoking and drinking, and how these habits can foster connections or lead to negative consequences. In this conversation, the speakers explore various personal habits and their impacts on mental health, relationships, and overall well-being. The conversation also touches on the significance of gratitude and contentment in daily life, emphasizing that true joy comes from appreciating what one has rather than seeking more material possessions.   Takeaways The hosts enjoy Fridays and dislike Mondays, reflecting a common sentiment.Exploring habits can reveal different facets of personality.Routines don't have to be work-related; they can encompass all aspects of life.The discussion on habits can lead to deeper insights about personal growth.The hosts share personal anecdotes related to their routines.Morning routines can set a positive tone for the day.Hydration is essential for overall health.Symbolic actions can provide mental clarity.Daily habits can help wash away past negativity.Social habits can lead to meaningful conversations.Bad habits often come with social stigma.Finding balance in habits is crucial for well-being.Every day offers a new opportunity for growth.Being transparent about habits can foster connection. Stress relief can come from various habits, but it's essential to evaluate their impact.Alcoholism can manifest in different ways, and personal choices play a significant role.Sugar addiction is a common struggle that many face.Financial planning can enhance intimacy in relationships by reducing stress.Preparing for help, like cleaning services, can create a smoother experience.Gratitude practices can shift perspective and enhance daily joy.Contentment is more valuable than material wealth.Distractions can lead to ungratefulness; intentional gratitude is necessary.Finding joy in simple things can lead to a more fulfilling life.It's important to recognize the gifts in our lives and appreciate them.

    52 min

  7. 12/02/2024

    CvCISO Podcast Episode 33: Navigating the Assessment Landscape Pt 3

    Summary In this episode of the CvCISO Podcast, the hosts engage in a light-hearted conversation that transitions into a serious discussion about access control policies, the role of IT in managing access, and the importance of user account reviews. They explore the risks associated with shared accounts and the significance of system and service accounts in cybersecurity. The episode concludes with a focus on authentication and password management, emphasizing the need for robust security practices. In this conversation, the participants discuss various aspects of organizational security, focusing on password policies, password management systems, encryption, mobile device security, remote work policies, and monitoring of remote connections. They reflect on the challenges and solutions related to these topics, emphasizing the importance of training, access control, and the need for clear policies to protect sensitive information.   Takeaways Access control policies are crucial for organizational security.IT plays a vital role in managing access requests and approvals.Regular reviews of user accounts are necessary to maintain security.Shared accounts pose significant security risks that need addressing.System and service accounts require careful inventory and review.Authentication processes must be secure to prevent impersonation.Training and awareness on password management are essential for employees.Policies should be clear and usable to enhance compliance.Transparency in assessments leads to better security outcomes. Changing password policies can be frustrating but necessary for security.Implementing a password management system can ease the burden on employees.Regular password changes can protect against potential breaches.Encryption is essential for protecting sensitive data in transit and at rest.Mobile devices should have enforced security measures like PINs.Remote work requires clear policies to protect organizational data.Monitoring remote connections is crucial for maintaining security.Regular assessments can help identify gaps in security practices.Collaboration between HR and IT is vital for effective training.Creating a culture of security awareness is important for all employees.

    57 min

  8. 11/23/2024

    CvCISO Podcast Episode 32: Navigating the Assessment Landscape Pt 2

    Summary In this episode of the CvCISO Podcast, the hosts continue their assessment discussion, focusing on the roles of CEO, CFO, and VC. They explore the importance of separation of duties, risk management, and the impact of experience on wisdom. The conversation transitions into the assessment process, covering topics such as screening and background checks, security policies, employee monitoring, and training for privileged users. The hosts emphasize the need for awareness training and the significance of having a structured approach to security in small businesses. In this conversation, the speakers delve into various aspects of information security, focusing on the definitions and roles of privileged users, the importance of post-employment processes, and the management of assets and inventories. They discuss the need for formal information classification guidelines and the handling of removable media. The conversation also touches on the disposal of media, the inventory of cloud services, and the relationship between compliance and risk management, emphasizing the importance of foundational security practices over compliance minutiae.   Takeaways Separation of duties is crucial in risk management.Experience with pain can lead to wisdom.High turnover necessitates thorough background checks.Employee training should include security awareness.Privileged users require specialized training.Monitoring employees can help detect cybersecurity events.Transparency is key during technical difficulties.Assessments can reveal gaps in security practices.Risk acceptance is a legitimate strategy.Regular reviews of security policies are essential.All admins are considered privileged users.It's essential to define what constitutes a privileged user in an organization.A solid onboarding and offboarding process is crucial for security.Asset management includes both physical devices and software.Information classification should be formalized to enhance security.Removable media poses unique risks that need to be managed.Media disposal processes should be clearly defined and followed.Organizations often lack a complete inventory of cloud services.Compliance requirements can influence how assessments are conducted.It's important to focus on foundational security practices rather than compliance minutiae.

    54 min
See All (39)

Ratings & Reviews

5
out of 5
2 Ratings

About

Welcome to "The CvCISO Podcast" - an extension of SecurityStudio's vCISO training program. Designed to keep the conversation alive beyond the confines of traditional training, this podcast is your ongoing resource for all things related to Virtual Chief Information Security Officers (vCISOs). This podcast is a space where vCISOs can continue to explore, discuss, and evolve their understanding of the cybersecurity landscape. Join us as we delve into the experiences, perspectives, and challenges that vCISOs face. From sharing success stories to dissecting tough lessons learned, we cover it all. The goal of the podcast is to build a community where vCISOs can come together to learn from one another. Through engaging discussions and thought-provoking questions from the vCISO community, we keep the conversation dynamic and relevant. This isn't just a podcast - it's a dynamic platform where your voice matters. So, whether you're a seasoned vCISO or just starting, join us on the "CvCISO Podcast" as we continue the journey of learning and growth together. Hosts: Jordon Darling (Vice President, Top Dog PC Services) https://www.linkedin.com/in/jordon-darling/ Evan Francen (Founder and CEO, SecurityStudio) https://www.linkedin.com/in/evanfrancen/ Meg Perron (CvCISO Training Academy Director, SecurityStudio) https://www.linkedin.com/in/meg-perron-mba/ To find out more information about SecurityStudio's CvCISO Training Program visit: www.cvciso.com Follow SecurityStudio on LinkedIn: https://www.linkedin.com/company/11486715 Email cvcisopodcast@securitystudio.com with questions or topics you'd like our hosts to tackle!  

Information

  • Creator
    SecurityStudio
  • Years Active
    2024 - 2025
  • Episodes
    39
  • Rating
    Explicit
  • Copyright
    © SecurityStudio
  • Show Website
    CvCISO Podcast

You Might Also Like

To listen to explicit episodes, sign in.

Stay up to date with this show

Sign in or sign up to follow shows, save episodes, and get the latest updates.
Select a country or region

Africa, Middle East, and India

Asia Pacific

Europe

Latin America and the Caribbean

The United States and Canada