CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

All links and images for this episode can be found on CISO Series.
Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International.
Thanks to our podcast sponsor, SlashNext

With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.
In this episode:
Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? How do we make our security teams more productive? The cost of getting and paying for cybersecurity insurance is so darn high. Would it be worth it to just self-insure?

All links and images for this episode can be found on CISO Series.
What happens when you want to adhere to more secure behavior, but the tool you're using forces you to be less secure, solely because they didn't architect in more stringent security when they created the program.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Terrance Cooley, CISO, Air Force JADC2 R&D Center.
Thanks to our podcast sponsor, Varonis

Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries.
In this episode:
What is the worst security behavior you've seen from an IT vendor? Are you applying talent-to-value recruiting techniques to reduce corporate risk? What are your predictions for the evolution of cyber threats?

All links and images for this episode can be found on CISO Series.

There is a lot unknown before, during, and after a merger and that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure.

What does a proposed merger do to a security program?"

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nicole Ford (@nicoledgray), global vp and CISO, Rockwell Automation.
Thanks to our podcast sponsor, Pentera

Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale.
In this episode:
As a security leader, how does your security posture change when you know given your assets you are a specific target vs. just an opportunity? Could similar critical infrastructure agencies be grouped together and therefore share cybersecurity resources? What does a proposed merger do to a security program?

All links and images for this episode can be found on CISO Series.
"Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation," asked a redditor on the cybersecurity subreddit who remembers a time when security personnel were seen as highly experienced technologists. But now they believe people view cybersecurity as an easy tech job to break into for easy money.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Stephen Cicirelli, CISO, American Bureau of Shipping.
Thanks to our podcast sponsor, Stairwell

The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond.
Learn about Inception.
In this episode:
Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation?
Do people view cybersecurity as an easy tech job to break into for easy money?
With all this talk of needing more cyber talent, are we attracting quality or just quantity?

All links and images for this episode can be found on CISO Series.
It appears our security awareness training is working, up to a point. Most people are well aware of the need for secure passwords, but they don't actually create secure passwords.
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext.
Thanks to our podcast sponsor, SlashNext

With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.
In this episode:
Why does it seem like our security awareness training is only working up to a certain point? Most people are well aware of the need for secure passwords, but why don't they actually create secure passwords? Is it true that, “people are not the weakest link, they're just the top attack vector?”

All links and images for this episode can be found on CISO Series.
It appears we're not providing security awareness training fast enough. That's because hackers are specifically targeting brand new employees who don't yet know the company's procedures. Illicit hackers are discovering they're far easier to phish.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Gene Spafford (@therealspaf), Professor, Purdue University.

Gene's book available for pre-order Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.

25th anniversary of CERIAS
Thanks to our podcast sponsor, Lacework

Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at lacework.com/cisoseries.
In this episode:
Is cybersecurity awareness a long term marketing effort?
Where are we making progress with the general populous when it comes to improving the human aspect of cybersecurity?
How difficult and how long can it take to discover what a company's crown jewels are, and what needs to be done?