240 episodes

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

    • Technology
    • 4.8 • 155 Ratings

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

    Today’s Agenda: When Will This Meeting End?

    Today’s Agenda: When Will This Meeting End?

    All links and images for this episode can be found on CISO Series.
    Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea?
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jeremy Embalabala, CISO, HUB International.
    Thanks to our podcast sponsor, SlashNext

    With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.
    In this episode:
    Everyone's favorite meeting is a short meeting. But does anyone want a fun or entertaining meeting? Or is that a bad idea? How do we make our security teams more productive? The cost of getting and paying for cybersecurity insurance is so darn high. Would it be worth it to just self-insure?

    • 34 min
    Your Password Is Too Long. Please Shorten It.

    Your Password Is Too Long. Please Shorten It.

    All links and images for this episode can be found on CISO Series.
    What happens when you want to adhere to more secure behavior, but the tool you're using forces you to be less secure, solely because they didn't architect in more stringent security when they created the program.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Terrance Cooley, CISO, Air Force JADC2 R&D Center.
    Thanks to our podcast sponsor, Varonis

    Everyday, your employees share thousands of sensitive files with too many people, exposing data to the entire organization – or even the entire internet. Varonis monitors sharing link activity and intelligently eliminates links that aren’t needed – reducing your risk on a continual basis. Discover more at www.varonis.com/cisoseries.
    In this episode:
    What is the worst security behavior you've seen from an IT vendor? Are you applying talent-to-value recruiting techniques to reduce corporate risk? What are your predictions for the evolution of cyber threats?

    • 34 min
    Stir in a Little Merger and Acquisition, and Voilà, You’re a Target

    Stir in a Little Merger and Acquisition, and Voilà, You’re a Target

    All links and images for this episode can be found on CISO Series.

    There is a lot unknown before, during, and after a merger and that can make employees very susceptible to phishing attacks. But, at the same time, the due diligence that goes into an M&A can often open up signs of previous or active compromise, noted Rich Mason of Critical Infrastructure.

    What does a proposed merger do to a security program?"

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Nicole Ford (@nicoledgray), global vp and CISO, Rockwell Automation.
    Thanks to our podcast sponsor, Pentera

    Pentera is the category leader for Automated Security Validation, allowing every organization to test with ease the integrity of all cybersecurity layers including their ransomware readiness, unfolding true, current security exposures at any moment, at any scale.
    In this episode:
    As a security leader, how does your security posture change when you know given your assets you are a specific target vs. just an opportunity? Could similar critical infrastructure agencies be grouped together and therefore share cybersecurity resources? What does a proposed merger do to a security program?

    • 39 min
    We’re Here. We’re Highly Unqualified. Get Used To It

    We’re Here. We’re Highly Unqualified. Get Used To It

    All links and images for this episode can be found on CISO Series.
    "Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation," asked a redditor on the cybersecurity subreddit who remembers a time when security personnel were seen as highly experienced technologists. But now they believe people view cybersecurity as an easy tech job to break into for easy money.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Stephen Cicirelli, CISO, American Bureau of Shipping.
    Thanks to our podcast sponsor, Stairwell

    The standard cybersecurity blueprint is a roadmap for attackers to test and engineer attacks. With Inception, organizations can operate out of sight, out of band, and out of time. Collect, search, and analyze every file in your environment – from malware and supply chain vulnerabilities to unique, low-prevalence files and beyond.
    Learn about Inception.
    In this episode:
    Does anyone else feel like the security field is attracting a lot of low-quality people and hurting our reputation?
    Do people view cybersecurity as an easy tech job to break into for easy money?
    With all this talk of needing more cyber talent, are we attracting quality or just quantity?

    • 39 min
    Sound Security Advice That’s Perfect to Ignore

    Sound Security Advice That’s Perfect to Ignore

    All links and images for this episode can be found on CISO Series.
    It appears our security awareness training is working, up to a point. Most people are well aware of the need for secure passwords, but they don't actually create secure passwords.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Patrick Harr, CEO, SlashNext.
    Thanks to our podcast sponsor, SlashNext

    With today’s transition to hybrid working, phishing attacks are becoming more prevalent than ever. Mobile phishing and credential harvesting are exploding and affecting business reputations, finances and most importantly, data loss. With new methods of phishing attacks appearing year over year, enterprises need more robust phishing protection to better protect this expanding attack surface and companies’ most valuable assets. Check out the report.
    In this episode:
    Why does it seem like our security awareness training is only working up to a certain point? Most people are well aware of the need for secure passwords, but why don't they actually create secure passwords? Is it true that, “people are not the weakest link, they're just the top attack vector?”

    • 38 min
    They’re Young, Green, and Very Hackable

    They’re Young, Green, and Very Hackable

    All links and images for this episode can be found on CISO Series.
    It appears we're not providing security awareness training fast enough. That's because hackers are specifically targeting brand new employees who don't yet know the company's procedures. Illicit hackers are discovering they're far easier to phish.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Gene Spafford (@therealspaf), Professor, Purdue University.

    Gene's book available for pre-order Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls that Derail Us.

    25th anniversary of CERIAS
    Thanks to our podcast sponsor, Lacework

    Lacework offers the data-driven security platform for the cloud and is the leading cloud-native application protection platform (CNAPP) solution. Only Lacework can collect, analyze, and accurately correlate data — without requiring manually written rules — across an organization’s AWS, Azure, Google Cloud, and Kubernetes environments, and narrow it down to the handful of security events that matter. Security and DevOps teams around the world trust Lacework to secure cloud-native applications across the full lifecycle from code to cloud. Get started at lacework.com/cisoseries.
    In this episode:
    Is cybersecurity awareness a long term marketing effort?
    Where are we making progress with the general populous when it comes to improving the human aspect of cybersecurity?
    How difficult and how long can it take to discover what a company's crown jewels are, and what needs to be done?

    • 38 min

Customer Reviews

4.8 out of 5
155 Ratings

155 Ratings

hehehdhehehey ,

One of my favorite podcasts

Entertaining, easy to listen to and probably the most educational podcast for cybersecurity sales reps. Also a great listen for security professionals. I am a big fan!

Allllsouledout ,

Great for sales reps to get the CISO perspective

As someone tied to a quota it’s easy to lose focus on the problems we’re all actually trying to solve. Highly recommend!

AloofButFunctional ,

Valuable Insights on Security and Group Communication

1. The topics are engaging, relatable.
2. The speakers on the show have a great amount of energy.
3. The added insights on Information Security are a real treat.
4. The importance on working collaboratively - as humans is a big reminder that you don't need to be the biggest most knowledgeable person in the room.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
The Cut & The Verge
The New York Times
NPR
Apple Inc.

You Might Also Like

CISO Series
David Spark
ITWC
CyberWire, Inc.
Johannes B. Ullrich
CyberWire Inc.