234 episodes

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

    • Technology
    • 4.8 • 150 Ratings

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

    Entry Level Position Available. 15+ Years Experience Required.

    Entry Level Position Available. 15+ Years Experience Required.

    All links and images for this episode can be found on CISO Series.
    That headline is not a joke. An actual job listing on LinkedIn requested just that. We're all hoping this was an error. Regardless, the community response to it was truly overwhelming, speaking much to the frustration of green and junior cybersecurity job seekers who are truly looking for entry level jobs. 
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Bryan Willett, CISO, Lexmark.
    Thanks to our podcast sponsor, AuditBoard

    CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.
    In this episode:
    Why do some job listing seem to have unrealistic requirements for entry level job-seekers? Who needs 15+ years experience in practically anything?
    What is the value of security operations if you’re not detecting and dealing with incidents?
    What do you think cybersecurity awareness month should accomplish?

    • 39 min
    Get All the Stress You Want, With None of the Authority

    Get All the Stress You Want, With None of the Authority

    All links and images for this episode can be found on CISO Series.
    CISOs and other security leaders have a lot of stress. But so do other C-level employees. Why does a CISO's stress seem that much more powerful? Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Aman Sirohi (@amangolf), CISO, People.ai.
    Thanks to our podcast sponsor, AuditBoard

    CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.
    In this episode:
    Why does a CISO's stress seem that much more powerful?
    Is it that their job is still in constant development, or is the "C" in their name just in title, but not authority?
    What part of the supply chain security effort is truly building trust in your supplier and having ongoing reassurances that that trust is being maintained?

    • 36 min
    We Built This City on Outdated Software

    We Built This City on Outdated Software

    All links and images for this episode can be found on CISO Series.
    "The biggest threat to national security is that many of the most vital systems on the planet CURRENTLY run on outdated and insecure software," said Robert Slaughter of Defense Unicorns on LinkedIn. That's at the core of the third-party security issue.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is Richard Marcus, vp, InfoSec, AuditBoard.
    Thanks to our podcast sponsor, AuditBoard

    CrossComply is AuditBoard’s award-winning security compliance solution that allows organizations to build trust and scale their security compliance program with a connected risk platform that unifies SOC 2, ISO 2700x, NIST, CMMC, PCI DSS, and more across your organization.
    In this episode:
    How big of a problem is outdated software in our industry? Is insecurity just the result of a lack of efficient process?
    How much does a company’s transparency before, during, and after a breach tell us about their corporate character?
    What's the behavior after a breach you want to see that reaffirms your commitment to doing business with a vendor?

    • 36 min
    Wrong Answers to Revealing Interview Questions

    Wrong Answers to Revealing Interview Questions

    All links and images for this episode can be found on CISO Series
    Security leaders will often ask challenging or potentially gotcha questions as barometers to see if you can handle a specific job. They're looking not necessarily for a specific answer, but rather a kind of answer and they're also looking to make sure you don't answer the question a specific way. Don't get caught in the trap.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Quincy Castro, CISO, Redis.
    Thanks to our podcast sponsor, Okta

    Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.
    In this episode:
    What parts of cybersecurity can you comfortably outsource? What parts of cybersecurity do you want to outsource, but can't?
    One of the major arguments for outsourcing is "Finding cyber talent is really tough." Do you agree with that rationale to outsource?
    When building a security program for a startup, how do you establish scope and requirements?

    • 38 min
    Don’t Make Me Explain This, Because I Can’t

    Don’t Make Me Explain This, Because I Can’t

    All links and images for this episode can be found on CISO Series
    If you know a difficult concept very well and you're incapable of explaining it simply to others who don't understand it, it's known as the "curse of knowledge." It is for this reason far too many talented cybersecurity professionals struggle to educate others.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Okey Obudulu (@okeyobudulu), CISO, Skillsoft.
    Thanks to our podcast sponsor, Trend Micro

    Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!
    In this episode:
    How important is knowing the crown jewels in your security program? Wouldn't a "crown jewel"-focused security program be myopic?
    Have you been guilty of "curse of knowledge" when you tried to explain something and what did you do to improve?
    How often does a security leader come into a program and have the sense they're starting out at square one?

    • 33 min
    Where’s the “Single Pane of Glass” to My Level of Stress

    Where’s the “Single Pane of Glass” to My Level of Stress

    All links and images for this episode can be found on CISO Series
    CISOs say stress and burnout are their top personal risks. Breaches, increased regulations, and the tech talent shortage are all contributors to the stress. Sure would be nice for the CISO and the rest of the team to look at a chart that showed the CISO's stress level in real time.

    This week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and special guest co-host Shawn Bowen (@SMbowen), CISO, World Fuel Services. Our guest is Meredith Harper (@mrhciso), svp, CISO, Synchrony.

    This episode was recorded in front of a live audience in Chicago at The City Hall nightclub for the opening night of Evanta's Global CISO Executive Summit.
    Thanks to our podcast sponsor, Cisco

    Cisco Secure delivers a streamlined, customer-centric approach to security that ensures it’s easy to deploy, manage, and use. We help 100 percent of the Fortune 100 companies secure work – wherever it happens – with the broadest, most integrated platform. Learn more at cisco.com/go/secure.
    In this episode:
    What do you think companies can do to alleviate this pressure and help a CISO better succeed? Why is there such a significant disconnect between companies’ increased commitment to diversity and inclusion and the day-to-day experiences of women of color? How can enterprise security maintain visibility into, and control over who and what is accessing their data?

    • 42 min

Customer Reviews

4.8 out of 5
150 Ratings

150 Ratings

hehehdhehehey ,

One of my favorite podcasts

Entertaining, easy to listen to and probably the most educational podcast for cybersecurity sales reps. Also a great listen for security professionals. I am a big fan!

Allllsouledout ,

Great for sales reps to get the CISO perspective

As someone tied to a quota it’s easy to lose focus on the problems we’re all actually trying to solve. Highly recommend!

AloofButFunctional ,

Valuable Insights on Security and Group Communication

1. The topics are engaging, relatable.
2. The speakers on the show have a great amount of energy.
3. The added insights on Information Security are a real treat.
4. The importance on working collaboratively - as humans is a big reminder that you don't need to be the biggest most knowledgeable person in the room.

Top Podcasts In Technology

Lex Fridman
Jason Calacanis
Cal Newport
The New York Times
NPR
Jack Rhysider

You Might Also Like

CISO Series
David Spark
ITWC
CyberWire, Inc.
Johannes B. Ullrich
CyberWire Inc.