225 episodes

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

    • Technology
    • 4.8 • 151 Ratings

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

    I Pity the Fool Who Builds a Homogeneous Cyber A-Team

    I Pity the Fool Who Builds a Homogeneous Cyber A-Team

    All links and images for this episode can be found on CISO Series
    If you want to build a successful cybersecurity team, you need to be diverse, mostly in thought. But that diversity in thought usually is the result of people with diverse backgrounds who have had different experiences and have solved problems differently. It's actually really hard to hire a diverse team because what you want to do is simply hire people who look, talk, and sound like you. People who come from the same background as you. While that may work for building friends, it's not necessarily the best solution when building a team to secure your company.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is George Finney (@wellawaresecure), CISO, Southern Methodist University and author of “Well Aware: The Nine Cybersecurity Habits to Protect Your Future” and "Project Zero Trust."
    Thanks to our podcast sponsor, Feroot

    Feroot secures client-side web applications so that businesses can deliver a flawless and safe digital user experience to their customers. Our automated, client-side, data protection capabilities increase web application visibility, facilitate threat analysis, and detect and protect from client-side attacks, such as Magecart, XSS, e-skimming, and other threats focused on front-end web applications.
    In this episode:
    What are the personality types you need on your staff?
    Can you be a vCISO if you're not a CISO first. And if you're a vCISO without ever being a CISO, are you just a cybersecurity consultant?
    Also, what are some creative uses of honeypots most users don't consider?

    • 36 min
    The Cybersecurity Hamster Wheel of Getting Nothing Done

    The Cybersecurity Hamster Wheel of Getting Nothing Done

    All links and images for this episode can be found on CISO Series
    What are signs your team is getting burnt out? It's not an imbalance of work and family, it's feeling you're having no impact. That you're working your tail off and nothing is getting accomplished. This happens often in cybersecurity.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Sara-Michele Lazarus, vp/head of trust and security, Stavvy.
    Thanks to our podcast sponsor, Sysdig

    Sysdig is driving the standard for cloud and container security. With Sysdig, teams find and prioritize software vulnerabilities, detect and respond to threats, and manage cloud configurations, permissions and compliance. Customers get a single view of risk from source to run, with no blind spots, no guesswork, no black boxes.
    In this episode:
    What are signs your team is getting burnt out? What's the most valuable skill in a cybersecurity analyst? Why are we seeing so many zero day exploits right now?

    • 40 min
    Who Do You Need to Trust When You Build a Zero Trust Architecture?

    Who Do You Need to Trust When You Build a Zero Trust Architecture?

    All links and images for this episode can be found on CISO Series
    Uggh, just saying "zero trust" sends shivvers down security professionals' spines. The term is fraught with so many misnomers. The most important is who are you going to trust to actually help you build that darn zero trust program? Are you going to look at a vendor that's consolidated solutions and has built programs like this repeatedly or are you going to look for the best solutions yourself and try to figure out how best to piece it together to create that "zero trust" program?
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our sponsored guest is David Chow, global chief technology strategy officer, Trend Micro.
    Thanks to our podcast sponsor, Trend Micro

    Trend Micro Cloud One, a security services platform for cloud builders, delivers the broadest and deepest cloud security offering in one solution, enabling you to secure your cloud infrastructure with clarity and simplicity. Discover your dynamic attack surface, assess your risk, and respond with the right security at the right time. Discover more!
    In this episode:
    Why is the term “zero trust” fraught with so many misnomers?
    Is there such a thing as privacy anymore? Do you agree with the term “good enough”, and if so what is a "good enough" factor, what does it entail, and what should we expect from that?
    Where has the United States done the most to improve national cybersecurity?

    • 37 min
    The Best Interview Questions and the Answers You Want to Run From

    The Best Interview Questions and the Answers You Want to Run From

    All links and images for this episode can be found on CISO Series.
    You want an awesome job in cybersecurity, and you want to ask the right questions. What are the right answers, and which ones are red flags that should cause you to run?
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our guest is Renee Guttman, former CISO, Campbell's, Coca-Cola, and Time Warner.
    Thanks to our podcast sponsor, Okta

    Auth0 is the leading provider of customer identity solutions. Watch Jameeka Aaaron, CISO for Auth0, explain how to balance security with friction to create a safe authentication experience without compromising on privacy.
    In this episode:
    When interviewing, what are the right answers, and which ones are red flags that should cause you to run? Has the cloud just created a bigger security problem that's creeped up on us?  Are legacy systems just a ticking time bomb or have you seen success in managing them?

    • 32 min
    But I Spent All This Money. Why Are You Still Ignoring Me?

    But I Spent All This Money. Why Are You Still Ignoring Me?

    All links and images for this episode can be found on CISO Series
    Are RSA and other big conferences worth it? It seems that fewer CISOs are actually walk the floor at these big trade shows. The really big meetings are happening outside of the conference. Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night? Are the customers and vendors getting priced out?
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson. Our guest is Jessica Ferguson, CISO, DocuSign.
    Thanks to our podcast sponsor, SlashNext

    SlashNext protects the modern workforce from phishing and human hacking across all digital channels. SlashNext Complete™ utilizes our patented AI SEER™ technology to detect zero-hour phishing threats by performing dynamic run-time analysis on billions of URLs a day through virtual browsers and machine learning. Take advantage of SlashNext's phishing defense services for email, browser, mobile, and API.
    In this episode:
    Are big conferences like RSA worth it? What's the value of the trade show floor at RSA?
    Why would CISOs attend these big conferences with airfares costing over $1000 and hotel rooms costing $500 to $800 a night?
    Are the customers and vendors getting priced out?

    • 37 min
    It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.

    It’s OK to Look Like a Cyber Hero. Just Don’t Act Like One.

    All links and images for this episode can be found on CISO Series
    Security professionals should turn in the cyber hero mentality for the "sidekick" role. Many cybersecurity leaders believe they need to save the company from all the stupid users who can't protect themselves. The reality is security professionals should lose the saviour mentality for a supporting role where they're running alongside different business units trying to find a way to make their process run smoother and more secure.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Our wponsored guest Clyde Williamson, product management, innovations, Protegrity.
    Thanks to our podcast sponsor, Protegrity

    Protegrity empowers intelligence-driven organizations to use data to drive innovation with secure analytics and artificial intelligence, without fear of violating compliance or jeopardizing privacy. To make this vision a reality, we protect sensitive data anywhere and everywhere to create secure data agility that aligns with the speed of modern business.
    In this episode:
    Is it OK if users see security as heroes but security professionals shouldn't see themselves that way? What have you heard enough about when it comes to data protection, and what would you like to hear a lot more? How can we best create a cyber risk balance sheet?

    • 39 min

Customer Reviews

4.8 out of 5
151 Ratings

151 Ratings

hehehdhehehey ,

One of my favorite podcasts

Entertaining, easy to listen to and probably the most educational podcast for cybersecurity sales reps. Also a great listen for security professionals. I am a big fan!

Allllsouledout ,

Great for sales reps to get the CISO perspective

As someone tied to a quota it’s easy to lose focus on the problems we’re all actually trying to solve. Highly recommend!

AloofButFunctional ,

Valuable Insights on Security and Group Communication

1. The topics are engaging, relatable.
2. The speakers on the show have a great amount of energy.
3. The added insights on Information Security are a real treat.
4. The importance on working collaboratively - as humans is a big reminder that you don't need to be the biggest most knowledgeable person in the room.

You Might Also Like

CISO Series
David Spark
CyberWire, Inc.
ITWC
Johannes B. Ullrich
CyberWire Inc.