307 episodes

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

CISO Series Podcast David Spark, Mike Johnson, and Andy Ellis

    • Technology
    • 4.8 • 179 Ratings

Formerly named CISO/Security Vendor Relationship Podcast. Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.

    Ransomware? Why’d It Have to be Ransomware? (Live at B-Sides San Diego)

    Ransomware? Why’d It Have to be Ransomware? (Live at B-Sides San Diego)

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF.
    In this episode:
    Are companies taking the air out of the open source balloon?
    What’s broken about cybersecurity hiring?
    Do we need minimum requirements for cybersecurity knowledge in sales?
    Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI

    Devo replaces traditional SIEMs with a real-time security data platform.
    Devo’s integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time.

    Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.

    NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.

    • 44 min
    You Can’t Leak What You Don’t Collect

    You Can’t Leak What You Don’t Collect

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Jeremiah Roe, advisory CISO, OffSec.
    In this episode:
    What happens as data minimization in the US changes from a potential policy goal to a regulatory imperative?
    How does this impact the rest of the industry?
    How do CISOs start getting ready for compliance?
    How to improve cybersecurity training and development? Thanks to our podcast sponsor, OffSec

    OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

    • 34 min
    Our Help Desk Plaque Reads “Over 100,000 Threat Actors Served”

    Our Help Desk Plaque Reads “Over 100,000 Threat Actors Served”

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Martin Mazor, vp and CISO, onsemi.
    In this episode:
    Has the shine worn off the cybersecurity promise of MFA?
    Why are threat actors increasingly finding ways to get around it?
    Given the high profile attacks we've seen getting around MFA, how much security stock should we put into it going forward?
    Thanks to our podcast sponsor, Material Security

    Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

    • 35 min
    Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)

    Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor.
    In this episode:
    Has the line between work and personal devices blurred?
    Why are we seeing signs that that line no longer exists for employees?
    What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices?
    Thanks to our podcast sponsors, Eclypsium and Normalyze

    Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark

    Where is my data? Is it sensitive? Who has access to the data? What are the risks? What is the cost of exposure? Am I compliant now? Enter Normalyze.

    Normalyze’s agentless, machine-learning scanning platform continuously discovers sensitive data, resources, and access paths in all cloud environments. Learn more.

    • 44 min
    I Really Shouldn’t Have Agreed to Variable Rate Technical Debt

    I Really Shouldn’t Have Agreed to Variable Rate Technical Debt

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Aaron Shaha, CISO, CyberMaxx.
    In this episode:
    Is technical debt an inevitability in any organization?
    How do you go about "paying it down?"
    How do you decide when you need a systematic refresh and when can you kick the can down the road a little longer?
    Thanks to our podcast sponsor, CyberMaxx

    CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

    • 35 min
    We’ll Invest in Resilience as Soon as the Ransom Payment Clears

    We’ll Invest in Resilience as Soon as the Ransom Payment Clears

    All links and images for this episode can be found on CISO Series.
    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is my guest, Thom Langford, CISO, Velonetic.
    In this episode:
    Why do lots of businesses pledge to never pay ransomware demands?
    And why do their priorities quickly change when they need to get the business back to normal after an attack occurs?
    What good is a pledge like that without the infrastructure and organizational commitment to make it possible?
    Thanks to our podcast sponsor, CyberMaxx

    CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

    • 35 min

Customer Reviews

4.8 out of 5
179 Ratings

179 Ratings

ArlieLP ,

Top notch!

I can't recommend this podcast enough! The discussions, tips, and debates are incredibly insightful. It's an invaluable resource for learning how to enhance security collaboratively, benefiting not only our organizations but the entire community. Thanks for putting out such a superb show, David, Mike, and Andy - keep up the great work!

yopoctopus ,

This would be a 5 star show if the sound effects weren’t so loud

Great content. The game show sounds are very loud.

MikeVotaw ,

Thanks for fantastic content

This is the meatiest podcast I’ve ever listened to. Learning so much! I’m on the sales side but looking to take on a CISO role soon. What an amazing tool to be successful!!

Top Podcasts In Technology

Acquired
Ben Gilbert and David Rosenthal
Lex Fridman Podcast
Lex Fridman
The TED AI Show
TED
All-In with Chamath, Jason, Sacks & Friedberg
All-In Podcast, LLC
Hard Fork
The New York Times
TED Radio Hour
NPR

You Might Also Like

Defense in Depth
David Spark
Cyber Security Headlines
CISO Series
Cybersecurity Today
ITWC
CyberWire Daily
N2K Networks
SANS Internet Stormcenter Daily Cyber Security Podcast (Stormcast)
Johannes B. Ullrich
Hacking Humans
N2K Networks