Cloud Security Today Matthew Chiodi

Episode Summary
On this episode, CISO at Palo Alto Networks, Niall Browne, joins the show to talk about Security, Cloud, and AI. Before joining Palo Alto Networks, he served as the CSO of Cloud platforms for the past sixteen years, including as the CSO and CTO at Workday.
Today, Niall talks about his journey starting in the early days of the Internet, his work during Palo Alto’s shift to Cloud and now AI, and how to keep track of risk with automation. How can teams do more with less? Hear about how to communicate risk to company board members, the usefulness of Gen AI, and the cyber skills shortage.
 
Timestamp Segments
·       [01:39] Niall’s Bank of Ireland experience.
·       [05:07] How did the early internet catch Niall’s attention?
·       [08:56] What is Niall most proud of?
·       [11:34] Palo Alto’s shift to Cloud.
·       [16:43] Overcoming resistance to the shift.
·       [22:53] Keeping a pulse on risk.
·       [28:07] Communicating risk to boards.
·       [33:46] Doing More With Less.
·       [38:00] How does Gen AI make processes better?
·       [41:27] The cyber skills shortage.
·       [47:04] Niall’s personal growth formula.
 
Notable Quotes
·       “More with less is key.”
·       “Hiring the right skill set is very difficult.”
 
Relevant Links
Website:          www.paloaltonetworks.com
LinkedIn:         Niall Browne
 
Resources:
Doing More with Less: The Case for SOC Consolidation.
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Episode Summary
In this episode, Jerich Beason, CISO at WM, joins the show to discuss becoming a CISO. Before joining WM, Jerich served in various roles at Lockheed Martin, RSA, Capital One, AECOM, and Deloitte.


Jerich talks about how he tailored his roles throughout his career, learning communication soft skills and his passion for sharing with others. 

Hear about how AI affects leadership, how Jerich would change the cybersecurity industry, and the true value of vendors (it's positive!).


Timestamp Segments
·       [02:51] When Jerich knew he wanted to be a CISO.
·       [04:52] Tailoring the roles.
·       [06:02] What is Jerich most proud of?
·       [07:17] Jerich’s best advice.
·       [13:22] Transitioning away from geek-speak.
·       [17:29] When Jerich developed the passion.
·       [20:28] The PRIME framework.
·       [25:20] What should be talked about with AI?
·       [29:09] What would Jerich change about the cybersecurity industry?
·       [30:33] Hiring the right people.
·       [33:37] How Jerich stays sharp.
·       [35:06] The value of vendors.
 
Notable Quotes
·       “Not every issue warrants a ‘sky is falling’ alert.”
·       “When it comes time to leave, leave a legend.”
·       “We don’t exist without vendors.”
 
Relevant Links
Website:          www.wm.com
LinkedIn:         Jerich Beason
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Episode Summary
On this episode, Co-Founder and CTO of Gutsy, John Morello, joins Matt to talk about Process Mining in Cybersecurity. Before co-founding Gutsy, John served as the CTO of Twistlock and VP of Product for Prisma Cloud.


John holds multiple cybersecurity patents and is an author of NIST SP 800-190, the Container Security Guide. Before Twistlock, he was the CISO of an S&P 500 global chemical company. Before that, he spent 14 years at Microsoft, working on security technologies in Windows and Azure and consulting on security projects across the DoD, intelligence community, and at the White House. 


John graduated summa cum laude from LSU and lives in Baton Rouge with his wife and two sons. A lifelong outdoorsman and NAUI Master Diver and Rescue Diver, he's the former board chair of the Coalition to Restore Coastal Louisiana and a current Coastal Conservation Association board member.


Today, John talks about governance challenges in cybersecurity, the importance of security as a process, and how to apply process mining. How is process mining useful in cybersecurity? Hear about process mining human actions and unstructured sources, and how John manages to stay sharp.


 
Timestamp Segments
·       [02:20] John’s cybersecurity journey.
·       [07:43] Pivotal moments in John’s career.
·       [10:23] The most pressing governance challenges.
·       [14:07] What is process mining?
·       [19:03] How process mining can benefit certain functions.
·       [21:09] Security as a process, not a product.
·       [25:37] Why there’s not more focus on process.
·       [32:03] Applying process mining.
·       [38:07] Filling in the gaps.
·       [42:03] How John stays sharp.
 
Notable Quotes
·       “Security is a process, not a product.”
·       “In security, inefficiency and inconsistency are highly correlated with risk.”
·       “Almost everything in security is about process.”
 
Relevant Links
Website:          gutsy.com.
LinkedIn:         www.linkedin.com/in/john-morello.
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Episode Summary
On this episode, Best Selling author of Cyber for Builders and blogger Ross Haleliuk joins the show to talk about his writing on the cybersecurity industry. Ross is active in the cybersecurity ecosystem as a startup advisor and angel investor, currently leading the VIS Angel Syndicate. He often writes about cybersecurity, security investment, growth, and building security startups on TechCrunch, in other leading industry media, and in his blog, Venture in Security, read by tens of thousands of security leaders every month.

Today, Ross talks about the usefulness of apprenticeship programs and the impact of AI on the talent shortage. What makes the talent shortage a qualitative issue? Hear about AI and cybersecurity problem-solving, Ross’s recently released book, and how Ross stays sharp (and fit).
 
Timestamp Segments
·       [02:23] Pivoting into cybersecurity.
·       [08:20] The role of project manager.
·       [11:24] The BISO role.
·       [13:41] The talent shortage as a qualitative issue.
·       [23:58] Apprenticeship programs.
·       [30:51] Qualitative vs quantitative talent shortage.
·       [33:15] The impact of AI.
·       [39:06] AI in cybersecurity.
·       [41:54] What is Ross writing about next?
·       [43:12] How Ross stays sharp.
 
Notable Quotes
·       “A lot of problems in cybersecurity are not unique to the space.”
·       “It is difficult to find an entry-level job in the technology space, period.”
·       “There is a shortage of senior talent, but there is also an oversupply of junior talent.”
 
Relevant Links
LinkedIn:         Ross Haleliuk
 
Resources:
ventureinsecurity.net
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Episode Summary
On this episode, InfoSec veteran, Aaron Turner, joins the show to talk about everything from Cloud to AI. Over the past three decades, Aaron has served as Security Strategist at Microsoft, Co-Founder and CEO of RFinity, Co-Founder and CEO of Terreo, VP of Security Products R&D at Verizon, Founder and CEO of Hotshot Technologies, Founder and CEO of Siriux, Faculty Member of IANS, Board Member at HighSide, President and Board Member of IntegriCell, and most recently as CISO at a large infrastructure player.
Today, Aaron talks about the critical decisions that led to his success, the findings in his IANS research, and the importance of physical vs logical separation in home networks. What are the things that are lacking in current AI services? Hear about the security applications of behavioral AI, Aaron’s approach as he gets back into industry, and what it takes for Aaron to remain sharp.
 
Timestamp Segments
·       [02:49] Getting started.
·       [10:53] Aaron’s keys to success.
·       [16:40] Aaron’s IANS research.
·       [20:42] Physical vs logical separation.
·       [24:19] Top mistakes that customers make.
·       [26:56] Real-world AI applications.
·       [32:13] Thinking about AI and risk.
·       [36:15] What’s missing in the current AI services?
·       [40:46] Getting back into the industry.
·       [45:22] How does Aaron stay sharp?
 
Notable Quotes
·       “Get deep in something.”
·       “Make sure you put yourself in situations where people expect you to be sharp.”
 
Relevant Links
LinkedIn:  Aaron Turner.
 
Resources:
www.iansresearch.com
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.

Episode Summary
In this episode, Special Advisor for Cyber Risk at the NACD, Christopher Hetner, returns to the show to discuss the new SEC cybersecurity rules. Chris has over 25 years of experience in cybersecurity, helping protect industries, infrastructures, and economies, serving in roles including as SVP of Information Security at Citi, Senior Cybersecurity Advisor to the Chairman of the US SEC, Executive Member of IANS, the National Board Director of the Society of Hispanic Professional Engineers, Senior Advisor for the Chertoff Group, Senior Advisor to the CEO of Stuart Levine & Associates, and Co-Chair of Nasdaq Cybersecurity and Privacy.


Today, Chris talks about the developments since January 2023, the timeframe requirements in practice, and normalizing cybersecurity incidents as business-as-usual. What is Inline XBRL? Learn how startups could prepare themselves for these changes, the scope of disclosure, and how risk management strategies might evolve to address Cloud-specific threats.
 
Timestamp Segments
·       [02:36] What has changed since January?
·       [06:49] Why things changed.
·       [08:51] Was it a good move?
·       [12:27] Determining the materiality of cybersecurity incidents “without unreasonable delay.”
·       [17:49] Is 4 days enough?
·       [22:19] The scope of disclosure.
·       [24:09] Normalizing cybersecurity incidents.
·       [26:24] Moving toward real-time monitoring.
·       [28:52] Is insurance becoming a forcing function?
·       [32:18] Evolving risk management strategies.
·       [36:05] Third-party disclosure requirements
·       [39:51] How do startups prepare?
·       [41:52] What is Inline XBRL?
·       [42:54] Inline XBRL to 8-k.
·       [43:30] How the tagging requirement impact the disclosure process.
 
Notable Quotes
·       “The magnitude of these events is the percentage of the event relative to revenue.”
·       “We’re going to see market forces drive these safety standards within our enterprises.”
 
Relevant Links
LinkedIn:         Christopher Hetner
 
Resources:
https://www.sec.gov/news/press-release/2023-139.
Secure applications from code to cloud.Prisma Cloud, the most complete cloud-native application protection platform (CNAPP).Disclaimer: This post contains affiliate links. If you make a purchase, I may receive a commission at no extra cost to you.