100 episodes

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Defense in Depth David Spark

    • Technology
    • 4.9 • 53 Ratings

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

    Why You Should Be Your Company's Next CISO

    Why You Should Be Your Company's Next CISO

    All links and images for this episode can be found on CISO Series.
    How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person?
    Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Radley Meyers (@radleymeyers), Partner, SPMB Executive Search.
    Thanks to our podcast sponsor, SPMB

    SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
    In this episode: 
    How do you make the argument that your company needs a CISO, and that YOU should be that leader? What do you need to demonstrate to prove you can be that person? Do you have a sound understanding of the WHY behind the organization's existence and how value is added or taken away? How do you lay out a plan to win in whatever industry you are in because of security NOT despite it?

    • 27 min
    How to Become a CISO

    How to Become a CISO

    All links and images for this episode can be found on CISO Series.
    How do you become a CISO? It doesn't follow a linear pattern as many other professions. There are many different paths and there are many different entry points.
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Yabing Wang, CISO, Justworks.
    Thanks to our podcast sponsor, SPMB

    SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
    In this episode:
    How do you become a CISO? Why doesn't it follow a linear pattern as many other professions? Why are there so many different paths and entry points? Why is it valuable to know how others did it and how you can glean that knowledge and apply it to your situation?

    • 30 min
    Can You Build a Security Program on Open Source?

    Can You Build a Security Program on Open Source?

    All links and images for this episode can be found on CISO Series.
    What would it take to build your entire security program on open source software, tools, and intelligence?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome guest DJ Schleen (@djschleen), distinguished security architect, Yahoo Paranoids.
    Thanks to our podcast sponsor, SPMB

    SPMB connects top executive talent to the world’s best and fastest growing innovators across the country. A key area we bring extensive knowledge and expertise to is our dedicated Security Practice, leading both functional searches (CISO and VP’s defining security strategy) and building out executive teams at top security software companies.
    In this episode:
    What would it take to build your entire security program on open source software, tools, and intelligence? Is it possible/feasible/practical to run a security program entirely based upon free and open source software, open source tools, and open source intelligence? Is it true that the more open source you use the more people you need? Do commercial software systems, tools, and intelligence have value above what can be found in open source?

    • 25 min
    Third Party Risk vs. Third Party Trust

    Third Party Risk vs. Third Party Trust

    All links and images for this episode can be found on CISO Series.
    Businesses grow based on trust, but they have to operate in a world of risk. Even cybersecurity operates this way, but when it comes to third party analysis, what if we leaned on trust more than trying to calculate risk?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and our guest co-host is Yaron Levi (@0xL3v1), CISO, Dolby. Yaron and I welcome Dan Walsh, CISO, VillageMD.
    Thanks to our podcast sponsor, TrustCloud

    TrustCloud is the all-in-one platform to accelerate sales and security reviews, automate compliance efforts, and map contractual liability across your business. Connect with us to learn how you can transform security from a cost center into a profit driver with TrustCloud’s programmatic risk and compliance verification tools.
    In this episode: 
    When it comes to third party analysis, what if we leaned on trust more than trying to calculate risk? Should we have a “glass half empty” or a “glass half full” attitude towards third party risk? Wouldn't it be better to measure the level of how much we can TRUST the 3rd party? Is it vitally important to assess how resilient the organization is to failure caused by each third party?

    • 28 min
    How Can We Improve the Cyber Sales Cycle?

    How Can We Improve the Cyber Sales Cycle?

    All links and images for this episode can be found on CISO Series
    The cybersecurity sales process is so terribly inefficient. And everyone, the targets and cybersecurity leaders, are losing valuable time because of that inefficiency. Where can we start making improvements?
    Check out this post for the discussion that's the basis for this podcast episode. This week's Defense in Depth is hosted by me, David Spark (@dspark), producer, CISO Series. Our guest co-host is John Overbaugh, CISO, ASG. John and I welcome our guest, Jerich Beason (@blanketsec), commercial CISO, Capital One.
    Thanks to our podcast sponsor, Compyl

    GRC solutions often cause process roadblocks within organizations. They are either antiquated and lack the functionality needed or so stripped down they can’t fix the problems you set to solve. That's why the team over at Compyl created the all-in-one security and compliance automation platform. Compyl quickly integrates with the tools you use, and automates 85% of the day-to-day tasks, all while providing complete transparency and comprehensive reporting along the way. Start your free trial with Compyl today and see all the efficiency gains you can expect from a leading solution. Learn about Compyl today at www.compyl.com/getstarted.
    In this episode: 
    Why is the cybersecurity sales process so terribly inefficient?
    Where can we start making improvements?
    What could be done to improve the efficiency?
    What is the solution to removing wasted effort and time?

    • 26 min
    What Leads a Security Program: Risk or Maturity?

    What Leads a Security Program: Risk or Maturity?

    All links and images for this episode can be found on CISO Series.
    When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ngozi Eze, CISO, Levi Strauss.
    Thanks to our podcast sponsor, runZero

    runZero is the cyber asset management solution that helps you find and identify every managed and unmanaged asset connected to your network and in the cloud. Get the data and context needed to effectively manage and secure your environment. Try runZero for free at runzero.com.
    In this episode:
    When you think about building a plan (and budget!) for your security program, do you lead with risk, maturity, or something else? What's the overall theme you lead with when you're building a security program? Why is it an important question to answer before you build your program? How greatly can it vary?

    • 32 min

Customer Reviews

4.9 out of 5
53 Ratings

53 Ratings

Shay Ch ,

Best cybersecurity podcast out there!

I listen or have listened to virtually every cybersecurity podcast out there and this one is my favorite by far! Well done folks!

John Haden ,

Love David’s shows

David always has great topics and guests. I listen to other security podcasts where there’s only one person speaking…man they’re boring! Not David’s! Always engaging!

roselinevelee ,

Value Added

If you aren’t listening to these podcasts what are you even doing with your life. Security professionals add value to your core knowledge with these daily injections of absolutely vital industry knowledge and trends.

Top Podcasts In Technology

Jason Calacanis
Lex Fridman
NPR
The New York Times
Jack Rhysider
Tristan Harris and Aza Raskin, The Center for Humane Technology