102 episodes

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

Defense in Depth David Spark

    • Technology
    • 4.9 • 44 Ratings

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.

    Convergence of Physical and Digital Security

    Convergence of Physical and Digital Security

    All links and images for this episode can be found on CISO Series
    Security convergence is the melding of all security functions from physical to digital and personal to business. The concept has been around for 17 years yet organizations are still very slow to adopt. A company's overall digital convergence appears to be happening at a faster rate than security convergence.
    Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Anne Marie Zettlemoyer (@solvingcyber), business security officer, vp, security engineering, MasterCard.
    Thanks to our podcast sponsor, Tessian

    95% of breaches are caused by human error.
    But you can prevent them. Learn how Tessian can stop “OH SH*T!” moments before they happen, why Tessian has been recognized by analysts like Gartner and Forrester, and which world-renowned companies trust the platform to protect their data.
    Why are we still holding back on security convergence? Is it a matter of "if" or "when"? What happens when physical and info security are run by different departments? How can we measure the risks?   
     

    • 30 min
    How Do You Measure Cybersecurity Success?

    How Do You Measure Cybersecurity Success?

    All links and images for this episode can be found on CISO Series
    In most jobs there’s often a clear indicator if you’re doing a good job. In security, specifically security leadership, it’s not so easy to tell. “Nothing happening” is not an effective measurement. So how should security performance be graded?
    Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest is Deneen DeFiore (@deneendefiore), CISO, United Airlines.
    Thanks to our podcast sponsor, Tessian

    In this episode:
    How should security performance be graded? Is "keeping it simple" the best option? What's the best measurement option?

    • 29 min
    How Do We Turn Tables Against Adversaries?

    How Do We Turn Tables Against Adversaries?

    All links and images for this episode can be found on CISO Series
    If we’re going to turn the tables against our adversaries, everything from our attitude to our action needs to change to a format where attacks and breaches are not normalized, and we know the what and how to respond to it quickly.
    Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our sponsored guest Scott Scheferman (@transhackerism), principal strategist, Eclypsium.
    Thanks to our podcast sponsor, Eclypsium

    Eclypsium is the enterprise firmware security company. Our comprehensive, cloud-based platform identifies, verifies, and fortifies firmware and hardware in laptops, servers, network gear and devices. The Eclypsium platform secures against persistent and stealthy firmware attacks, provides continuous device integrity, delivers firmware patching at scale, and prevents ransomware and malicious implants.
    Moving from a reactive to a proactive attitude Accelerating teams' ability to respond before damage happens Stopping marketing informing your strategy Patching "fast enough to matter"

    • 26 min
    Ageism in Cybersecurity

    Ageism in Cybersecurity

    All links and images for this episode can be found on CISO Series
    Is it too much experience? Is it that they're difficult to work with? Do they want too much money? Will they not be motivated? Are cyber professionals over the age of 40 being discriminated in hiring practices?
    Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our guest is Ben Sapiro, head of technology risk and CISO at Canada Life.
    Thanks to our podcast sponsor, Qualys
    Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
    In this episode:
    Are cyber professionals over the age of 40 being discriminated in hiring practices? Is "older experience" a threat to younger managers? Do older professionals have too much attitude? What other work options exist for the 40+ expert?  

    • 31 min
    Proactive Vulnerability Management

    Proactive Vulnerability Management

    All links and images for this episode can be found on CISO Series
    How do we turn the tide from reactive to proactive patch management? Does anyone feel good about where they are with their own patch management program? What would it take to get there?
    Check out this post and this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Our sponsored guest is Sumedh Thakar (@sumedhthakar), CEO, Qualys.
    Thanks to our podcast sponsor, Qualys

    Qualys is a pioneer and leading provider of cloud-based security and compliance solutions.
    In this episode:
    How do we turn the tide from reactive to proactive patch management? Do cultural differences make a difference? Do we need a new framework or template?  
     
     

    • 32 min
    Why Is Security Recruiting So Broken?

    Why Is Security Recruiting So Broken?

    All links and images for this episode can be found on CISO Series
    Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Geoff Belknap (@geoffbelknap), CISO, LinkedIn, and our guest Tony Sager (@sagercyber), svp, and chief evangelist, Center for Internet Security.
     Thanks to our podcast sponsor, Qualys

    In this episode:
    What role should HR play in the hiring process of cybersecurity candidates? What happens when HR's algorithms don't see the right keywords? What are some better ways to get noticed by a human decision maker?  

    • 32 min

Customer Reviews

4.9 out of 5
44 Ratings

44 Ratings

John Haden ,

Love David’s shows

David always has great topics and guests. I listen to other security podcasts where there’s only one person speaking…man they’re boring! Not David’s! Always engaging!

roselinevelee ,

Value Added

If you aren’t listening to these podcasts what are you even doing with your life. Security professionals add value to your core knowledge with these daily injections of absolutely vital industry knowledge and trends.

Financialadventure ,

Love this show

This is a great podcast. I listen to it in double speed on my commute. I highly recommend it for all aspiring CISOs to go and think like a cyber leader

Ross Young
CISO, Cat Financial

Top Podcasts In Technology

You Might Also Like