The Cyber Ranch Podcast Allan Alford

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest is Geoff Hancock, Deputy CEO and CISO for Access Point Consulting, Former Global Director and CISO over at World Wide Technology.  He’s also a Senior Fellow and Adjunct Professor at George Washington University and has held various C-suite and executive roles at Verizon, CGI Federal Advanced Technology, Microsoft, and Advanced Cybersecurity Group.  Yup!  Another well-established guest.  But wait!  There’s more!  Geoff has been involved in the creation and maintenance of the NIST CSF – the cybersecurity framework whose current version (1.1) dictates more security programs on Planet Earth than any other framework, and whose new version (2.0) will soon be ratified and finalized.  2.0 DRAFT and request for comments have already come out and the comments period is now closed.  I asked Geoff to join us here at the ‘Ranch to talk CSF 2.0 with us:
Tell us about your history and relationship with NIST CSF
Let’s talk briefly about the role of frameworks in cybersecurity.  I’m thinking of the “compliance != security” mantra here.
0 vs 1.1 – what are the highlights?
GV (Govern) Function added
Implementation Examples (Long overdue IMHO!)
What else?

Changes to categories – 2 less overall, but other changes as well…
I was glad to see supply chain called out in specific.  That was overdue.  What else was overdue?
What should have been in there that is not?
Describe the process if you would for generating a CSF – we have already seen draft and call for public feedback.  What’s next?
Y'all be good now!

In this SPECIAL EDITION! Allan interviews the 3 CISOs who created the CISO XC series of conferences:
Cecil Pineda
Jaimin Shah
Randy Potts
CISO XC is the only conference for CISOs (and their reports) that is put on my a team of 3 CISOs and an awesome all-CISO advisory board.
And the amount of money CISO XC gives to charity is MIND BOGGLING.  Hint:  This years's goal is greater than some CISO's salaries!!!
In this brief SPECIAL EDITION! you can hear more about CISO XC, its take on it's 3 priorities: Charity,  Community and Collaboration.
AND you can learn how to sign up for the biggest event yet in March, 2024.  That's right!  CISO XC is going nationwide!
https://registration.socio.events/e/cisoxcspring2024
This spring you can meet Randy, Jaimin and Cecil as well as Allan and a host of other Dallas-Fort Worth security folks.  Practitioners attend free, and the conference will be a blast!
Allan will also be giving out a limited number of cowboy hats to those who can answer trivia questions about CISO XC (hints will be provided).
Y'all be good now!

Allan takes the show on the road again, this time at his all-time favorite conference: CISO XC!
He asks a unique question of each guest, who represent a great deal of breadth in our industry:
Dave Belanger, CISO at Bestow Insurance - What is the most effective way to demonstrate and communicate security program progress to the board?
Tera Davis, CEO at CyberOne Security – How does a vendor forge relationships with a customer to be a strategic advisor and not just another vendor?
Andrew Woolen – Account Executive at Semperis – What do you wish CISOs knew about the vendor side of the fence?
Fred Clayton – Vice President Information Security at GI Alliance – What are you doing to develop talent in your teams?
Mickey Disabato – vCISO at Booz Allen Hamilton – What are the big differences between vCISO and CISO?
Alain Espinosa – Global Director Security Operations at Upbound Group – What is the one thing you would change in cybersecurity today?
Josh Kleen -  Enterprise Solutions Architect at Rubrik – As a vendor, how do you see your role in this whole “We’re here to fight the bad guys” thing?
Pat Benoit – Global CISO at Brinks – Why are you sleeping well?
Russell Swinney – CIO & CISO at Infrastructure, Inc. – What is your secret for good staff retention?
Richard Weiss – CISO at AccentCare, Inc. – What are the most unusual, nontraditional cyber skills you have on your team?
Sam Baxter – Global CISO and Data Privacy Officer at AppSpace – What are your favorite sources for staying up to date in this industry?
Michael Anderson – CISO and Deputy CTO at Dallas Independent School District – Outside of the security space, there are inspirations to be had everywhere.  What is the one that has most inspired you in cybersecurity?
Y'all be good now!

Howdy, y'all!  Allan is taking this week off to spend time with family and to give thanks for all the wonderful things in his life - including y'all!
For those who don't track it, there is no Cyber Ranch Podcast four times  a year:
American Thanksgiving week
Christmas week
Black Hat week
RSA week
That gives Allan enough breaks throughout the year to preserve his sanity.
Y'all be good now!

Warning, there might be some naughty language in this one!
The challenge was issued!!!! Allan teamed up with TWO other podcasts to take on the insufferable marketing that floods the cybersecurity industry in the month of October! Who won???
"Won"?
That's right!  Allan, along with George  K and George A from Bare Knuckles & Brass Tacks joined forces with Aaron Pritz and Cody Rivers of Simply Solving Cyber!Together, this trifecta of podcasters weighed in on the October bonanza that is Cybersecurity Awareness Month. While the month started humbly to raise awareness for the general public, it has now become an excuse for vendors to inundate infosec professionals' inboxes with inane messaging.Introducing: The Cyber Community Month challenge!Vendors: we challenged you to come up with campaigns that give back to the customer community rather than sending awareness spam.Client-side practitioners: We asked you to show us how you engage local communities, volunteer at schools, help nonprofits, etc. to spread cyber knowledge!This is the conclusion and awards ceremony!
Shout-outs to our winners, all of whom did something special for the community.
Carlos Guerrero (deserves special note as a truly committed community builder!)
Gerson Rodriguez
Guidepoint Security
Bugcrowd
Enjoy the show, and y'all be good now!

Howdy, y’all, and welcome to The Cyber Ranch Podcast!  Our guest today is Evan Wolff, partner at Crowell & Moring, and Allan's favorite cyber attorney.  Evan has led and managed 100s of investigations including cybersecurity, data breach, insider threats, security incidents and suspected terrorist incidents. Evan also teaches a class at Columbia University in New York City on “Great Hacks in Cybersecurity”.  Evan and Allan are good friends and Evan is friends with many other CISOs as well.  Evan has never lost sight of his cybersecurity roots, and is still worthy of the title “hacker”.  Evan is our go-to whenever the intersection of law and cybersecurity arises.  As such, he was the first one we thought of to chat about the latest SEC/SolarWinds situation.  Evan, thank you so much for coming on down to the ‘Ranch!
 
What kind of lawyer is Evan and why can he speak on this topic?
What does disclosure mean, how does this change disclosure?
What is the role of the CISO in all this?
Key Takeaways?
What countries do not have extradition treaties with the USA?  (Obviously a tongue in cheek question!)