The Cybersecurity Collaborative is proud to present CISO Stories. Each week CISO Stories takes a deep dive on security leadership with one of the contributors to my latest book, the best-selling CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers. The Cybersecurity Collaborative is a unique membership community enabling cybersecurity leaders to work together in a trusted environment. To learn more, visit: https://www.securityweekly.com/csc.
Responsible Use and Vetting of AI Solutions - Jon Washburn - CSP #162
Responsible use and governance of AI are key issues today, as training data limitations and data retention issues must be addressed. The risk of exposing PII or other confidential data, managing bias, hallucination, misinterpretation risks and other AI considerations are discussed. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-162
2/20/2024 • 32 minutes, 58 seconds
The Business Side of AI - Edward Contreras - CSP #161
Artificial Intelligence: Currently these two words can mean a world of difference to different people. How do you bring this topic to the board, to executives, or to business partners, and help them understand the risks without the FUD or technical language that so often creeps into the conversation? The goal is to engage in an action driven conversation and not lead it down a theoretical path. As a CISO in a financial institution, understanding the boundaries and limitations is key to corporate success. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-161
2/13/2024 • 23 minutes, 58 seconds
Generative AI and Corporate Security – Getting it Right - Bill Franks - CSP #160
Generative AI has hit the world by storm, but unfortunately is widely misunderstood. While it brings great promise for companies, it also has risks. As employees and corporate applications begin making use of generative AI, it is important to ensure that proper safety and security mechanisms are put in place to allow value to be obtained while minimizing risk. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-125. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. You can learn more at http://www.bill-franks.com. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-160
2/6/2024 • 32 minutes, 22 seconds
Better CISO Health in the New Year: From Burnout to Balance - Steve Shelton - CSP #159
Heidrick and Struggles released a global CISO survey last year, stating 53% of CISOs were most concerned about significant stress and 60% were concerned about burnout. In Steve’s 20 years of software sales, significant stress and burnout have been longstanding issues that have yet to be effectively addressed and have negatively impacted his own life and those in the industry. There exists an opportunity to help cyber defenders protect themselves and their teams from these issues, enhancing both their jobs and personal lives. Join us as we discuss this critical issue as we navigate 2024 for better CISO and team health. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit Steve’s Website: www.greenshoeconsulting.com for more information. This segment is sponsored by Darktrace. Visit https://cisostoriespodcast.com/darktrace to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-159
1/30/2024 • 29 minutes, 5 seconds
Cloud Security Staffing in a Hybrid World – It Can Be Done! - Larry Lidz - CSP #158
Over the course of two years, and during the pandemic, we established a new security team and grew that team from five cloud security people to over eighty. What was our talent strategy to enable that rapid growth, how did we find the right talent in a tight market, and what did we learn from the approach? Additionally, what rituals and tactics served us well to build team identity and collaboration in a hybrid world? Through all this, how do we ensure we prioritize diversity and inclusion in our teams? Fitzgerald, T. 2019. Chapter 4 Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-158
1/23/2024 • 30 minutes, 41 seconds
You want the CISO Title & Pay? Responsibility Comes Also! - Malcolm Harkins - CSP #157
Integrity & Materiality. Get them wrong, you jeopardize your organization, its shareholders, possibly customers, as well as yourself. Join us as we discuss CISO role and accountability, Geopolitics, SEC Regulation and materiality, AI Impact, and seismic changes occurring in the past 5 Years as articulated in the 5 year CyberRisk Alliance Blog dated 12/7/23, https://www.cyberriskalliance.com/blog/5-years-of-reflection-5-seismic-industry-shifts-why-im-on-the-board-at-cra Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-157
1/16/2024 • 35 minutes, 11 seconds
Reimagining Risk in the Emerging Cloud: A GRC Perspective - Solomon Ugah - CSP #156
More and more services and products are being cloud-delivered. This leads to a concentration of risk in the hands of a few industry players and a few jurisdictions. It means risk needs to be addressed and thought about differently. Join us as we discuss managing cloud risk from a Governance, Risk and Compliance (GRC) perspective. Fitzgerald, T. 2019. Chapter 1: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-156
1/9/2024 • 28 minutes, 7 seconds
Why Don’t We Care About Identity Security? - Don Baham - CSP #155
Identity & Access Management - Why do organizations still insist that provisioning/deprovisioning is an IT function? Effective IAM requires collaboration across the business units and responsibilities for multiple departments. Join us as we discuss IAM and some of the challenges organizations are facing today to secure the perimeter – the identity perimeter. Fitzgerald, T. 2019. Chapter 5 Cybersecurity Organization Structure in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 131-169. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-155
1/2/2024 • 27 minutes, 21 seconds
High Consequences Cyber: Make or Break the CISO’s Reputation - Andy Jaquith - CSP #154
“High Consequences Cyber” are high-risk, high-stakes cyber projects that can make or break a company or make or break the CISO’s reputation. These include issues such as, how do you architect your networks if you are a multinational with exposure to high-risk countries? What are key choices you can make when moving critical workloads such as email and collaboration to the cloud? What's the role of authentication in the age of cloud, and why do companies keep messing it up? How do you educate the board on critical or strategic initiatives while gaining their confidence that the program is well-run? If you’re coming into a new organization, how do you evaluate the team and determine how to level it up? During this month CISO Stories is focusing on Identity Management, and we discuss Andy’s views on password less identities and Zero Trust. Fitzgerald, T. 2019. Chapter 15: The CISO and the Board of Directors in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 491-511. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Jaquith, A. 2007. Security Metrics: Replacing Fear, Uncertainty, and Doubt, 1st Ed, Addison-Wesley, Upper Saddle river, NJ. https://www.amazon.com/Security-Metrics-Replacing-Uncertainty-Doubt/dp/0321349989 Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-154
12/26/2023 • 29 minutes, 30 seconds
Four Pieces of Transitional Advice: Incoming CISOs - Sean Zadig - CSP #153
There’s been a boom of sudden CISOs for regulatory and practical reasons — forcing technical security leaders to transition. And the transition isn't easy. Join us, as Sean shares the lessons he has learned as he moved into the CISO role from technologist. As CISO Stories also focuses on Identity Management this month, we also discuss architecting identities to meet the needs of many different types of users vs a one-size-fits-all approach. Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-153
12/19/2023 • 32 minutes, 28 seconds
Is there really an Information Security Jobs Crisis? - Ben Rothke - CSP #152
Are there really millions of open information security jobs available? Or is much of the numbers hyped up? Join us as we discuss these numbers , boot camps, regional differences, and where these job openings come from. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-152
12/12/2023 • 27 minutes, 15 seconds
Prioritizing Identity and Getting the Fundamentals Right - Bezawit Sumner - CSP #151
Prioritizing identity and getting the fundamentals right. We are managing more identities than ever – people-people, machine-to-machine, and people-machines. What actions should CISOs be ensuring are being done within the environment to prioritize identities? Join us as we discuss where Bezwit has focused to enhance the identity management process. This segment is sponsored by Saviynt. Visit https://cisostoriespodcast.com/saviynt to learn more about them! This segment is sponsored by Bitwarden. Visit https://cisostoriespodcast.com/bitwarden to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-151
12/5/2023 • 29 minutes, 25 seconds
Do You Really Want to Be a CISO? - Spencer Mott - CSP #150
Reaching the level of CISO in a large corporation requires time and determined application as well as aptitude and very specific professional and personal attributes. It's the role against which many security professionals set their career sights without really knowing what they'll be getting themselves into. Fitzgerald, T. 2019. Chapter 14. CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://cisostoriespodcast.com for all the latest episodes! Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://cisostoriespodcast.com/csp-150
11/28/2023 • 27 minutes, 21 seconds
All in One CISO: There Is Nothing We Can't Do - Jessica Hoffman - CSP #149
As a CISO, the opportunities we must positively cultivate the cybersecurity landscape for our organizations are endless. From driving projects to implementing innovative technologies to strengthening basic cybersecurity hygiene, reshaping the organization's culture, protecting from ransomware, and diversifying the cyber workforce, the CISO is a certified change-maker! Let's get excited about security! This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Fitzgerald, T. 2019. Chapter 1: CISO Role: Evolution or Revolution? in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 3-36. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://cisostoriespodcast.com for all the latest episodes! Show Notes: https://securityweekly.com/csp-149
11/21/2023 • 29 minutes, 22 seconds
Building a People-Centric Security Program - Cathy Olsen - CSP #148
In security, we can get buried in the tools, standards, issues and risks. But an effective security program is built upon people, process, and technology. Let's talk about how you can approach your security program in a way that is focused on the people who use and manage your company assets and data. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-148
11/14/2023 • 21 minutes, 48 seconds
Veterans Impacting Cybersecurity - David Cross - CSP #147
Veterans bring along some valuable skills from the military that organizations can greatly benefit from. From loyalty, executing to a playbook, incident response, responding to crisis’s, to supporting the organizational mission – Veterans are a resource that is eager to transition to organizations and apply their skills and continuously learn. With Veterans Day upon us, join us as we discuss the strengths of hiring Veterans for the cybersecurity program. Fitzgerald, T. 2019. Chapter 13. Multigenerational Workforce Dynamics in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 419-459. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Arctic Wolf. Visit https://cisostoriespodcast.com/ArcticWolf to learn more about them! This segment is sponsored by Cohesity. Visit https://cisostoriespodcast.com/cohesity to learn more about them! Visit https://cisostoriespodcast.com for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-147
11/7/2023 • 27 minutes, 5 seconds
Should We Be Relying on Our Cybersecurity Risk Matrices? - Doug Hubbard - CSP #146
A key role for the CISO and the team is to identify and plan for mitigation of the most damaging risks. Various approaches have been used over the years with varying levels of success. Are we measuring the right things? Are we using the right instruments? Join us as we discuss some of the flaws present in measuring risk today and considerations to improve our risk management approach. https://www.howtomeasureanything.com/cybersecurity Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-146
10/31/2023 • 29 minutes, 17 seconds
OT Is Not IT But Security Can Handle Both - Mea Clift - CSP #145
Join us as we discuss the OT security landscape, the solutions for protecting it, and the future of protecting these pieces of critical infrastructure. With attacks to these networks on the rise, it’s important for cybersecurity professionals to acknowledge that they are just as important as information in our protection, and that it requires specific out of the box thinking to secure effectively. Fitzgerald, T. 2019. Chapter 4: Emerging Technologies and Trends in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 89-127. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-145
10/24/2023 • 25 minutes, 7 seconds
Effective Communication is Critical for CISO Success - Wes Knight - CSP #144
Technical people, CISOs included, may have challenges communicating well with executive management due to a different career path evolution . To maximize our success, we must all improve our communication skills with technical and non-technical people. Join us as we discuss some of the nuanced communications and areas to pay closer attention to. Fitzgerald, T. 2019. Chapter 14: CISO Soft Skills in CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 463-487. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-144
10/17/2023 • 29 minutes, 3 seconds
Terminology Matters: Changing 'Cybersecurity' to Data Care - Cyndi Gula, Ron Gula - CSP #143
Cybersecurity touches all our lives, however there is a belief that only experts in all of the technical disciplines need to apply. The term ‘cybersecurity’ does not invoke a personal sense of responsibility to care for the protection of data. Join us as we discuss the concept of reframing cybersecurity to “Data Care”, like the concepts used in the healthcare industry to advance personal responsibility as well as to attract people to the field that may not have considered it previously. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-143
10/10/2023 • 27 minutes, 4 seconds
NextGen Security Tooling: Investments in Intelligence - Mike Coogan - CSP #142
Security tools have become overwhelming in number, yet companies continue to get breached. With all the recent focus on artificial intelligence, security leaders must avoid neglect of natural intelligence. When your opponent is thinking and adapting to your every move, can you really afford to neglect your most critical defenses? Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-142
10/3/2023 • 31 minutes, 54 seconds
Uber CISO Trial Learnings for CISOs: In the CISO's Own Words - Joe Sullivan - CSP #141
In the Fall, 2016, Uber experienced a data breach, and the CISO faced the possibility of prison time for felony obstruction and misprison for failure to report the 2016 breach. He was sentenced in May, 2023 to 3 years’ probation. Join the former CISO of Uber as we discuss the events which led to the prosecution case, the results of the trial and aftermath, and the implications for CISOs and what is needed to move the cybersecurity industry forward. This segment is sponsored by Google Chrome Enterprise. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-141
9/26/2023 • 40 minutes, 21 seconds
Managing CyberRisk in a Mid-Cap Company - Walter Lefmann - CSP #140
MidCap enterprise security is challenge – SMB’s have all the needs of a large enterprise, but not the same large budget or army of defenders. We are also a "sweet spot" target for cybercriminals -- you have enough money to be worth some real effort, but again not a large army of defenders. MidCap is at the front lines of "doing more with less"! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-140
9/19/2023 • 25 minutes, 43 seconds
Collective Defense: The Importance of Partnerships in Cybersecurity - Jamil Farshchi - CSP #139
With cybersecurity emerging as a board-level agenda item, collaboration is becoming increasingly high-stakes and multifaceted. Join us as we examine the opportunities and potential pitfalls of this new era, as well as the skills needed. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-139
9/12/2023 • 36 minutes, 52 seconds
Teams are Built around Key Players Performing Great Functions - Ralston Simmons - CSP #138
Skills can be evolved and provide teams with the necessary talent. Join Ralston as he shares his experiences in recruiting, rotational programs, and supporting the key players with the right support system. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-138
9/5/2023 • 30 minutes, 19 seconds
Championship Results: No Bank Breaking or Boat Rocking! - Steve Hunt - CSP #137
Top-performing CISOs shared with me their hacks for creating a team atmosphere, getting excellent and consistent results, and creating buy-in from management for their budgets, projects, and big ideas. This discussion goes beyond risk management into the realm of performance excellence. Impact Leaders Pod Training for Cyber Teams is a unique 8-week program to up-level performance in information technology professionals and teams. Participants grow leadership, emotional intelligence, teamwork, and performance excellence while excelling at their daily job responsibilities. For more information contact Steve or visit impactleaderscoaching.com Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-137
8/29/2023 • 27 minutes, 33 seconds
Supply Side Security: How to Maintain a Talent Pipeline - Helen Patton - CSP #136
There are a ton of entry-level candidates for security roles, but we need mid- to late- career cyber candidates to fill our open positions. Hiring managers need to partner with non-security people to build and maintain that pipeline. Let's talk about how to go about getting this done. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-136
8/22/2023 • 28 minutes, 43 seconds
Deploying Zero Trust Without Destroying End User Trust - Mike Zachman, Colin Chisholm - CSP #135
Deploying SASE (Secure Access Service Edge) is a critical step on your Zero Trust journey. It is not without risk, especially to the end user experience. Join us as we discuss our lessons-learned fresh from the deployment trenches. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-135
8/15/2023 • 26 minutes, 52 seconds
Security Musings from a Psychotherapeutic Perspective - Mark Eggleston - CSP #134
Come listen in on hearing a CISO's story of going from carpenter to psychotherapist to security leader. The stories told will help anyone working in cyber - from those looking to break into cyber to those who are battle tested and looking for new support or coping strategies. Morin, A. 2017. 13 Things Mentally Strong People Don’t Do. Harper Collins. 13 Things Mentally Strong People Don't Do: Take Back Your Power, Embrace Change, Face Your Fears, and Train Your Brain for Happiness and Success: Morin, Amy: 9780062358301: Amazon.com: Books This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-134
8/8/2023 • 28 minutes, 33 seconds
Cyber Risk Governance: The Hype, Hope, & Harsh Reality - John Sapp - CSP #133
Cyber Risk Governance or Cyber Risk Management has been an often talked about concept for more nearly two decades yet remains one of the most elusive and sought after outcomes by every C-level executive across every line of business in every industry sector and particularly in the Board room. In this session, we are going to jump into the shoes of the C-level executives and Board members as we describe "what they want" and how we achieve the visual representation of cyber risk in a way that is easily consumable in a language that is universally understood across three levels of stakeholders (Operational/Technical, IT Management, C-level / Board). This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-133
8/1/2023 • 27 minutes, 40 seconds
The Tactics of Being Strategic in Cybersecurity - Jason Elrod - CSP #132
Discussion about what it means to be strategic as a CISO and, more importantly, what specific, tactical steps are you can take to bring that into reality. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-132
7/25/2023 • 26 minutes, 55 seconds
Protecting the Nation’s Most Sensitive Information & 800-171 Update - Ron Ross - CSP #131
NIST recently released the initial draft of a major update to its cybersecurity guidelines for protecting sensitive unclassified information. The update is intended to help federal agencies and government contractors implement cybersecurity requirements more consistently. The revised draft guidelines, Protecting Controlled Unclassified Information in Nonfederal Systems and Organizations (NIST Special Publication [SP] 800-171 Revision 3), will be of particular interest to the many thousands of businesses that contract with the federal government. Federal rules that govern the protection of controlled unclassified information (CUI), which includes such sensitive data as health information, critical energy infrastructure information and intellectual property, reference the SP 800-171 security requirements. Systems that store CUI often support government programs containing critical assets, such as design specifications for weapons systems, communications systems, and space systems. The changes are intended in part to help these businesses better understand how to implement the specific cybersecurity safeguards provided in a closely related NIST publication, SP 800-53 Rev. 5. The authors have aligned the language of the two publications, so that businesses can more readily apply SP 800-53’s catalog of technical tools, or “controls,” to achieve SP 800-171’s cybersecurity outcomes. The update is designed to help maintain consistent defenses against high-level threats to information security. Many of the newly added requirements specifically address threats to CUI, which recently has been a target of state-level espionage. NIST wants to implement and maintain state-of-the-practice defenses because the threat space of hostile adversaries is changing constantly. Protecting CUI is critical to the national and economic security interests of the United States. This segment is sponsored by Google. Visit https://securityweekly.com/chrome to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-131
7/18/2023 • 27 minutes, 47 seconds
The Evolution & Portability of the CISO Role - Sheldon Cuffie - CSP #130
As a function of CISOs responsibilities, the best are multi-faceted leaders that shift between cyber, technical, and business domains in response to shifting cyber-risk landscape. This level of adaptability makes them portable to other CISO roles in different industries, and C-level roles that they may not have thought of and frankly, others may not have thought of for them. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-130
7/11/2023 • 27 minutes, 47 seconds
Being a CISO in Higher Education - Lorna Koppel - CSP #129
At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-129
7/4/2023 • 23 minutes, 32 seconds
Being a CISO in Higher Education - Lorna Koppel - CSP #129
At the surface, being a CISO in Higher Education is very similar to any industry vertical but the opportunities, challenges, and impacts are significantly more complex. Many consider HE to be behind in security practices. While it is true that HE doesn't buy a lot of security tools, we are on the leading edge of focusing on mitigating security risks at the level the institution truly needs. Also, our community requires support for accessibility, gender-identity, and general identity access management that is far above what most technologies can handle. All this leads to a CISO needing to be creative, flexible, and thoughtful to best lead their programs. Show Notes: https://securityweekly.com/csp-129
7/4/2023 • 23 minutes, 32 seconds
Building High Performing Security, RM, & Resilience Teams - Darin Hurd - CSP #128
Navigate the complexities of building high performing teams in security, risk management, and business resilience uncovering the strategy, frameworks and tactics. Join us as we explore the nuances of collaboration, strategy formulation, and innovative thinking that empower these teams to excel in challenging business and risk management environments. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-128
6/27/2023 • 24 minutes, 37 seconds
Deliver High Impact Global Security Programs with Low Ego - Rajesh David - CSP #127
In today’s hyper connected world how do you create a global cyber program that can deliver locally. You start by creating a culture - a culture rooted to delivering high impact with low ego. Culture eats strategy for breakfast ... Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp-127
6/20/2023 • 29 minutes, 3 seconds
Security @ Scale: Building Trust, Starting with Cybersecurity - Rob Duhart Jr. - CSP #126
10,500 storefronts. 2.3 million associates worldwide. $572.8 billion in revenue. Today’s cybersecurity landscape is complex, as attacks can deliver disruption in the blink of an eye. The focus of Walmart’s Information Security team is to secure our operating environment in the service of building and maintaining trust with our customers, associates and stakeholders. To perform at the necessary scale, it takes a village of intelligent associates, a reliance on technologies like automation and a vigilant mindset to stay ahead of adversarial threats. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-126
6/13/2023 • 28 minutes, 48 seconds
The Company’s Lawyer is Not Your Lawyer – Legal Self Defense - Larry Dietz - CSP #125
Joe Sullivan has shown all of us that CISOs are on the front lines when it comes to breaches and their legal aftermath. Unfortunately, most CISOs are not attorneys and may not understand the rules of engagement with law enforcement to the point where they may find themselves in legal jeopardy for ‘doing the right thing’. Join Larry Dietz long time cybersecurity professional, attorney and retired US Army Colonel and Todd Fitzgerald for a lively discussion on how to prepare for the legal ramifications of security incidents. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-125
6/6/2023 • 27 minutes, 1 second
Are We Thinking in the Right Way as CISOs? - Sajan Gautam - CSP #124
CISOs want to enable the business. But sometimes we must stand our ground and explain our position with rationale. So, how do we convince other people to act without telling their baby is ugly? Join us, as we discuss having difficult conversations. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp-124
5/30/2023 • 23 minutes, 21 seconds
Using Data to Estimate Cyber Risk Financial Implications - Paul Sand - CSP #123
The CISO who can speak to the financial implications of cyber risk will be able to successfully work amongst the C-suite and in the board room to prioritize and address cyber initiatives. Building a view of the financial implications of those risks based on real data enhances not only the CISO’s decision-making ability but also the CISO’s credibility with stakeholders. Join us as we take a look at how industry and enterprise data sources can be leveraged to build a view of the financial implications of cyber risk to set the stage for making quality decisions. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp123
In April, the SEC is expected to finalize new rules on cybersecurity. The rules will require every publicly traded company to file disclosures with descriptions of their security strategy, governance, and risk management. Companies will need to explain to shareholders how they assess cyber risk, describe their security policies, and demonstrate a significant level of board oversight on cybersecurity issues. The SEC rules are qualitatively different from existing cyber regulatory frameworks, such as HIPAA and PCI DSS, which skew toward enforcing technical controls handled by the IT department. The SEC rules, in contrast, demand that C-suites and boards get more involved and demonstrate a strategic approach to managing cyber risk. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp122
5/16/2023 • 26 minutes, 38 seconds
Cyber-Local: City of Chicago Cybersecurity Mission - Bruce Coffing - CSP #121
All CISO roles are challenging. CISOs of large municipalities face many of the same risks with a unique set of challenges to overcome. Join us for a conversation about the rewarding experience of leading a government cybersecurity program for the nation’s third largest city. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp121
5/9/2023 • 29 minutes, 17 seconds
Establishing and Enrolling Others in a Cybersecurity Vision - Joey Johnson - CSP #120
Writing a cybersecurity strategy is an essential role of the CISO. How do you avoid the strategy from becoming outdated? Shelfware? Not in line with the business? Join us as Joey articulates his techniques for gaining stakeholder adoption of the strategy. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp120
5/2/2023 • 24 minutes, 31 seconds
Leadership Lessons Learned and Preparing your CISO Successor - Dave Estlick - CSP #119
Obtaining our first CISO role is an exciting and challenging experience at the same time. At some point, we will move on to another company. How have you prepared the person who needs to take your role? What knowledge and experience are you sharing with the next in line? Join Dave, as he has some great leadership lessons, approaches and tips for helping the next CISO and the organization. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp119
4/25/2023 • 35 minutes, 16 seconds
From Nothing to Something: Overcoming Hurdles - Larry Whiteside Jr - CSP #118
Everyone has a struggle or hurdle they will face. Your outcome is largely determined by your approach. Does this mean you will get OVER every hurdle? No. But sometimes, you can go around it or under it and still reach your final destination. Show Notes: https://securityweekly.com/csp118
4/18/2023 • 33 minutes, 22 seconds
20 Years of GRC: What Have we Learned? What is Next? - Michael Rasmussen - CSP #117
Ensuring organizations have the proper governance, risk and compliance (GRC) practices is essential to ensuring risks are appropriately mitigated. Join us as we discuss the interconnectedness of risk, the process of GRC , and Michael’s thoughts on how to improve the process. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp117
4/11/2023 • 24 minutes, 47 seconds
County Government Cyber: Don’t Let the Roadblocks Stop You ft. Michael Dent & Richard Greenberg- CSP #116
How is County Government Security different from company cybersecurity? Is it difficult to get funding and attract resources? What are the advantages to working in Country government cybersecurity? Join two experienced County Government CISOS, with experience in leading cybersecurity in two of the largest counties in the U.S, Fairfax County and Los Angeles County. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp116
4/4/2023 • 31 minutes, 33 seconds
Connecting with Higher Education: New Talent at the Source - Fred Kwong - CSP #115
Finding cyber talent is difficult in today's market. At a time when cyber salaries are high, working with universities to tap into the new cyber workforce is something all companies should be looking at. Today we will explore how to work with universities to bring talent to your organization. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp115
3/28/2023 • 29 minutes, 59 seconds
Security vs. Operations – Balancing the Risk - Ross Leo - CSP #114
The role of CISO is one filled with challenges and decisions. Frequently, a CISO is faced with having to decide in compromise with Operations, in favor of Operations. This can be a very difficult and risky choice to make - but the ideal of having both get 100% of what they want, or need is not realistic. How to do this? In this session, we discuss how to analyze both POV, both sets of requirements and issues and reach optimal decisions that, hopefully, achieves a balance between these without amplifying risk. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp114
3/27/2023 • 27 minutes, 14 seconds
The Rise of the Chief Product Security Officer - Jason Christman - CSP #113
Cybersecurity is becoming a #1 business risk for many organizations. For CISOs to effectively manage this risk, proper strategy, adequate resourcing, and leadership support are all essential, but not enough. CISOs need a trusted partner on the supplier side, a product CISO, known within industry as a Chief Product Security Officer, who understands customer risk, drives secure product design and development, and manages cyber support across the lifecycle of software products and connected solutions. Manufacturers around the world are investing in the Chief Product Security Officer role to elevate and mature their product security program. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp113
3/14/2023 • 26 minutes, 13 seconds
Leading Cybersecurity with Purpose - Nicole Darden Ford - CSP #112
Now more than ever, the significant demand for cybersecurity professionals serves as an opportunity to align with your organization’s DE&I priorities. Building a diverse and inclusive workforce is achievable and begins with intentional leadership. Learn from a cybersecurity leader’s successful track record and how to stand by your organization’s greatest asset. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp112
3/7/2023 • 31 minutes, 19 seconds
Business Ethics and the CISO - Troy Stairwalt - CSP #111
As risk practitioners CISOs make risk vs reward decisions on a daily and sometimes hour by hour basis. As a profession we must understand our organizations risk tolerance and appetite as well as our own. Regulations are lagging indicators. SOX was established as a direct response to unethical behavior. Unfortunately, regulations in cybersecurity and data privacy are also "lagging indicators" that organizations "left to their own device" have failed to allocate sufficient reasonable cost-effective resources to mitigate the significant risk in prudent ways that place the organization in a position to demonstrate both due diligence and due care in a worst case scenario. CISOs must: 1 Understand your organizations risk tolerance and appetite 2 Know your own risk tolerance and appetite as well as your personal code of conduct and ethics. 3 Build and maintain your "rainy day", emergency or as my more colorful colleagues refer, FU funds. 4 Find your calm, peace and happiness. These days, mine is Yoga and Meditation What is yours? 5 To avoid stressful days and sleepless nights, maintain our integrity and sense of humor! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp111
2/28/2023 • 27 minutes, 47 seconds
100 CISO STORIES Podcasts, What Did we Learn? - CSP #110
The successful CISO STORIES podcast started by interviewing the 75 contributors to the #1 Best-selling (2019-2022) and 2020 CANON Cybersecurity Hall of Fame Winning CISO roadmap book CISO COMPASS: Navigating Cybersecurity Leadership with Insights from Pioneers. These 25–30-minute podcasts have brought many issues to life, leveraging the experience of CISOs and other top security industry leaders. This podcast interviews the show host and reviews some clips from some of the more memorable episodes. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Show Notes: https://securityweekly.com/csp110
2/21/2023 • 32 minutes, 14 seconds
2023 CISO Cybersecurity Priorities - CSP #109
Every year brings new challenges in protecting our companies and nations from threat actors. Join our conversation with key CISOs as we look back at 2022 and review some of the key learnings, and look ahead with a laser focus on 2023 priorities for cybersecurity. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp109
With over 112 million viewers tuning into the Superbowl in 2022, it is arguably the most watched televised event in the USA, with many fans globally. Whether watching for the NFL game of the year, the Superbowl Ads, or the incredible half-time shows, one can appreciate the complexity in managing security and cybersecurity for this large event. Join us, as we the CISO for the NFL discusses the complexity of ensuring an event like this, and efforts to maintain the confidentiality, integrity, and availability for the millions of end users, expecting the see the game of the year. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp110
2/7/2023 • 30 minutes, 56 seconds
The Trends & Future with Cloud (PaaS & IaaS) - Erik Hart - CSP #107
Join Erik Hart, CISO at Cushman & Wakefield, and Eden Naftali, CTO Operations at from Wiz for a discussion around key trends in the cloud with the rapid pace of innovation and new technologies in IaaS and PaaS. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp110
1/31/2023 • 20 minutes, 17 seconds
Cybersecurity in a 5G World - Timothy Youngblood - CSP #106
While 5G has been designed with specifications and capabilities that make it more secure than previous generations, 5G is also being deployed in a more complex threat landscape that continues to grow and evolve. How do we transform cybersecurity across the enterprise to reduce risk, particularly within a hybrid and distributed workforce? And how can new innovations in 5G, Artificial Intelligence, Cloud Technologies, Cryptography and more help us better predict attacks and prevent breaches. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp106
1/24/2023 • 27 minutes, 17 seconds
Dear Auditor: Why is this a high risk finding? Can we talk? - CSP #105
CISOs often have a love/hate relationship with auditors, as it is the auditors that are placing judgment on the adequacy of company cybersecurity controls. Join this session from the perspective of an IT Audit leader and former CISO, as to how to view the auditors and strengthen the cybersecurity program amid adversity. Show Notes: https://securityweekly.com/csp105 This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/17/2023 • 30 minutes, 10 seconds
Inclusive Leadership for CISOs Now! - CSP #104
The skills that got us to the CISO seat are not all we need to lead our teams and companies now. Inclusive leadership is bigger than just building a diverse team, it's knowing how to lead and develop others. This discussion to engage further on the topic of cybersecurity leadership development, blind spot detection and adapting to changing business needs Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp104
1/10/2023 • 27 minutes, 59 seconds
The Future is Here – Now What? - Patti Titus - CSP #103
The convergence of quantum computing, artificial intelligence, machine learning and material fabrication is allowing innovation to take place in weeks verses years. What are the security implications and how should CISO's be thinking and planning for the transformation in our security capabilities to meet these new demands? This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp103
1/3/2023 • 29 minutes, 2 seconds
CISO Soft Skills Will Make or Break You! - Robert Wood - CSP #102
Cybersecurity is so heavily focused on technical topics, but it's the soft skills that can make or break a person. Whether you're negotiating a budget, trying to persuade another team to prioritize security patches, or collaborating with another team on a product feature, soft skills will make a security team and the individual professional more impactful. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp102
12/27/2022 • 28 minutes, 35 seconds
Security Top of Mind: Key Learnings from 2022 & Thoughts on 2023 - Ryan Kazanciyan - CSP #101
Join Ryan Kazanciyan, CISO at Wiz (previously Meta, Tanium, Mandiant), and Raaz Herzberg from Wiz for a discussion on core security challenges we saw in 2022 and what should be top of mind for companies and security teams as they head into 2023. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp101
Many people working in cybersecurity fall victim to myths, advertising hype, and misconceptions about fundamental concepts. The speaker has recently coauthored, with two distinguished colleagues, a book that is intended to dispel some of the common myths and provide information about how to better copy with the changing environment of cybersecurity. Spafford, E. et al. 2022. Cybersecurity Myths and Misconceptions: Avoiding the Hazards and Pitfalls That Derail Us. 1st Ed. Available for Pre-Order on Amazon.com. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp100
12/13/2022 • 26 minutes, 2 seconds
Build a Cybersecurity Vision and Strategy They Can Visualize - Jason Clark - CSP #99
Cybersecurity leaders are evaluated by their ability to build and sell a strategy that meets the needs of the organization. Listen to Jason’s experience in creating an impactful vision and cybersecurity strategy executive management can embrace! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://files.scmagazine.com/wp-content/uploads/2022/11/CISOSTORIES_JasonClark_Article.pdf Clark, J. 2019. Building a Security Vision and Strategy. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. . Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp99
12/6/2022 • 25 minutes, 6 seconds
What is a vCISO? What Do They Do? Does Having One Make Sense? - Michael Phillips & Matthew DeChant - CSP #98
Gartner says, “Organizations who recognize the value of a security leader but can’t afford a traditional CISO should consider virtual options. “With a current total cash compensation ranging from $208K to $337K, hiring a chief information security officer (CISO) may not be in the budget for small or midsize organizations, especially those that aren’t heavily regulated. Join 2 CISOS that have taken the plunge into the world of being a vCISO, as they share their experiences. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp98
11/29/2022 • 30 minutes, 34 seconds
SMB vs Large Infosec: Different Approaches Required! - Dane Sandersen - CSP #97
Are you a Small or Medium Business (SMB) or a Large Business grappling with infosec challenges? Dane moved from a large, well-funded organization to a smaller organization which accelerated global business growth during his tenure! Join us as we discuss these differences and how to adapt to the different environments. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://files.scmagazine.com/wp-content/uploads/2022/11/CISOSTORIES_DaneSandersen_Article.pdf Sandersen, D. 2019. Moving From a Large Company to Small-Medium-Sized Company as CISO. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 484-485. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp97
11/22/2022 • 24 minutes, 42 seconds
How the CISO can Make the Biggest Impact for the Company - Tim Callahan - CSP #96
Information Security is often seen as a cost center and drain on the revenue of a company. It may be seen as necessary to protect the company, but the value is not always understood by leadership and peers to the CISO. Taken from personal experience, in this talk, we will explore some suggestions on how CISOs can bring and show value to their companies. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp96
11/15/2022 • 28 minutes, 31 seconds
The Value of Cyber Defense Competitions in Building a Strong SOC - Brian Wickenhauser - CSP #95
The Security Operations Center is often the first line of engagement for security incidents. It’s essential that SOC teams are planned, practiced, and prepared to act. One of the best ways to do that? Cyber Defense Exercises. Join us as we discuss how these work and the value to the program. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp95
11/8/2022 • 22 minutes, 8 seconds
Surviving and Thriving in the CISO Role for the Long Run - Jim Cameli - CSP #94
The average tenure of a CISO is 18 Months to 5 years, depending upon the research. Learn from a CISO who has been employed by the same organization for almost 4 decades! Learn as Jim shares some of his key learnings as he has worked with an organization that has gone through many changes during his tenure, and some ideas to add to your own CISO career strategy. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp94
11/1/2022 • 31 minutes, 22 seconds
Approaching Cloud Security from a Cloud-Native Perspective - Josh Dreyfuss - CSP #93
What is the best way to approach cloud security as the cloud environment evolves and what should security leaders consider as they think about scaling their security? Join us to learn about how CISO of Wiz, Ryan Kazanciyan thinks about cloud security from a cloud-native perspective, what makes securing your cloud infrastructure so challenging, and what makes your cloud security posture “good”? This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp93
The NIST Privacy Framework is a voluntary tool developed in collaboration with stakeholders intended to help organizations identify and manage privacy risk to build innovative products and services while protecting individuals’ privacy. Join the leader of the NIST development team to learn about why the framework was created, how it can be used, and the resources available. NIST Privacy Framework, https://www.nist.gov/privacy-framework Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp92
10/18/2022 • 31 minutes, 8 seconds
Cybersecurity Leadership Through Adversity - Marc Varner - CSP #91
The Covid-19 pandemic caused many organizations to quickly pivot to a remote environment, while for others, this was more business as usual and simply acquiring more VPN licenses. Marc has led technology risk management/security for several large companies, experiencing even more impactful changes. How do you lead through this adversity? How do you get the organization to change? Join us as Marc shares his experience. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp91
Chris has been a contributing author to the industry-recognized Verizon Data Breach Investigations Report (DBIR) since its inception (2008), a report which provides valuable information for CISOs on current trends and mitigation approaches. Join Chris as he reviews this year’s (2022-2023) key trends with Ransomware, COVID-19 Remote Working impacts, threat actors, and risk mitigation. 2022 Data Breach Investigations Report, Verizon. https://www.verizon.com/business/resources/reports/dbir/ This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow Show Notes: https://securityweekly.com/csp90
10/4/2022 • 32 minutes, 33 seconds
Are CISOs Experiencing a Mental Health Crisis? - Shamla Naidoo - CSP #89
CISOs have a stressful job, due to the many threats, unknowns and high expectations. How does this impact mental health? Is this different from other leadership roles? Should you discuss with your company? Join Shamla who has held several Fortune 100 CISO roles, as she discusses several approaches to this real issue. Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 1. Dark Reading (Jan 28). https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-1 Naidoo, S. 2022. The Looming CISO Mental Health Crisis – and What to Do About it – Part 2. Dark Reading (Jan 31). https://www.darkreading.com/edge-articles/the-looming-ciso-mental-health-crisis-and-what-to-do-about-it-part-2 This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp89
9/27/2022 • 29 minutes, 32 seconds
The NIST Cybersecurity Framework Explained - From Its Leader - Matthew Smith - CSP #88
The NIST Cybersecurity Framework simplifies the language of Cybersecurity across the organization. Learn from the person who led the contracting team for the development of the NIST Cybersecurity Framework what the framework is all about and how it can reduce risk to the organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_MatthewSmith_Article.pdf Smith, M. 2019. Using the Nist Cybersecurity Framework in an International Setting In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 239-240. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp88
9/20/2022 • 24 minutes, 19 seconds
Should we be Concerned About Quantum Computing and Cybersecurity Now? - Richard Rushing - CSP #87
There has been much discussion lately about Quantum Computing and the future threats to encryption and authentication it could cause. Should CISOs be worried? Are there steps that should be taken now? Join us as we discuss Quantum computing and the implications for the CISO – today. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp87
9/13/2022 • 29 minutes, 13 seconds
Are Cryptocurrencies to Blame for the Increase in Ransomware Attacks? - Bob Seeman - CSP #86
Fortunes have been gained and lost through Bitcoin and other cryptocurrency purchases. Ransomware paid in cryptocurrency is rarely recovered. Should the CISOs get involved in promoting regulation of the cryptocurrency? Would this reduce the number and amounts paid in ransomware attacks? Join the author of “The COiNMEN”, who has extensively researched cryptocurrencies and promoted policy changes as he shares his views. Segment Resources: Letter in Support of Responsible Fintech Policy, www.concerned.tech “The Coinmen” is on Amazon at https://www.amazon.com/dp/B09SL16P5Y . This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp86
9/6/2022 • 30 minutes, 19 seconds
Cyberinsurance & the CISO: What You Need to Know - Bryan E. Hurd - CSP #85
As ransomware wreaks havoc on our systems and information, more companies are transferring some of the risk through Cyber Insurance. What technologies are cyber insurance companies looking to have in place? How are insurance companies setting the premiums? Join Bryan as he shares his extensive cyber counterintelligence and forensic experience in supporting CISOs to navigate cyberinsurance carriers. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp85
8/30/2022 • 31 minutes, 3 seconds
The Positive Power of Community Engagement - Ron Hale - CSP #84
Ron has seen the CISO role emerge over as a senior executive at ISACA. Join us as Ron shares the necessity of the CISO getting out of the office and the types of forums that are most beneficial to the CISO, based upon his decades experience in enhancing the CISO profession. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_RonHale_ArticleV2.pdf Hale, R. 2019. The Positive Power of Community Engagement. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp84
8/23/2022 • 23 minutes, 14 seconds
The CEO Won’t Wear a Security Badge? Try This! - John Ceraolo - CSP #83
What do you do if the most senior person in your organization, the CEO, refuses to wear security badges- an essential control for identifying associates and restricting physical entry? Listen as John uses creativity to win the heart and mind of the CEO and embrace and become a strong advocate of the security awareness program! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/08/CISOSTORIES_JohnCeraolo_ArticleV2.pdf Ceraolo, J. 2019. Listening and Using Creativity in You Security Program In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. This segment is sponsored by Wiz. Visit https://securityweekly.com/wiz to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp83
8/19/2022 • 24 minutes, 55 seconds
Have we Forgotten About the Basics? - Benjamin Corll - CSP #82
Go to any security conference today and there is a plethora of new products to prevent, detect and respond to the current threat environment. But are we missing something? Is there a less expensive and more tactical way to approach security? Join Benjamin as we review what some are the key basics are that should be in place before investing in higher-end technology. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp82
8/9/2022 • 27 minutes, 20 seconds
Using MindMaps to Strengthen Cybersecurity - Michael Wilcox - CSP #81
CISOs, security leaders and their teams must consume a large amount of information from many sources to remain effective. How does the CISO organize unstructured information? How does the CISO brainstorm? How does the CISO collaborate? Mind Mapping is a very effective tool to generate ideas quickly and was also used to create the CISO COMPASS book! Learn from a CISO who uses Mind Maps™ for just about everything! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelWilcox_Article.pdf Wilcox, M. 2019. Mind Maps™ Effective Method for Organizing Cybersecurity Information In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 80-81. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp81
8/2/2022 • 30 minutes, 9 seconds
How to Talk With Your Lawyer - Mark Daryl Rasch - CSP #80
A Lawyer can be the CISOs best friend and advocate for cybersecurity investments. Are you frustrated with a lawyers answer of, “it depends?” Lawyers have a different thought process than many CISOs when apply the law. Join this session from a notable cybersecurity lawyer as to the differences in language and how to best take advantage of the legal expertise available to support the mission. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MarkDRasch_Article.pdf Rasch, M. 2019. How to Talk to Your Lawyer In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 317-318. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp80
7/26/2022 • 24 minutes, 15 seconds
Insider's View of the CISO Search - Joyce Brocaglia - CSP #79
Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_Joyce_Brocaglia_Article.pdf Brocaglia. 2019. An Insider’s View of the CISO Search In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 33-35. Fitzgerald, T. CRC Press, Boca Raton, Fl. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Companies clearly want to hire the best candidate for the CISO Role. Where best to learn, but from someone who has been successfully recruiting Security Leaders for over 35 years? Learn from the guidance Joyce provides to her clients when hiring for the CISO role. Joyce also discusses salaries, reporting relationships, and skills necessary today. Show Notes: https://securityweekly.com/csp79
7/19/2022 • 31 minutes, 35 seconds
Solarwinds From the Inside: The Breach and the Aftermath - Tim Brown - CSP #78
The Solarwinds breach raised the visibility of Software supply chain risks, as many organizations employ third party software with potential access to sensitive information. Join the CISO of Solarwinds as he discusses what happened during the attack, the lessons learned, the mitigations employed after the attack, and excellent, transparent actions for organizations to manage software development and distribution processes. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp78
7/12/2022 • 29 minutes, 54 seconds
Protecting Your Intellectual Property - Michael Boucher - CSP #77
As CISOs embark on implementing an Intellectual Property protection effort, they are often met with resistance, being challenged as to the necessity of the effort. Join Michael as he shares his experience in winning the support for his efforts to properly classify and secure the information and systems. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/07/CISOSTORIES_MichaelBoucher_Article.pdf Boucher, M. 2019. Data Protection: Security Intellectual Property In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 371-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp77
7/5/2022 • 23 minutes, 16 seconds
Achieving a Competitive Advantage Through Privacy By Design - Ann Cavoukian - CSP #76
Join the former Privacy Commissioner of Ontario, Canada and creator of PrivacyByDesign (PbD), translated into 40 languages and incorporated into General Data Protection Regulation (GDPR) and used by many organizations to proactively “bake-in” privacy into our systems. Every CISO needs to pay attention to and support the various country privacy laws. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_AnnCavoukian_Article.pdf Cavoukian, A. 2019. Lead with Privacy by Design for Competitive Advantage. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 270-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp76
6/28/2022 • 22 minutes, 10 seconds
Attracting Talent Using The Nice Framework - Greg Witte - CSP #75
As your organization increases the cybersecurity talent to protect and defend the information assets, how do you know what skills are needed? What tasks are to be performed and what knowledge is necessary to perform these functions? The NIST NICE Framework helps define the job and assist the CISO in hiring as well as measuring the capability along the career path. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_GregWitte_Article.pdf Witte, G. 2019. Using NICE Framework to Attract Talent In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 422. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp75
6/21/2022 • 24 minutes, 29 seconds
Where Should the CISO Report? Guess Again! - Stephen Fried - CSP #74
Where the CISO should report has been debated for many years, with the predominant view being “anywhere but the CIO”, while even in 2022, most CISOs are reporting to the CIO! Which reporting structure viewpoint is right? This podcast will examine the pros and cons of reporting to the CIO and other departments. Join Stephen as he shares his experience as a Former CISO for several large financial institutions, along with his current views. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_StephenFried_Article.pdf Fried, S. 2019. The Best Reporting Relationship for a CISO May Not Be What You Think! In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 174-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp74
6/14/2022 • 26 minutes
Educating Senior Management in Cybersecurity - Edward Amoroso - CSP #73
Managing cybersecurity defense inside an organization is an enormously complex endeavor, considering the interconnections, vendor relationships, cloud, and mobile proliferation of the data. While many of these computing technologies have a clear purpose and usefulness, many times organizations minimize the complexity when presenting to the Board. Should we? Join us as we discuss a different approach to better communications. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/05/CISOSTORIES_EdwardAmoroso_Article.pdf Amoroso, E. 2019. Educating Senior Management in Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 150-1. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp73
6/7/2022 • 26 minutes, 42 seconds
Moving From a Techie to a CISO - Shaun Cavanaugh - CSP #72
Careers can just happen, or they can be planned. Join us as we discuss making the decision to become a CISO and then taking the steps necessary to develop the skills to attain the job and thrive in the role. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_ShaunCavanaugh_Article.pdf Cavanaugh, S. 2019. From Techie to CISO – Identify Where you Want to Be and How to Get There. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 480-481. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp72
5/31/2022 • 28 minutes, 33 seconds
Women in Leadership - Stacy Mill - CSP #71
The cybersecurity field has traditionally been male dominated and there is clearly a desire to attract more women into the field. Join us as we discuss practical tips for women advancement to leadership positions, how to stand apart when climbing the leadership ladder, and advice for leading effective teams. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_StayMill_Article.pdf Mill, S. 2019. Women In Leadership – Practical Advice. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg. 425 Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Show Notes: https://securityweekly.com/csp71
5/24/2022 • 27 minutes, 14 seconds
Establishing and Selling The Cost of Cybersecurity - Devon Bryan - CSP #70
The security spend is increasing year over year as hackers become more sophisticated, organized, and opportunistic. Join us as we discuss ways to determine and evaluate the cost of cybersecurity to ensure the organization is spending the appropriate amount to reduce the risk to an acceptable level. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_DevonBryan_Article.pdf Bryan, D. 2019. The Cost of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 501-2. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp70
5/17/2022 • 27 minutes, 43 seconds
Deliver Your Board Message with Context and Confidence! - Jason Witty - CSP #69
A key function of the CISO is to provide an accurate organizational picture of the risk the organization is currently accepting and communicate the strategy for enhancing the security maturity in support of the business goals. The way you prepare and communicate is just as important as the message. Join us as we discuss how to improve the delivery of the message. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonWitty_Article.pdf Witty, J. 2019. Projecting Confidence when Presenting to the Board of Directors. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 493-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp69
5/10/2022 • 22 minutes, 28 seconds
Using Security Metrics as a Shared Goal With Developers - Caroline Wong - CSP #68
Security metrics are often a struggle to establish by security departments. These metrics may be taking too narrow of a view, whereby metrics visible and embraced by other areas can improve the security program success. Join us as we discuss these metrics. Additionally, Caroline is graciously offering her Linkedin metrics course focused on establishing objectives and measuring progress towards the objectives, to CISO STORIES listeners at no cost at https://www.linkedin.com/learning/learning-security-metrics/why-are-security-metrics-important?autoplay=true To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_CarolineWong_Article.pdf Wong, C. 2019. Sharing the Metrics Goal Between Departments. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 158-9. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/ Visit https://securityweekly.com/csp for all the latest episodes! Show Notes: https://securityweekly.com/csp68
5/3/2022 • 25 minutes, 11 seconds
Keeping Up with the Jones when Your Neighbors Are Bad Actors - Jason Taule - CSP #67
Organizations want to know, how are we doing with respect to security? Companies can accept risks they are aware of, and don’t want to outspend the competitors with the industry vertical. They also need a way to understand and benchmark the effectiveness of the security program. Join us as we discuss how to ensure the threats are being evaluated. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2022/04/CISOSTORIES_JasonTaule_Article.pdf Taule, J. 2019. Keeping Up with The Jones (When Your Neighbors Are Bad Actors). In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 156-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp67 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/26/2022 • 25 minutes, 58 seconds
Get Ready: 4 Generations Are Returning to The Office! - Caitlin McGaw - CSP #66
We have four generations predominantly in the workforce today, boomers, generation X, Millennials, and Generation Z. Each generation was influenced by different world events, shaping values towards work, family, and technology. The past few years have brought a changing view towards work, with remote and hybrid working. Join us as we discuss these challenges. McGaw, C. 2019. Optimizing Four Generations in The Workforce. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs. 443-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp66 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/19/2022 • 25 minutes, 45 seconds
Control Frameworks Are There For A Reason - Philip Agcaoili - CSP #65
In addition to serving as a CISO for several large companies, Phil was instrumental in co-founding the Cloud Security Alliance (CSA) and creating the Cloud Controls Matrix (CCM) to identify what standards from the many frameworks such as NIST, ISO27000, COBIT, HIPAA, PCIDSS, etc. would be applicable to the cloud environment. Join Phil as he discusses his view of these frameworks and his approach to security today. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Phil_Agcaoili_Article.pdf Agcaoili, P. 2019. Leveraging Control Frameworks. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 223-227. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp65 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/12/2022 • 32 minutes, 56 seconds
Change Controls Are More Necessary Than Ever - Rebecca Herold - CSP #64
Organizations are developing technology at a rapid pace today to maintain business relevance and adapt to changing conditions. Rebecca talks about the importance of ensuring change control is implemented and the real impacts if not implemented correctly. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Rebecca_Herold_Article.pdf Herold, R. 2019 Change Controls Are More Necessary Than Ever. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 119-120. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp64 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/5/2022 • 26 minutes, 3 seconds
Determining Cyber Risk Appetite With the Board - Adel Melek - CSP #63
One of the most important and impactful tasks of the CISO is presenting to the Board of Directors and Senior Management. The Board needs to have the confidence the CISO is able to determine risk and provide recommendations of cost-effective business-oriented solutions. Listen to Adel as he shares his experience in working with many organizations to reduce risk. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Adel_Melek_Article.pdf Melek, A. 2019. Determining Risk Appetite with the Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 505. Fitzgerald, T. CRC Press, Boca Raton, Fl www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp63 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/29/2022 • 30 minutes, 12 seconds
CISO Priorities 2022 - CSP #62
For security leaders, it can be hard to catch a break when faced with the increasingly challenging task of defending their organizations from evolving threats while simultaneously fighting the battle of the budget in an effort to do more with less. What issues should CISOs be prioritizing, and how can they get the most bang for their buck with regard to minimizing potential risks and maximizing potential outcomes? CISO Stories Podcast hosts Sam Curry, CSO at Cybereason, and Todd Fitzgerald, VP of Strategy at the Cybersecurity Collaborative, are joined by an esteemed panel of accomplished security leaders to discuss these challenges and more. Join our panel of seasoned CISOs from multiple industries as they share their valuable perspectives on: - Ransomware and the impact on global stability - Supply chain attacks and trusted infection vectors - Detection and response across the network and in the Cloud - Incident Response readiness - Attracting and retaining the right talent Show Notes: https://securityweekly.com/csp62 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/22/2022 • 1 hour, 2 minutes, 7 seconds
Why Are We Still Failing at Security? - Wayman Cummings - CSP #61
Why are we failing at security, and will we ever graduate from Cyber-Kindergarten? The industry has arguably made a lot of progress over the last three decades, yet the attackers still enjoy a distinct advantage. Wayman Cummings, VP of Security Operations at Unisys, joins the podcast to discuss how industry stagnation impacts the security for our critical infrastructure when that rises to the level of national security, what value true public-private partnerships can bring, and more… Show Notes: https://securityweekly.com/csp61 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/15/2022 • 13 minutes, 23 seconds
The CISO Six Minute Rule - Renee Stark - CSP #60
Sharing sensitive information on a website is likely to solicit a ‘No Way” response from the CISO. Renee was faced with these decisions early in her career and needed a way to determine and communicate the right pragmatic and ethical decision. She developed the ‘Six-Month Rule”, which has evolved into the “Six-Minute Rule” to guide these decisions. Just us as Renee articulates how to help appropriate stakeholders make informed risk/reward decisions. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Renee_Guttmann-Stark_Article.pdf Guttmann-Stark, R. 2019 Six-Minute Rule. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 194-195. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp60 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/8/2022 • 27 minutes, 2 seconds
Lessons Learned from Building an ISAC - Grant Sewell - CSP #59
Information Sharing and Analysis Centers (ISACs) were formed to promote the centralized sharing of threat intelligence within a particular sector. These have grown since the first ISAC in the late 1990’s and now represent over 20 industry sectors. Grant shares his experience in working with an ISAC and how this benefited his organization and the broader CISO community. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Grant_Sewell_Article.pdf Sewell, G. 2019. Experience with an Information Sharing and Analysis Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 116. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp59 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/1/2022 • 26 minutes, 50 seconds
Getting the Board on Board With Security - Richard Clarke - CSP #58
Richard spent several decades serving Presidents of both parties and understands what is necessary to implement effective security programs. Join us as he provides pragmatic tips for working with the Board of Directors to effectively communicate the investment need and articulate the benefits in terms the Board can support. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Richard_A_Clarke_Article.pdf Clarke, R. A. 2019 Getting the Board on Board. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 499. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp58 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/22/2022 • 24 minutes, 58 seconds
Understanding and Preparing for the Next Log4j - Benny Lakunishok - CSP #57
The issues created by the recently disclosed Log4j vulnerability are bigger than you might expect and will have long-lasting implications. So, what was the Log4j vulnerability really, what can be done to reduce the risk it poses to organizations, and how can we better prepare for the next Log4j-level event? Benny Lakunishok, co-founder and CEO of Zero Networks, takes us deeper… Show Notes: https://securityweekly.com/csp57 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/15/2022 • 23 minutes, 20 seconds
A Cost-Effective Approach to Security Risk Management - Jack Jones - CSP #56
Risk management is arguably one of the most important functions of the CISO. How does the CISO establish the value proposition for an investment? Using a well-tested risk framework, Jack discusses how to evaluate and compare the current state of loss exposure and the expected reduction from applying a set of alternative controls. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_Jack_Jones_Article.pdf Jones, J. 2019. Meeting The Cost-Effective Imperative. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 286-7. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp56 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/8/2022 • 32 minutes, 28 seconds
Creating Security Budgets Where There is No Budget - Kevin Richards - CSP #55
Kevin walks through a very creative method of getting the budget necessary. Over the years, security departments acquire tool after tool, sometimes integrated, and many times under-utilized. Kevin describes how to leverage the current environment to “find” new sources of budget to fund the right cybersecurity investments. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_KevinRichards_Article.pdf Richards, K. 2019. Creating Budget Where There Is No Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 482. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp55 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/1/2022 • 26 minutes, 58 seconds
When Should You Just Do It Internally or Hire a Consultant? - John Iatonna - CSP #54
With the talent shortage expected to last many years into the future, when a new cybersecurity skill is needed that is available within the current team, what do you do? Should you hire someone externally, or bring in a consultant? What are the pitfalls of each approach? Join John as he discusses his experience in making these tough decisions. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/12/CISOSTORIES_John_Iatonna_Article.pdf Iatonna, J. 2019. Develop from Within or Hire a Consultant. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 423-4. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp54 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/25/2022 • 27 minutes, 27 seconds
Designing a Shared Vision with IT and the Business - Scott King - CSP #53
The locus of control has been slipping away from IT teams (and by default Security teams), and this "challenge" to IT governance has accelerated post-covid with a more distributed workforce. The fact that IT governance is eroding as easily and quickly should tell IT and infosec teams that they need to ditch their legacy models of service delivery and adopt an approach that addresses the current business needs and digital transformations many companies are undertaking. The security implications of this are significant in that security programs are not typically sized nor funded to deal with one technology approach yet alone two. Scott King, CISO at Encore Capital Group joins the podcast to discuss strategies to remain agile in the face of rapid change. Show Notes: https://securityweekly.com/csp53 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/18/2022 • 25 minutes, 30 seconds
Moving to the Cloud? Don't Forget Hardware Security! - Steve Orrin - CSP #52
While the cloud computing infrastructure is designed to be very agile and flexible, transparency to where the information is being processed is very important due to global privacy and security concerns. Steve discusses approaches to remaining compliant with the various laws (i.e., restricting where the data may reside) when moving to the cloud. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Steve_Orrin_Article.pdf Orrin, S. 2019. Why Hardware Matters in Moving Securely to The Cloud. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 122. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp52 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/11/2022 • 22 minutes, 21 seconds
Privacy Hunger Games: Change The Rules - Samantha Thomas - CSP #51
Information is meant to be shared with others- others that is with a need to know. CISOs may find that their organization is sharing with other entities without proper procedures in place. What if there are 90 of these organizations? Join this podcast to learn from a healthcare CISO who tackled this dilemma and subsequently changed a government law! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Samantha_Thomas_Article.pdf Thomas, S. 2019. Privacy Hunger Games: Change the Rules. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 344. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp51 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
1/4/2022 • 23 minutes, 27 seconds
Server Room to War Room: Enterprise Incident Response - Dawn-Marie Hutchinson - CSP #50
In many organizations, the CISO will be looked at as the leading expert in incident response, but often has little involvement in the selection, planning, and training for the Enterprise Incident Management Program. Listen to Dawn-Marie, who has navigated organizations as a CISO during crisis and consultant to “play like you practice.” To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Dawn-Marie_Hutchinson_Article.pdf Hutchinson, D. 2019. Server Room to War Room…Enterprise Incident Response. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 214-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp50 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/28/2021 • 28 minutes, 50 seconds
CISO Shortlist: Key Issues to Cover for Todays CISOs - Leon Ravenna - CSP #49
As if CISOs don’t have enough to focus on, here’s a few more items that should be top of mind – KAR Global CISO, Leon Ravenna, dives into Cyber Insurance and why D&O requirements may be on the horizon, regulatory burdens and what to expect out of the US Government, how the intersection of Security and Privacy is impacting CISOs, and a little security buzzword bingo and how to deal with the latest “fads” like CASB, ZTNA, SASE and more… Show Notes: https://securityweekly.com/csp49 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/21/2021 • 28 minutes, 14 seconds
The Future Is Now: Model-Driven Security Using Data Science - Jim Routh - CSP #48
Cybersecurity talent shortages are well documented and asking experience cybersecurity professionals to spend countless hours on routine tasks does not promote retention. The adversaries are leveraging data science to attack our enterprises and consumers, and we need to find a better way. This session explores the experience of creating over 300 models using data science, machine learning, and automated incident response to increase the security posture for a major organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Jim_Routh_Article.pdf Routh, J. 2019. Model-Driven Security is Making Fundamental Changes to Security Posture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 163-5. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp48 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/14/2021 • 27 minutes, 29 seconds
CISOs Need Training Too! - Candy Alexander - CSP #47
The CISO has trained the workforce and completed the security awareness month annual training. Well, done! Is training done for the year? No. But what about the CISO? How does the CISO ensure that the proper skills are maintained for the CISO to be able to continue to lead the security organization? Join this podcast to learn from the multiple term-elected ISSA International President. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Candy_Alexander_Article.pdf Alexander, C. 2019. CISO approach to Training. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 478. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
12/7/2021 • 25 minutes, 34 seconds
No Senior Management Buy-in, No Success - Chris Apgar - CSP #46
Are you reporting the same risks each year to management? This may be indicative of a lack of incentive or buy-in from senior management to fund the investments. Join this podcast to learn how to show senior management that funding these initiatives is more than risk avoidance and a cost to the bottom line. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/10/CISOSTORIES_Chris_Apgar_Article.pdf Apgar, C. 2019. Security and Senior Management – Buy-In Is Critical to Success. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 139. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald. Show Notes: https://securityweekly.com/csp46 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/30/2021 • 24 minutes, 25 seconds
Skills I Needed to be a First-Time CISO - Richard Kaufmann - CSP #45
Infosec skills don't necessarily transfer to CISO skills, but CISO skills are 100% transferable to whatever your infosec career looks like. Growth begins outside of your comfort zones, so some of the CISO skills you can work on now include executive storytelling, internal coalition building, and how to be comfortable being uncomfortable… Show Notes: https://securityweekly.com/csp45 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/23/2021 • 23 minutes, 35 seconds
Which Approach Wins: Compliance or Risk? - Mark Burnette - CSP #44
Cybersecurity programs have evolved from the early days of compliance with regulations. Regulations are important and provide the necessary motivation for many organizations to implement security controls that may not otherwise be present, but is this enough? Is it really security? Join this podcast as the differences between compliance and true security are discussed. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/11/CISOSTORIES_Mark_Burnette_ArticleV1.pdf Burnette, M. 2019. The Benefits of Focusing on Risk vs Compliance. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 18. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp44 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/16/2021 • 23 minutes, 19 seconds
Who Is Your SOC Really For? - Ricardo Lafosse - CSP #43
Managing the volume of security events and continuous threat intelligence can be daunting for the largest of organizations. How do you increase the effectiveness of a Security Operations Center (SOC) and share this information across the organization for greater efficiency and adoption? To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Ricardo_LaFosse_Article.pdf Lafosse, R. 2019. Success Implementing A Shared Security Center. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 159. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp43 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/9/2021 • 30 minutes, 40 seconds
Do You Know where Your Data Is? - William Miaoulis - CSP #42
Data is everywhere today as users are working remotely, storing information in the cloud, downloading to USB drives and so on. Join this podcast to learn from a Healthcare CISO and some of the typical common events which take place to expose sensitive information. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_William_Miaoulis_Article.pdf Miaoulis, W. 2019. Do You Know Where Your Data Is? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 368. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp42 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
11/2/2021 • 25 minutes, 54 seconds
The Nexus of Security, Privacy and Trust - Allison Miller - CSP #41
Allison Miller, CISO at Reddit, discusses the challenges across stakeholders from end-users to service providers in addressing the nexus of Security, Privacy and Trust? Should they be equally weighted? In what circumstances does the need for one outweigh the need for the others? What does the future hold for our efforts to find the right balance between them? Show Notes: https://securityweekly.com/csp41 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/26/2021 • 22 minutes, 44 seconds
5 Pitfalls Issuing Information Security & Privacy Policies - Charles Cresson Wood - CSP #40
The interviewee created the landmark ‘gold standard’ policy guidance in the book Information Security Policies Made Easy, now in its 13th version, and has extensively researched and helped organizations develop relevant policies. This podcast discusses the 5 key mistakes individuals make in creating and delivering policies to the organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Charles_Cresson_Wood_Article.pdf Wood, C. 2019. Five Pitfalls to Avoid When Issuing Information Security and Privacy Policies In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 413. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
Learn how to prepare and reduce the risk of the next ransomware event. The guest walks through the lessons learned after managing out of a NotPetya ransomware attack. Will you be ready? Don’t miss this podcast for valuable insights from a real-life scenario. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Todd_Inskeep_Article.pdf Inskeep, T. 2019. Dealing with Notpetya. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 204. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp39 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/12/2021 • 23 minutes, 11 seconds
Security Awareness That Works! - Steven Lentz - CSP #38
October is Security Awareness Month! Security Awareness programs must grab the employee’s attention if they are to succeed. Join the interviewee as he explains how he successfully engaged the workforce through creative and visible security awareness methods! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Steven_Lentz_Article.pdf Lentz, S. 2019. Security Awareness That Works. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 151. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp38 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! https://www.securityweek.com/nist-publishes-cybersecurity-workforce-framework https://www.securityweek.com/professionalizing-cybersecurity-practitioners-0 https://www.securityweek.com/cylance-launches-next-gen-endpoint-security-consumers https://www.securityweek.com/cisos-and-quest-cybersecurity-metrics-fit-business https://www.securityweek.com/whats-real-value-cost-breach-studies Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
10/5/2021 • 24 minutes, 20 seconds
Extending Detection and Response to the Cloud - Kathy Wang - CSP #37
Kathy Wang, CISO at Very Good Security, discusses challenges in extending detection and response capabilities to cloud deployments while also ensuring correlations across traditional networks, endpoints, mobile, and user identities. She explains how managing multi-cloud deployments impact this approach, and how organizations can ensure they have the visibility required to detect and remediate earlier. Show Notes: https://securityweekly.com/csp37 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/28/2021 • 23 minutes, 2 seconds
Security from Scratch: Incident Response on a Shoestring Budget - Sam Monasteri - CSP #36
Every organization must be able to respond to an attack quickly. Join this podcast to learn key steps to implement in an incident response plan without breaking the bank. Sam approaches this issue by simplifying incident response into the 3 ‘P’s. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Sam_Monasteri_Article.pdf Monasteri, S. 2019. Security from Scratch: Incident Response on a Shoestring Budget. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 161. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp36 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/21/2021 • 24 minutes, 11 seconds
Fiscally Responsible Ways to Train/Build Community - Kevin Novak - CSP #35
All organizations must have security awareness training programs to teach basics to end users. Similarly, the technical teams need to be exposed to flexible training that is interesting to them. Join this podcast to learn how to bring company groups together and form your own DEFCON-type event in-house or in partnership with other organizations. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Kevin_Novak_Article.pdf Novak, K. 2019. Fiscally Responsible Ways to Train/Build Community. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 153. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp35 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/14/2021 • 23 minutes, 33 seconds
Communications Before, During and After the Breach - Melanie Ensign - CSP #34
Figuring out what to do after a breach is the wrong time to start the planning process. Communications strategies must be in place well beforehand and there are many benefits to the cybersecurity program for implementing these strategies in advance. Join this podcast to understand how teams benefit from relationships with communication and public relation specialists on their teams. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_Melanie_Ensign_Article.pdf Ensign, M. 2019. Importance of Communications before, during, and after the Breach. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 191. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp34 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
9/7/2021 • 22 minutes, 12 seconds
The Unpatchable Vulnerability That Is Human Nature - Rachel Tobac - CSP #33
Rachel, CEO of SocialProof Security, delves into the inner-workings of social engineering exploits where she leverages her background in neuroscience and behavioral psychology to exploit the unpatchable vulnerability that is human nature. This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
8/31/2021 • 16 minutes, 9 seconds
Did You Ask For (and Get!) Too Much Security Money! - James Christiansen - CSP #32
It seems CISOs are typically lamenting that the security budgets are insufficient. While this can represent a significant problem in achieving information security goals, what happens when you get the funding you asked for and asked to spend it in less time than expected? Join this session for an investment lesson learned you won’t want to miss! To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/07/CISOSTORIES_James_Christiansen_Article.pdf Christiansen, J. 2019. Too Much Security Money? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 502. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp32 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
8/24/2021 • 25 minutes, 43 seconds
Practical Considerations for Managing Your MSSP - Johnathan Nguyen-Duy - CSP #31
For many organizations, large and small, it would be impractical to “skill up” to manage all aspects of cybersecurity. Managed Security Service Providers provide many different services. Join this podcast to learn how to work with the MSSP to ensure that the organization is obtaining the most value. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jonathan_Nguyen-Duy_Article.pdf Nguyen-Duy, J. 2019. Managing the MSSP. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 135. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Show Notes: https://securityweekly.com/csp31
8/17/2021 • 21 minutes, 36 seconds
Achieving Security Buy-in: Change Approach, Not Culture - David Nolan - CSP #30
We need the organization to support the cybersecurity initiatives and thus we try to influence the organization to support these goals for the protection of the organizational assets. If we are failing, is it that the organization did not ‘get it’ or was it our approach? Join this podcast to learn how to achieve that buy-in. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_David_Nolan_Article.pdf Nolan, D. 2019. Achieving Security Buy-In: Change the Approach, Not the Culture. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 470. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp30 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
8/10/2021 • 22 minutes, 55 seconds
Hacking Into Cybersecurity - Kerissa Varma - CSP #29
Kerissa Varma, Group Chief Information Security Officer of Old Mutual Limited, one of the largest financial services organizations on the African continent, discusses the cybersecurity skills shortage and her initiative to recruit brilliant minds from across an array of fields who have skill sets applicable to cybersecurity, but they might not even know it… This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
8/3/2021 • 20 minutes, 12 seconds
CISO Roundtable: Ransomware Attacks and the True Cost to Business - CSP #28
A recent global research report conducted by Cybereason, titled "Ransomware: The True Cost to Business", revealed that the vast majority of organizations that have suffered a ransomware attack have experienced significant impact to the business, including loss of revenue, damage to the organization’s brand, unplanned workforce reductions, and little in the way of relief from cyber insurance policies. An esteemed panel of subject matter experts will examine the research findings and discuss how organizations can better prepare to defend against and respond to a ransomware attack. The event was produced as a live webinar version of the CISO Stories Podcast, a weekly podcast that takes a deep dive on security leadership issues and is produced by Cybereason and the CyberRisk Alliance’s Cybersecurity Collaborative, a prominent CISO networking group. Show Notes: https://securityweekly.com/csp28 View the Cybereason Ransomware Report here: https://www.cybereason.com/ebook-ransomware-the-true-cost-to-business This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
7/30/2021 • 58 minutes, 10 seconds
10 Min for a Call? Managing the Security Product Salesperson - Kevin Morrison - CSP #27
CISOs are approached frequently by salespersons to buy products to reduce risk. How do you manage these relationships? Join this podcast to learn how to respond to the salesperson, reduce time, and select the best products with reduced wasted interaction. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Kevin_Morrison_Article.pdf Morrison, K. 2019. Managing the Security Product Salesperson. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 69. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp27 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them!
7/27/2021 • 22 minutes, 24 seconds
Developing Secure Agile Code Quickly is Very Achievable! - Glenn Kapetansky - CSP #26
Speed to market is the mantra of software development today. This does not mean that a process is not followed, it means that an iterative approach to software development produces code changes and usable code much faster. Join this podcast to learn how security can be imbedded into agile software development to produced fast and secure code. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Glenn_Kapetansky_Article.pdf Kapetansky, G. 2019. Integrating Security with SDLC/Agile Development In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 27. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/20/2021 • 22 minutes, 50 seconds
Protecting the "Crown Jewels" - Steve Durbin - CSP #25
The crown jewels are those assets representing the highest value to the organization and deserve the greatest investment to protect. Join this podcast to learn the importance of protecting these crown jewels throughout the information life cycle. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Steve_Durbin_Article.pdf Durbin,S. 2019. Protecting the “Crown Jewels”. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 77. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleadersFollow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/13/2021 • 22 minutes, 15 seconds
CISOs: Always be a Student, Always be Learning - Phil Attfield - CSP #24
Phil Attfield, CEO and founder at Sequitur Labs, discusses his engineering roots and curius nature that led him to developing software tools and in-house products for modeling, synthesis and verification of telecom and network equipment hardware at Nortel. Phil the challenges involved in development of large-scale security policy and management frameworks and the key security elements of the IoT device lifecycle from design, to build, to sustaining securely. Show Notes: https://securityweekly.com/csp24 Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
7/6/2021 • 27 minutes, 30 seconds
CISO Business Enablement: Getting to 'Yes' as a CISO - Dan Lohrmann - CSP #23
The CISO is often in a position where vulnerabilities are known and implementing a product may result in an insecure product. Should the CISO say ‘no we can’t do that’, or ‘figure out how to make it happen?’ Join this podcast to learn how a CISO was faced with this dilemma where he was asked by the business to implement a technology, where he had stacks of whitepapers indicating the technology was insecure. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dan_Lohrmann_Article.pdf Lohrmann, D. 2019. CISOs Need to be Enablers of Business Innovation-Here Is How. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp23 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/29/2021 • 23 minutes, 31 seconds
Want to Elevate CyberSecurity? Relationships Matter! - Mark Weatherford - CSP #22
Communication in any organization can be a challenge, especially when working with different levels of government and the various funding mechanisms. Join this podcast to lean how one State CISO navigated the rough waters by focusing on relationships and increased security spending and knowledge of security activities across government levels. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Mark_Weatherford_Article.pdf Weatherford, M. 2019. Relationships Matter. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 473. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp22 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/22/2021 • 22 minutes, 57 seconds
Fixing the Talent Shortage: CyberSecurity Talent Initiative - Alexander Niejelow - CSP #21
As threats to the nation’s security grow, there remains a substantial and increasing shortage of skilled cybersecurity professionals. The federal government and private sector can work together to fill their open positions and attract the next generation of motivated mission-driven cybersecurity leaders. This podcast discusses the Cybersecurity Talent Initiative, a federal/private partnership which provides up to $75,000 in student loan assistance for individuals hired by the private sector companies after developing skills through a two-year program in the federal government. Show Notes: https://securityweekly.com/csp21 https://securityweekly.com/wp-content/uploads/2021/06/CTI_Spring-2021-Onepager_corporate.pdf https://securityweekly.com/wp-content/uploads/2021/06/nice_framework062017.pdf This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/15/2021 • 26 minutes, 21 seconds
So You Want to be a Cyber Spy? - Ira Winkler - CSP #20
Ira Winkler, CISO at Skyline Technology Solutions, recounts his amazing journey from wannabe astronaught to NSA intelligence analyst, social engineer, systems hacker and author and some of the crazy things that happened along the way. Ira is considered one of the world’s most influential security professionals and has been named a “Modern Day James Bond” - a title he earned by performing espionage simulations, where he physically and technically “broke into” some of the largest companies in the World, investigated cybercrimes against them, and then telling them how to cost effectively protect their information and computer infrastructure. He continues to perform these espionage simulations, as well as assisting organizations in developing cost-effective security programs and increase security awareness. Show Notes: https://securityweekly.com/csp20 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/8/2021 • 32 minutes, 16 seconds
No Insider Cybersecurity Risk? Guess Again! - Dawn Cappelli - CSP #19
We want to trust our employees and contractors working within our organizations. For the most part, people are doing their jobs with integrity every day. What happens when an employee decides to leave the organization and start their own business – with our Intellectual property or customer lists? Or when an employee downloads material to work at home? Join this podcast to learn how to build an insider risk program to mitigate these threats. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Dawn_Cappelli_Article.pdf Cappelli, D. 2019. Mitigate the Risk of Insiders Stealing Company Confidential Information. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 187. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
6/1/2021 • 23 minutes, 19 seconds
CISOs Cross the Bridge to the Cloud - Jim Reavis - CSP #18
Today most organizations have some of the processing in the cloud. As data moves farther away from the physical control of the organization, this movement provides opportunities of scale, flexibility, and speed. Join this podcast to learn how to use appropriate controls to manage this cloud environment. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Jim_Reavis_Article.pdf Reavis, J. 2019. Building a Bridge to the Future with Cloud Controls Matrix. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 243. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald https://cloudsecurityalliance.org/ https://cloudsecurityalliance.org/education/ccak/ https://cloudsecurityalliance.org/research/cloud-controls-matrix/ Show Notes: https://securityweekly.com/csp18 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/25/2021 • 25 minutes, 8 seconds
Just Fix It: 5 Critical Elements to Protect the Right Assets - Roland Cloutier - CSP #17
We have limited investment dollars and therefore must ensure we are protecting the right assets. The practical side of determining “what” needs to be protected and “how” is a convoluted maze of academics, taxonomies, frameworks, and inconsistent approaches. Here we discuss 5 critical elements to make a difference by developing and effective Critical Asset Protection Program (CAPP). To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_RolandCloutier_Article.pdf Cloutier, R. 2019. Critical Cyber Asset Protection Planning—Learning Concepts and Operational Imperatives for Protecting What Needs to be Protected. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pgs 148-150. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp17 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/18/2021 • 20 minutes, 52 seconds
Passion for Solving Problems is Key to Security - Will Lin - CSP #16
Will Lin, founding team member at ForgePoint Capital and co-creator of the CISO community Security Tinkerers, discusses his passion for technology and how it led him to a career helping security companies launch, as well as his work supporting CISOs through collaboration and knowledge sharing. Show Notes: https://securityweekly.com/csp16 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
5/11/2021 • 28 minutes, 28 seconds
Effective Health Care Security is More Than HIPAA!! - Erik Decker - CSP #15
Healthcare security today is much more complex with integrated clinical systems and connected community networks. No longer are the medical records stored with a single provider. Join this podcast to learn how one Healthcare CISO is forging relationships and having the appropriate risk-based discussions at the right levels to address the challenge. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Erik_Decker_Article.pdf Decker, E. 2019. Healthcare Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 106. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp15 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
All disciplines need to be able to demonstrate added value and track the ability to improve upon the current practices. The board, technical management, auditors, and engineers may each need a different view of the security initiatives performed. Join this podcast to how different metrics can be applied to different groups so each can improve their performance over time. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/04/CISOCOMPASS_Edward_Marchewka_Article.pdf Marchewka, E. 2019. Security Metrics to Measure Program Effectiveness. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 167. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp14 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/27/2021 • 22 minutes, 15 seconds
Necessity is the Mother of Security - Tatu Ylonen - CSP #13
Tatu Ylönen, SSH founder and inventor of Secure Shell, discusses the genesis for the protocol and his keen interest in the application of technological solutions to fundamental cybersecurity challenges... Show Notes: https://securityweekly.com/csp13 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/20/2021 • 18 minutes, 38 seconds
He Fought the FTC Over a Breach & Won - Michael Daugherty - CSP #12
Hopefully you won’t have to hire a lawyer to defend yourself against a government regulator. What happens when the Federal Trade Commission or other powerful body accuses your company of wrongdoing which you do not feel you were responsible for? Join this podcast and hear how the owner of a small company decided to take on the FTC and how he went about choosing a lawyer. The answers will surprise you and provide some useful tips for choosing a lawyer. Show Notes: https://securityweekly.com/csp12 To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MichaelJDaugherty_CCExtract.pdf Daugherty, M. 2019. Finding the Right Lawyer to Defend Your Company. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 337. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/13/2021 • 29 minutes, 17 seconds
Is There a Magic Security Control List? - Tony Sager - CSP #11
Never in history has the cyber defender had access to so many technologies and tools to defend our companies. This has created the “Fog of More”, making the choices difficult to manage. Join the former 35-year NSA software vulnerability analyst and executive manager, and innovator of community-based controls sharing, as he discusses how the CIS controls can be used effectively to manage our environments. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_TonySager_CCExtract.pdf Sager, T.. 2019. Jumpstarting Controls Prioritization Within a Control Framework. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 246. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp11 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
4/6/2021 • 25 minutes, 26 seconds
Doing Security Before Security Was a Career Path - Petri Kuivala - CSP #10
Petri Kuivala, CISO at NXP Semiconductors, recounts his journey from municipal police officer to cybercrimes unit investigator to Chief Information Security Officer during the early days when security was largely an afterthought. Show Notes: https://securityweekly.com/csp10 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/30/2021 • 30 minutes, 9 seconds
The Colonoscopy of CyberSecurity - Lee Parrish - CSP #9
The information and cybersecurity industry have no shortage of regulations and many organizations run down the listing of requirements, load them into an excel spreadsheet to demonstrate compliance. Is compliance the same as security? Join this podcast for an analogy of why compliance is not security and how we can change our organization’s orientation to increasing security. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_LeeParrish_CCExtract.pdf Parrish, L. 2019. The Colonoscopy of Cybersecurity. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 15. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald Show Notes: https://securityweekly.com/csp9 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/23/2021 • 21 minutes, 15 seconds
Going All-in on a Career in Security - Mauro Israel - CSP #8
Mauro Israel, CISO at ORPEA Group, discusses his colorful background and how he - like so many others in the security field - came to discover his true calling late in life but was able to apply his wide range of knowledge and experience to the role of CISO in the healthcare field. Show Notes: https://securityweekly.com/csp8 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/16/2021 • 35 minutes, 25 seconds
Is CyberSecurity ROI Necessary? - Paul Hypki - CSP #7
Information security departments are often challenged to come up with “ROI” or Return on Investment for the information security initiatives. Why should the information security department be any different? Join this podcast and learn why calculating an ROI may not be necessary and how reducing risk has different considerations. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_PaulHypki.pdf Hypki, P. 2019. Where’s the ROI? In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 83. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/9/2021 • 24 minutes, 7 seconds
Your Job is to Make CyberSecurity Simple! - Steve Katz - CSP #6
The CISO role in some organizations is relatively new. The CISO role has actually evolved over the past 25 years since Citibank named the first CISO. Join this podcast to learn how Steve navigated the early days of security and the changes in the role today. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_SteveKatz_CCExtract.pdf Katz, S. 2019. Interview with the First CISO. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 8. Fitzgerald, T. CRC Press, Boca Raton, Fl. www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
3/2/2021 • 28 minutes
...and Other Useless Security Constructs - Robert Bigman - CSP #5
Bob Bigman, former CISO for the CIA, simplifies the conversation by slaughtering some of the industry's most sacred cows like risk tolerance as a key driver for security programs... Show Notes: https://securityweekly.com/csp5 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/23/2021 • 25 minutes, 24 seconds
Without Building CISO EQ, You May be on Your Own! - Marci McCarthy - CSP #4
The CISO must interact with many different groups within the company. These groups differ in the amount of business acumen and technical depth necessary. The CISO must have self-awareness of how to approach each of these different types of stakeholders, as well as ensuring appropriate self-care is taken to limit burnout, stress and anxiety. Join this podcast to learn how to maintain appropriate self-awareness, exercise empathy and emotional intelligence to gain trust of others, and exercise appropriate self-care. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOCOMPASS_MarciMcCarthy_CCArticle.pdf McCarthy, M. 2019. Emotional Intelligence. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 466. Fitzgerald, T. CRC Press, Boca Raton, Fl. To purchase the book: www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/csp for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/16/2021 • 22 minutes, 33 seconds
Doing Privacy Right vs. Doing Privacy Rights - Valerie Lyons - CSP #3
Eric Schmidt (CEO Google 2001-2007) famously noted that his company’s policy was to get ‘right up to the creepy line and not cross it.’ The closer an organization can get to this imaginary line, the greater the profit maximization. When does this become an invasion of privacy? Organizations need to be conscious of where they are in reference to the ‘creepy line.’ Join this podcast to learn how to determine the data collection and processing appropriate for your organization. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_ValerieLyons_CCExtract.pdf Lyons, V. 2019. Doing Privacy Right Vs. Doing Privacy Rights. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 389. Fitzgerald, T. CRC Press, Boca Raton, Fl. To purchase the book: www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
The Cybersecurity Coalition's Ari Schwartz brings us up to date on some of the organization's initiatives and then dives into some of the challenges SLED defenders are facing in trying to do more with less... Show Notes: https://securityweekly.com/csp2 This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/
2/10/2021 • 21 minutes, 37 seconds
Telling Scary Stories to the Board? Stop. Here’s Why. – Mischel Kwon - CSP #1
CISOs today have varied tenures at organizations depending upon their ability to master learning the business of the organization. Join this podcast to learn how to translate information security technical issues into a business-focused language and determine the right amount of technical language to share with executives. To view the article from the CISO COMPASS Book that sparked this interview, please visit: https://securityweekly.com/wp-content/uploads/2021/02/CISOSTORIES_MischelKwon_CCExtract.pdf Kwon, M. 2019. Communicating Security Progress and Needs with Business-focused Leadership. In CISO COMPASS: Navigating Cybersecurity Leadership Challenges with Insights from Pioneers, 1st Ed, pg 30. Fitzgerald, T. CRC Press, Boca Raton, Fl. To purchase the book: www.amazon.com/author/toddfitzgerald This segment is sponsored by Cybereason. Visit https://www.cybereason.com/cisostories to learn more about them! Visit https://securityweekly.com/category-shows/the-ciso-stories-podcast for all the latest episodes! Follow us on Twitter: https://www.twitter.com/cyberleaders Follow us on LinkedIn: https://www.linkedin.com/company/cybersecuritycollaborative/