Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
headphones
CISO Series Podcast

CISO Series Podcast

David Spark, Mike Johnson, and Andy Ellis

Discussions, tips, and debates from security practitioners and vendors on how to work better together to improve security for themselves and everyone else.
bookmark
Share icon

All episodes

Best episodes

Top 10 CISO Series Podcast Episodes

Goodpods has curated a list of the 10 best CISO Series Podcast episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to CISO Series Podcast for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite CISO Series Podcast episode by adding your comments to the episode page.

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Alex Green, CISO, Delta Dental.

In this episode:

  • Is it true that employees cause as many significant cybersecurity incidents as outside threat actors?
  • Does this come down to a lack of awareness or poorly designed security implementation?
  • And what can we do to improve this situation?

Thanks to our podcast sponsor, Silk Security

Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

bookmark
plus icon
share episode
CISO Series Podcast - Who You Gonna Call? LEGAL COUNSEL!
play

06/11/24 • 37 min

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Ryan Bachman, evp and global CISO, GM Financial.

In this episode:

  • A changing of the executive guard?
  • Playing nice with cyber insurance
  • What does leadership want out of a CISO?
  • Who does a CISO call first?

Thanks to our podcast sponsor, Vanta

Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Arvin Bansal, former CISO for Nissan Americas.

In this episode:

  • Why are so many companies unprepared for phone-based social engineering?
  • Why do many orgs not give this attack surface the attention it deserves?
  • Are we doing enough to support whistleblowers in cybersecurity?

Thanks to our podcast sponsor, Palo Alto Networks

As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.

bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Martin Mazor, vp and CISO, onsemi.

In this episode:

  • Has the shine worn off the cybersecurity promise of MFA?
  • Why are threat actors increasingly finding ways to get around it?
  • Given the high profile attacks we've seen getting around MFA, how much security stock should we put into it going forward?

Thanks to our podcast sponsor, Material Security

Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Adam Zoller, svp, CISO at Providence. Joining me is our guest Sam Jacques, vp of clinical engineering, McLaren Health Care.

In this episode:

  • When should cybersecurity be brought into the discussion when a merger is underway?
  • Why is security always going to be an issue in a merger or acquisition?
  • If we know it's so important, why does it always feel like we're reinventing the wheel each time?

Thanks to our podcast sponsor, Claroty

Claroty enables varied sectors to protect their cyber-physical systems, known as the Extended IoT. The platform integrates seamlessly, offering comprehensive controls for visibility, risk management, network protection, and more. Trusted by global leaders, Claroty operates in hundreds of organizations worldwide. Headquartered in NYC, it spans Europe, Asia-Pacific, and Latin America.

bookmark
plus icon
share episode
CISO Series Podcast - We’re Releasing Security Studies of Made Up Numbers
play

03/12/19 • 42 min

Since no one ever checks a research study's methodology, why not just make up all the numbers? You're in the risk analysis business, right? Chances are very good they'll never check and research studies are a great way to get free press.

This show, like all the previous ones is hosted by me, David Spark (@dspark), founder of Spark Media Solutions and Mike Johnson. Our guest this week is Melody Hildebrandt (@mhil1), CISO of FOX.

Thanks to this week's sponsors, Axonius and New Context.

New Context helps fortune 500s build secure and compliant data platforms. New Context created “Lean Security”, a set of best practices designed to help enterprises manage and secure data for critical infrastructure, and offers professional services and a software solution, LS/IQ, to help enterprises build a secure and compliant data platforms for their business.

Huge congrats to Axonius for their two big wins at RSA this year. They were named Rookie Security Company of the Year by SC Media and they also won top prize at RSA’s Innovation Sandbox. They’ve been touted as the company trying to solve the least sexy part of cybersecurity, asset management. Go to Axonius’ site to learn more.

On this episode

Ask a CISO

It’s been reported many times, that the average life of a CISO is 18 months and Mike Johnson lasted 18 months at Lyft. At the time of Mike’s departure so many people were forwarding me articles regarding the stress level of CISOs, most notably around Nominet’s study that claimed that about 1 in 5 CISOs turn to alcohol or self-medicating. With two CISOs on the panel we discuss if this was the most high-pressured job they had and would you be eager and willing to jump back into the CISO role again.

Why is everybody talking about this now?

Couple weeks ago I wrote an article entitled “30 Security Behaviors that Set Off a CISO’s BS Detector.” There was quite a response from the community to this. Now that we’ve just finished RSA, did our CISOs see or hear anything that set off their BS detectors.

What’s Worse?!

We play two rounds of “What’s Worse?!” Both rounds are cases of employees putting security in very compromising positions.

What’s a CISO to do?

When we talk about security we’re often talking about protecting customer and employee data. While all companies have intellectual property they need to protect, at FOX, Melody Hildebrandt is having to deal with some very high profile individual assets that are of interest to many hackers. What are the factors a CISO must consider, that most security people probably aren’t thinking about, when you’re trying to secure a single media asset that’s worth hundreds of millions of dollars?

What do you think of this pitch?

After you hear this pitch, every security professional may be out of a job. Tip of the hat to Christopher Stealey of Barclays for providing this pitch he received.

You’re a CISO, what’s your take on this?

Ameer Shihadeh of Varonis asks a question of trying to overcome the objection from a security professional that they don’t have any security initiatives or projects.

And now this...

We field questions from our audience for the CISOs.

bookmark
plus icon
share episode
CISO Series Podcast - Security Awareness Lifecycle: Turn On, Tune In, Drop Out
play

10/17/23 • 38 min

All links and images for this episode can be found on CISO Series.

When it comes to security awareness, the advice generally doesn't change. There are a set of best practices that have proven to be effective. So we know what we want to tell people. Communicate it consistently. So how do we relay that information without sounding like a broken record?

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Daniel Krivelevich, CTO for Appsec, Palo Alto Networks.

Thanks to our podcast sponsor, Palo Alto Networks

As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.

In this episode:

  • What security measures have been the most successful in preventing cyberattacks?
  • What do we need to better understand about misconfigurations to better secure the cloud?
  • How do we relay this information without sounding like a broken record?
bookmark
plus icon
share episode
CISO Series Podcast - The "Do What We Tell You" Technique Isn't Working
play

08/25/20 • 34 min

All links and images for this episode can be found on CISO Series (https://cisoseries.com/the-do-what-we-tell-you-technique-isnt-working/)

We've yelled, we've screamed, we've complained, and we've whined. Those darn users simply don't do what they tell them to do. I guess we're going to have to give empathy a try.

This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and Mike Johnson. Our guest this week is Michelle Valdez (@scauzim), CISO, OneMain Financial.

Thanks to this week’s podcast sponsor, PlexTrac.

PlexTrac is a revolutionary, yet simple, cybersecurity platform that centralizes all security assessments, penetration test reports, audit findings, and vulnerabilities into a single location. PlexTrac vastly improves the risk management lifecycle, allowing security professionals to generate better reports faster, aggregate and visualize important analytics, and collaborate on remediation in real-time.

On this week's episode

Why is everybody talking about this now

Why hasn't COVID spurned more disaster recovery and business continuity planning roles? This is what Stuart Mitchell, a recruiter at Stott and May, noticed. Obviously, he's not getting that much demand. The community says it's assumed already into many roles. I have to think BCP and DR are everyone's responsibility. If that's the case, has BCP and DR planning increased during this time? Why or why not?

How to become CISO

Are two CISOs better than one? Our guest mentioned that her company has split the CISO role. One, the head of tech, reports to the CTO and the other, our guest's role, CISO and head of cyber risk reports to the chief risk officer. How exactly does this work? And what does our guest believe are the pros and cons of splitting the CISO role this way?

What's Worse?!

This time, no matter what the answer, everyone's going to get in trouble.

And now for a little security philosophy

Chad Loder, Habitu8, said, "Us InfoSec experts spend too much time asking 'How do we get users to care more about security?' and not enough time asking 'How do we get security to care more about users?'" So I asked my host and guest that question, and more importantly, how has that learning about users improved their security team and overall security?

First 90 days of a CISO

William Birchett, CIO of Required Team Gear, asked, "When you start, how much do you know of what security posture you've inherited?" We've talked about this before, but I want you to answer in reflection. What were the biggest surprises (positive or negative) between what you knew starting out and what you discovered after 90 days on the job?

bookmark
plus icon
share episode
CISO Series Podcast - You're Mistaken. I'm Not Annoying. It's Chutzpah.
play

02/04/20 • 41 min

All links and images for this episode can be found on CISO Series (https://cisoseries.com/youre-mistaken-im-not-annoying-its-chutzpah/)

We're pushing just to the edge of irritation on the latest episode of CISO/Security Vendor Relationship Podcast.

This episode was recorded in front of a live audience in Tel Aviv on the eve of the 2020 Cybertech conference. Special thanks to Glilot Capital for hosting this event.

This episode is hosted by me, David Spark (@dspark), producer of CISO Series and founder of Spark Media Solutions and my special guest co-host, Bobby Ford, global CISO for Unilever. Our guest is John Meakin, veteran financial CISO, and currently CISO for Equiniti.

David Spark, producer, CISO Series, Bobby Ford, CISO, Unilver, and John Meakin, CISO, Equiniti.

Thanks to this week's podcast sponsors, Polyrize and Intsights.

As newly adopted SaaS and IaaS services add an additional layer of risk for security teams, Polyrize provides a cloud-centric approach to simplifying the task of protecting user identities and their access across the public cloud by right-sizing their privileges and continuously protecting them through a unified authorization model.

IntSights is revolutionizing cybersecurity operations with the industry’s only all-in-one external threat protection platform designed to neutralize cyberattacks outside the wire. Our unique cyber reconnaissance capabilities enable continuous monitoring of an enterprise’s external digital profile across the clear, deep, and dark web to identify emerging threats and orchestrate proactive response. To learn more, visit intsights.com.

On this week's episode

How do you go about discovering new security solutions?

In an article on LinkedIn entitled, "Why do CISOs take a vendor meeting?" Dutch Schwartz, of AWS said that they take meetings per a recommendation of their staff, their peers, or they have an explicit problem that they've already researched, or they have known unknowns. Are those the reasons to take a meeting with a security vendor? We discuss what meetings CISOs take, and which ones are the most attractive.

It's time for "Ask a CISO"

Israel is known for a thriving startup community. But what I always see is cross pollination between Israel and Silicon Valley when it comes to startups. We discuss what Israeli startups can learn from Silicon Valley and vice versa.

What's Worse?!

We've got two rounds. One agreement and one split vote.

It’s time to measure the risk

Five years ago I wrote an article for CIO.com about the greatest myths of cloud security, The first myth was the cloud is inherently insecure. And the other 19 are ones I'm still hearing today. My conclusion for the whole article was if you can overcome these myths about cloud security, you can reduce risk. In this segment we dispel cloud security myths and explain how the cloud helps reduce risk possibly in ways many of us are not aware.

Close your eyes. Breathe in. It’s time for a little security philosophy.

On this podcast we talk a lot about CISOs needing to understand the business. In a thought-provoking post on Peerlyst, Eh-den Biber, a student of information security at Royal Holloway, University of London, noted that the job of cybsecurity is more than that. It's about understanding the flow of business and being present in the individuals' lives and their stories. We discuss the importance of being present in your users' lives.

It's time for the audience question speed round

The audience has questions and our CISOs have answers. We get through a lot really quickly.

bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series.

This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Kurt Sauer, CISO, Docusign.

We recorded in front of a live audience at Microsoft’s offices in Mountain View, CA as part of the ISSA-Silicon Valley chapter meeting. Check out all the photos from the event.

In this episode:

  • Is a high profile cyberattack the best time for salespeople to come out of the woodwork asking if the affected CISO would like to see their product, which would have helped prevent the attack?
  • Is there any way for a vendor to positively reach out to victims after a cyberattack?
  • Also, what could be some effective ways to invest IP with generative AI to create value for the organization?

Thanks to our podcast sponsors, Veza, Sysdig, and SlashNext

75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.

For businesses innovating in the cloud, every second counts. Sysdig strengthens cyber resilience by reducing the attack surface, detecting threats in real time, and accelerating incident response. Our platform correlates signals across cloud workloads, identities, and services to enable businesses to prioritize risks and act decisively. Sysdig. Secure every second.

SlashNext Complete delivers zero-hour protection for how people work today across email, mobile, and browser apps. With SlashNext’s generative AI to defend against advanced business email compromise, smishing, spear phishing, executive impersonation, and financial fraud, your people are always protected anywhere they work. Request a demo today.

bookmark
plus icon
share episode

Show more best episodes

Toggle view more icon

FAQ

How many episodes does CISO Series Podcast have?

CISO Series Podcast currently has 328 episodes available.

What topics does CISO Series Podcast cover?

The podcast is about News, Security, Infosec, Marketing, Tech News, Podcasts, Technology, Sales and Cybersecurity.

What is the most popular episode on CISO Series Podcast?

The episode title 'BONUS EPISODE: Innovators Spotlight' is the most popular.

What is the average episode length on CISO Series Podcast?

The average episode length on CISO Series Podcast is 36 minutes.

How often are episodes of CISO Series Podcast released?

Episodes of CISO Series Podcast are typically released every 7 days.

When was the first episode of CISO Series Podcast?

The first episode of CISO Series Podcast was released on Jun 1, 2018.

Show more FAQ

Toggle view more icon

Comments