Security Awareness Lifecycle: Turn On, Tune In, Drop Out
10/17/23 • 38 min
All links and images for this episode can be found on CISO Series.
When it comes to security awareness, the advice generally doesn't change. There are a set of best practices that have proven to be effective. So we know what we want to tell people. Communicate it consistently. So how do we relay that information without sounding like a broken record?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Daniel Krivelevich, CTO for Appsec, Palo Alto Networks.
Thanks to our podcast sponsor, Palo Alto Networks
As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.
In this episode:
- What security measures have been the most successful in preventing cyberattacks?
- What do we need to better understand about misconfigurations to better secure the cloud?
- How do we relay this information without sounding like a broken record?
All links and images for this episode can be found on CISO Series.
When it comes to security awareness, the advice generally doesn't change. There are a set of best practices that have proven to be effective. So we know what we want to tell people. Communicate it consistently. So how do we relay that information without sounding like a broken record?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Steve Zalewski. Joining us is our sponsored guest, Daniel Krivelevich, CTO for Appsec, Palo Alto Networks.
Thanks to our podcast sponsor, Palo Alto Networks
As cloud attacks increase, how should AppSec respond? Hear from Daniel Krivelevich, CTO of AppSec at Palo Alto Networks, as he dives into modern application security strategies that can help teams defend their engineering ecosystems from modern attacks. Watch now to level up your AppSec program.
In this episode:
- What security measures have been the most successful in preventing cyberattacks?
- What do we need to better understand about misconfigurations to better secure the cloud?
- How do we relay this information without sounding like a broken record?
Previous Episode
Threats In SaaS Are Closer Than They Appear
All links and images for this episode can be found on CISO Series.
Organizations know that securing SaaS is vital. But polls consistently show they also know their current security isn’t cutting it. With security teams acting more as SaaS supervisors than app owners, how can we reduce the glaring gaps in our SaaS defenses?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Rohan Sathe, co-founder and CTO, Nightfall AI.
Thanks to our podcast sponsor, Nightfall
Nightfall is the leader in cloud data leak prevention. Integrate in minutes with cloud apps such as Slack and Jira to instantly protect data (PII, PHI, Secrets and Keys, PCI) and prevent breaches. Stay compliant with frameworks such as ISO 27001 and more — all powered by Nightfall's industry-leading ML detection.
In this episode:
- With security teams acting more as SaaS supervisors than app owners, how can we reduce the glaring gaps in our SaaS defenses?
- How can we secure new technology without creating new risks?
- If security no longer owns SaaS security, then how can they go about closing these gaps?
Next Episode
A CEO’s Guide To Ignoring Your Security Program (LIVE in Santa Monica)
All links and images for this episode can be found on CISO Series.
Usually the buck stops with the CEO. But for a CISO, what do you do when a CEO wants to exempt themselves from your security program? Whether it's granting privileged network access or just ignoring protocols, it can put a CISO in a tough spot. So how do you deal with a leader that thinks they're above the controls you have in place? Is it enough to document your disagreement or is there anything else you can do in that position?
This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and John C. Underwood, VP, information security, Big 5 Sporting Goods. Joining me is our guest, Joshua Scott, Head of Security and IT, Postman.
Thanks to our podcast sponsor, Veza
75% of breaches happen because of bad permissions. The problem is that you don’t know exactly WHO has access to WHAT data in your environment. For example, roles labeled as “read-only” can often edit and delete sensitive data. Veza automatically finds and fixes every bad permission—in every app—across your environment.
In this episode:
- For a CISO, what do you do when a CEO wants to exempt themselves from your security program?
- How do you deal with a leader that thinks they're above the controls you have in place?
- Is it enough to document your disagreement or is there anything else you can do in that position?
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/ciso-series-podcast-168734/security-awareness-lifecycle-turn-on-tune-in-drop-out-35020364"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to security awareness lifecycle: turn on, tune in, drop out on goodpods" style="width: 225px" /> </a>
Copy