Log in

goodpods headphones icon

To access all our features

Open the Goodpods app
Close icon
headphones
Defense in Depth

Defense in Depth

David Spark, Steve Zalewski, Geoff Belknap

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
profile image

1 Listener

bookmark
Share icon

All episodes

Best episodes

Top 10 Defense in Depth Episodes

Goodpods has curated a list of the 10 best Defense in Depth episodes, ranked by the number of listens and likes each episode have garnered from our listeners. If you are listening to Defense in Depth for the first time, there's no better place to start than with one of these standout episodes. If you are a fan of the show, vote for your favorite Defense in Depth episode by adding your comments to the episode page.

Defense in Depth - Information Security vs. Cybersecurity
play

08/15/24 • 26 min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and John Underwood, vp, information security, Big 5 Sporting Goods. Joining us is our guest, Mike Lockhart, CISO, EagleView.

In this episode:

  • Marketing versus strategy
  • A distinction without a difference?
  • Terminology follows function
  • Security convergence

Thanks to our podcast sponsor, Scrut Automation

Scrut Automation allows compliance and risk teams of any size to establish enterprise-grade security programs. Our best-in-class features like process automation, AI, and 75+ native integrations reverse compliance debt and help manage risk proactively as your business grows. Visit www.scrut.io to learn more or schedule a demo.

profile image

1 Listener

bookmark
plus icon
share episode
Defense in Depth - Cybersecurity Budgets

Cybersecurity Budgets

Defense in Depth

play

11/03/22 • 26 min

All links and images for this episode can be found on CISO Series

Cybersecurity budgets are increasing, by a lot. What's fueling the increase and where are those budgets being spent?

Check out this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest sponsored guest Nick Kakolowski, senior director of research at IANS Research.

Thanks to our podcast sponsor, IANS Research

CISOs, how does your compensation compare with your peers? Download IANS + Artico Search's 2022 CISO Compensation Benchmark Report. Find objective insights and comprehensive compensation data from over 500 CISOs across the U.S. and Canada.

In this episode:

  • What's fueling the increase in cybersecurity budgets and where are those budgets being spent?
  • Do we understand where the money is being spent? Is it on new hires? More tooling?
  • Does training new hires provide a good ROI for an increased budget?
  • Should we equate the success of a security program with the size of the budget? Or not?
bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap). Joining us is Dennis Pickett, vp, CISO, Westat.

In this episode:

  • Not all education requires tests
  • Understand your users
  • Building reflexes
  • An ounce of prevention

Thanks to our podcast sponsor, Concentric AI

Concentric AI’s DSPM solution automates data security, protecting sensitive data in real-time. Our AI-driven solution identifies, classifies, and secures on-premises and cloud data to reduce risk across your enterprise. Seamlessly integrated with tools like Microsoft Copilot, Concentric AI empowers your team to innovate securely and maintain compliance all while eliminating manual data protection tasks.

Ready to put RegEx and trainable classifiers in the rear view mirror? Contact Concentric AI today!

bookmark
plus icon
share episode
Defense in Depth - Managing Data Leaks Outside Your Perimeter
play

04/18/24 • 29 min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian.

In this episode:

  • How to manage data leaks outside your perimeter?
  • When data leaks increasingly come from third-parties, what can you do to protect your organization?
  • How do we even begin to address this problem?
  • Is there a one size fits all fix?

Thanks to our podcast sponsor, GitGuardian

GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com

bookmark
plus icon
share episode

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Richard Ford, CTO, Praetorian.

In this episode:

  • When did we all agree that red teaming was about validating security?
  • Does it seem like increasingly red teaming is a catch all term for a whole lot of testing that isn't clearly defined?
  • Is this making it hard to see its value?
  • Can moving red teaming upstream be more valuable to your organization?

Thanks to our podcast sponsor, Praetorian

Praetorian helps companies adopt a prevention-first cybersecurity strategy by actively uncovering vulnerabilities and minimizing potential weaknesses before attackers can exploit them.

bookmark
plus icon
share episode
Defense in Depth - Tracking Anomalous Behaviors of Legitimate Identities
play

02/15/24 • 34 min

All links and images for this episode can be found on CISO Series.

The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security.

In this episode:

  • Where are we in terms of monitoring anomalous behavior of our users?
  • Why are we still struggling to understand what happens after threat actors are in our networks?
  • How are new AI-based tools helping us to scale efforts?
  • What's working and where do we need to improve?

Thanks to our podcast sponsor, Reveal Security

Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security

bookmark
plus icon
share episode
Defense in Depth - How to Think Like a Cybercrook
play

03/17/22 • 31 min

All links and images for this episode can be found on CISO Series

"If you want to catch a cybercrook, you need to think like one." But how do you actually go about thinking like a cybercriminal? What's the actual process?

Check out this post and this post for the discussions that are the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.

Our guest is Brian Brushwood (@shwood), creator of Scam School and World's Greatest Con. Plus he's launched multiple channels with millions of subscribers and multiple number one comedy albums. Plus, he's a touring magician. He's our first non-cyber professional guest, but he is so perfect for this episode.

Thanks to our sponsor, Varonis

On average, an employee can access 17 million files on day one. Varonis will show you where critical data is vulnerable, detect anomalies, and automatically right-size privileges to get you to “Zero Trust.” Their data security platform can test your ransomware readiness and show you where you stack up. Learn more at www.varonis.com/cisoseries.

In this episode:

  • How much does actively thinking like a crook help build your cyber defenses?
  • How do you actually go about thinking like a cybercriminal
  • How do you break down their process?
bookmark
plus icon
share episode
Defense in Depth - Inherently Vulnerable By Design
play

12/17/20 • 26 min

All links and images for this episode can be found on CISO Series (https://cisoseries.com/defense-in-depth-inherently-vulnerable-by-design/)

Much of what we do as practitioners is to prevent inadvertent security problems - oversights, zero-days, etc. What about inherent and unavoidable problems? When the very design of the thing requires a lack of security? What do you do then?

Check out this post for the basis for our conversation on this week’s episode which features me, David Spark (@dspark), producer of CISO Series, co-host Allan Alford (@allanalfordintx), and our sponsored guest is Dan Woods, vp of the Shape Intelligence Center, F5.

Thanks to this week's podcast sponsor, F5.

External threats to your organization’s security are constantly evolving. Your apps need broad and preventive protection from bot attacks that cause large-scale fraud, higher operational costs, and problems for your users. And they need to be optimized for secure operation internally. Silverline Shape Defense helps you stay ahead of cyber threats and fraud. Get a free trial.

On this episode of Defense in Depth, you’ll learn:
  • The mere act of conducting business requires you to have certain procedures that would make you vulnerable. Simple things like taking customer information to create user accounts and processing credit cards. That's inherent to doing business, and by opening that up, it makes you vulnerable.
  • A lot of this inherent vulnerability comes down to having users or customers and needing to authenticate them.
  • When you start a business you're also accepting the inherent vulnerability and you have to ask yourself to what level can the business function having that vulnerability abused? It's all about risk appetite.
  • Two factor authentication sure is nice, but there has to be multiple "behind the scenes" authentications going on to verify identity continuously.
  • As you're collecting all these additional data points you can use that information to ask the user to verify.
  • Provide discounts to customers and users for good security practices. Insurance companies do this with people who prove safe driving practices. It could be a win-win for everybody. For example, with Mailchimp, they give you a discount if you enable 2FA. Why not offer a discount for a really long and complicated password?
  • One of the major issues is the password reset process happens through email. Email wasn't designed for critical authentication. Many hacks happen through the reset process via email.
bookmark
plus icon
share episode
Defense in Depth - Building a Cyber Strategy for Unknown Unknowns
play

11/16/23 • 29 min

All links and images for this episode can be found on CISO Series.

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Himaja Motheram, Censys.

In this episode:

  • How can one create a security program around unknown problems?
  • Don’t we know a lot of the things we lack visibility into that can cause security issues?
  • But what about the things you don't even know about in the first place?
  • Will that thing we don't even know to look at, ever cause a security issue?

Thanks to our podcast sponsor, Censys

Censys is the leading Internet Intelligence Platform for Threat Hunting and Exposure Management. We provide the most comprehensive, accurate, and up-to-date map of the internet, which scans 45x more services than the nearest competitor across the world’s largest certificate database (>10B). Learn more at www.censys.com.

bookmark
plus icon
share episode
Defense in Depth - How Should Security Vendors Engage With CISOs?
play

05/04/23 • 37 min

All links and images for this episode can be found on CISO Series.

One CISO has had enough of the security vendor marketing emails and cold sales calls. He's blocking them all. But it's not a call to avoid all salespeople. He just doesn't have the time to be a target anymore. So how should vendors engage with such a CISO? And does CISO represent most CISOs today?

Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. We welcome our sponsored guest Joy Forsythe, VP, Security, Thrive Global.

Thanks to our podcast sponsor, Code42

Code42 is focused on delivering solutions built with the modern-day collaborative culture in mind. Code42 Incydr tracks activity across computers, USB, email, file link sharing, Airdrop, the cloud and more, our SaaS-based solution surfaces and prioritizes file exposure and data exfiltration events. Learn more at Code42.com.

In this episode:

  • How should vendors engage with CISOs who are tired of being targeted?
  • How can vendors reach CISOs who have had enough of the security vendor marketing emails and cold sales calls?
  • Does CISO represent most CISOs today?
  • Is the sales "system" essentially broken?
bookmark
plus icon
share episode

Show more best episodes

Toggle view more icon

FAQ

How many episodes does Defense in Depth have?

Defense in Depth currently has 284 episodes available.

What topics does Defense in Depth cover?

The podcast is about News, Security, Infosec, Tech News, Podcasts, Technology and Cybersecurity.

What is the most popular episode on Defense in Depth?

The episode title 'Information Security vs. Cybersecurity' is the most popular.

What is the average episode length on Defense in Depth?

The average episode length on Defense in Depth is 29 minutes.

How often are episodes of Defense in Depth released?

Episodes of Defense in Depth are typically released every 7 days.

When was the first episode of Defense in Depth?

The first episode of Defense in Depth was released on Jan 21, 2019.

Show more FAQ

Toggle view more icon

Comments