The CISO: Guardian of the Digital Realm (SPECIAL EPISODE) - Ep 74
12/06/23 • 20 min
Welcome to Reimagining Cyber, where we explore the evolving role of the Chief Information Security Officer (CISO). In this special episode, Stan and Rob present a compilation of insightful clips from previous episodes.
First up, Parham Eftekhari, Executive Vice President of the Cyber Risk Alliance, discusses the transformation of the CISO role into that of a business leader. He emphasizes the importance of understanding the business side of the organization and acting as a liaison between security priorities and business leaders.
Next, Tim Rohrbaugh, former CISO of JetBlue, shares his perspective on the budgeting process for information security organizations. He emphasizes the need for the CISO to have face time with the audit committee and stakeholders, suggesting that the budget should be tied to IT metrics.
Moving to the federal sector, Nick Ward, former CISO for the Department of Justice, discusses the executive order focused on enhancing cybersecurity. He delves into supply chain risk management and the tools provided by the executive order to prioritize and secure critical software.
Roland Cloutier, former TikTok CISO, explores the challenges of securing artificial intelligence implementations. He emphasizes the importance of understanding AI infrastructure, data stores, and API connections while highlighting the need for effective network protection.
Jeff Brown, CISO of the state of Connecticut, contrasts the role of a CISO in state government with that in the private sector. He emphasizes the benefits of information sharing and collaboration among state CISOs.
Taylor Hersom explores the concept of virtual CISOs, discussing the value of leveraging external expertise, especially for startups and scale-ups. He suggests that smaller companies can benefit from third-party resources before considering a full-time CISO.
In a special segment featuring female leaders in information security, Phyllis Woodruff, Tammy Schuring, and Lori Sussman share their experiences and insights. They highlight the importance of women owning their skills, embracing their unique attributes, and creating new pictures of leadership.
This episode provides a comprehensive overview of the evolving CISO role, covering topics such as business alignment, budgeting, federal cybersecurity initiatives, AI security, virtual CISOs, and the contributions of female leaders in the field. Join us as we continue to reimagine cyber in the ever-changing landscape of information security.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Welcome to Reimagining Cyber, where we explore the evolving role of the Chief Information Security Officer (CISO). In this special episode, Stan and Rob present a compilation of insightful clips from previous episodes.
First up, Parham Eftekhari, Executive Vice President of the Cyber Risk Alliance, discusses the transformation of the CISO role into that of a business leader. He emphasizes the importance of understanding the business side of the organization and acting as a liaison between security priorities and business leaders.
Next, Tim Rohrbaugh, former CISO of JetBlue, shares his perspective on the budgeting process for information security organizations. He emphasizes the need for the CISO to have face time with the audit committee and stakeholders, suggesting that the budget should be tied to IT metrics.
Moving to the federal sector, Nick Ward, former CISO for the Department of Justice, discusses the executive order focused on enhancing cybersecurity. He delves into supply chain risk management and the tools provided by the executive order to prioritize and secure critical software.
Roland Cloutier, former TikTok CISO, explores the challenges of securing artificial intelligence implementations. He emphasizes the importance of understanding AI infrastructure, data stores, and API connections while highlighting the need for effective network protection.
Jeff Brown, CISO of the state of Connecticut, contrasts the role of a CISO in state government with that in the private sector. He emphasizes the benefits of information sharing and collaboration among state CISOs.
Taylor Hersom explores the concept of virtual CISOs, discussing the value of leveraging external expertise, especially for startups and scale-ups. He suggests that smaller companies can benefit from third-party resources before considering a full-time CISO.
In a special segment featuring female leaders in information security, Phyllis Woodruff, Tammy Schuring, and Lori Sussman share their experiences and insights. They highlight the importance of women owning their skills, embracing their unique attributes, and creating new pictures of leadership.
This episode provides a comprehensive overview of the evolving CISO role, covering topics such as business alignment, budgeting, federal cybersecurity initiatives, AI security, virtual CISOs, and the contributions of female leaders in the field. Join us as we continue to reimagine cyber in the ever-changing landscape of information security.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Previous Episode
Cover All Bases: Application Security Testing - Ep 73
In this insightful episode of "Reimagining Cyber," hosts Rob Aragao and Stan Wisseman underscore the criticality of deploying diverse testing methods, including Static Application Security Testing (SAST) and Dynamic Application Security Testing (DAST), for a comprehensive assessment and effective mitigation of vulnerabilities in the cyber landscape.
The hosts meticulously explore the nuances differentiating SAST and DAST, highlighting that SAST involves meticulous inside-out analysis through source code examination, while DAST employs a strategic outside-in analysis by rigorously testing running applications. Delving into the intricacies, they address challenges related to false positives in static analysis and illuminate coverage issues within dynamic testing methodologies.
The conversation seamlessly extends to emphasize the paramount importance of seamlessly integrating security testing into the development workflow, thereby minimizing friction for developers. The hosts delve into the evolving role of developers in the realm of security testing, showcasing a notable shift towards early integration of dynamic tests within the software development lifecycle.
Introducing the pivotal concept of Software Composition Analysis (SCA), the hosts accentuate its indispensable role in the identification and management of vulnerabilities stemming from open-source components. They underscore the significance of comprehensive awareness about the components utilized in applications, enabling swift responses to zero-day vulnerabilities and adeptly addressing licensing concerns.
Conclusively, the discussion advocates for a holistic approach to application security, encompassing SAST, DAST, and SCA methodologies. The hosts ardently stress the necessity of striking an optimal balance between development velocity and rigorous testing to proactively avert the potential high costs and repercussions associated with security breaches. Stay tuned for actionable insights that empower your cybersecurity strategy!
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Next Episode
Data Security Unleashed - Ep 75
Welcome to another episode of Reimagining Cyber with Rob and Stan. In this episode, we dive deep into the crucial topic of data security. Stan shares insights from a recent cybersecurity event in Texas, emphasizing the growing threat of ransomware and the need for a dynamic approach to protect sensitive data.
Key Points:
1. Ransomware Challenges: Stan highlights the evolving landscape of ransomware attacks, where bad actors not only encrypt data but also extract and blackmail organizations. The importance of a robust backup strategy, including tiered storage with offline or air-gapped options, is emphasized.
2. Classification and Categorization of Data: Rob and Stan discuss the significance of understanding the types of sensitive data within an organization. They draw parallels to the Defense Department's classification system and stress the need for businesses to categorize their data to implement effective security measures.
3. SEC Cyber Ruling: The upcoming SEC ruling becomes a focal point, driving organizations to reassess their data security strategies. Rob explains how privacy regulations and regulatory actions, like the SEC ruling, act as catalysts for organizations to enhance their data security.
4. Discovering Hidden Risks: The hosts underscore the importance of comprehensive data discovery, revealing hidden risks and outdated systems. Stan likens undiscovered data to "toxic data" and emphasizes the need for continuous clean-up efforts to reduce both risk and costs.
5. AI and Bias in Data: The conversation shifts to the integration of AI in cybersecurity and the challenges of preventing bias in AI models. Stan discusses the importance of cleansing sensitive data before ingestion into AI models and the broader issue of unintentional biases in AI.
Conclusion: Rob and Stan wrap up the episode by reflecting on the evolution of cybersecurity terminology, from computer security to information assurance and now cyber security. They stress the multi-faceted nature of protecting information and the continuous effort required in today's dynamic threat environment.
Follow or subscribe to the show on your preferred podcast platform.
Share the show with others in the cybersecurity world.
Get in touch via [email protected]
As featured on Million Podcasts' Best 100 Cybersecurity Podcast and Best 70
Chief Information Security Officer CISO Podcasts rankings.
Reimagining Cyber - real world perspectives on cybersecurity - The CISO: Guardian of the Digital Realm (SPECIAL EPISODE) - Ep 74
Transcript
[00:00:00] Stan Wisseman: Welcome to another edition of Reimagining Cyber. This is Stan, and we decided to do something a little different today. Rob and I, along with our producer Ben, have pulled together a number of clips from previous episodes. And the theme is around being in the role of the Chief Reformation Security Officer.
[00:00:21] And so we're going to start off today with an episode. With Parham Eftekhari, it was episode 17, titled Cybersecu
If you like this episode you’ll love
Episode Comments
Generate a badge
Get a badge for your website that links back to this episode
<a href="https://goodpods.com/podcasts/reimagining-cyber-real-world-perspectives-on-cybersecurity-221738/the-ciso-guardian-of-the-digital-realm-special-episode-ep-74-38782672"> <img src="https://storage.googleapis.com/goodpods-images-bucket/badges/generic-badge-1.svg" alt="listen to the ciso: guardian of the digital realm (special episode) - ep 74 on goodpods" style="width: 225px" /> </a>
Copy