Cloud is a Fresh Start Lamont Orange, CISO of Netskope, returns to the podcast with friend and fellow CISO, George Gerchow of Sumo Logic. They discuss their approaches to crisis management during COVID and the message is clear: it's people first, then business and security. They go on to talk about what diversity looks like [...]
Cyber Curious Mike Hamilton, Founder and CISO of CI Security joins the podcast to talk about his career in cybersecurity. He discusses the founding and purpose of PISCES and how they offer network monitoring at no cost to the public sector. He goes on to talk about the increased cyber threats that have come with [...]
Practical Privacy Jodi Daniels, Practical Data Privacy Advisor, talks about the tools companies can use to keep their data and their employees safe during remote working, including multifactor authentication, strong passwords and virtual private networks. If they don't already have one in place, Jodi recommends that every company develop a remote working policy and revisit [...]
"It is all about who you know in security, and it's a very small industry ... It's really important to have a very good reputation and reach out and connect to people because that's where the jobs are." Olivia Rose, CISO at Large, rejoins the podcast for a conversation about how to get your cyber start. [...]
"In the effort to connect, we are also exposing ourselves to risk" Cat Coode, Data Privacy Expert at Binary Tattoo joins the podcast for a second time. She talks about the digital dangers we face at home as we work remotely and try to stay connected to each other. She cautions that we should be wary [...]
Wide Angle Perspective In this episode, Lamont Orange, CISO of Netskope, joins the podcast to talk about the evolution of the CISO role and skill set now that security has become a business issue. He explains, "It requires cross-functional execution and audit to ensure that your organization is protected. So those soft skills are more [...]
Give People with Potential a Shot "As leaders we need to ask ourselves, can we take a chance on somebody with potential and invest the effort and time to train them and help them get their start?" In this episode, Mike Manrod, CISO of Grand Canyon Education, Inc., joins the podcast to discuss how the [...]
"I hope what will change after this is that we won't try and preplan the disaster. What we will do is we will set the stage so that we can respond quickly and adaptively when something happens." Ohio State University's CISO, Helen Patton, returns to the podcast. Having started her career in business continuity and [...]
Have a Resilient Plan "I think it's really critical to have the fortitude and the resiliency to make it through these things. It's not that you pray you won't have incidents, because you will, it's that you plan for it." Ty Sbano, Chief Security & Trust Officer at Sisense, joins the podcast to talk about how [...]
Deidre Diamond is the founder and CEO of CyberSN, a cybersecurity recruitment specialist. In this edition of our podcast, Deidre talks about the current state of the cybersecurity job market. She shares her view that the initial hiring freeze has passed as companies and professionals realize that life has to move forward. And she discusses [...]
In this FastCast episode, Digital Policy Expert Kristina Podnar talks about marketing during our new normal. She believes the smartest marketers have assessed and adjusted their messaging. Brands don't need to be silent right now, but they do need to be empathetic and focus on the good they can do. Kristina believes that as traditional marketing [...]
Reaching a Distracted Audience Janice Le, Silicon Valley CMO and Startup Advisor, joins the podcast to talk about how brands can reach a distracted market. She sees two approaches to marketing right now, one that highlights how your company can help, and one that ensures your brand is remembered positively once the world is out [...]
Virtual Security Gary Hayslip, CISO at Softbank Investment Advisors, joins the podcast to discuss how he and his team are navigating the challenges posed by a dispersed workforce from cloud adoption to virtual communication tools. As a CISO experienced with the cloud environment, he cautions his peers that 100% cloud does not equal 0% effort; [...]
Kayva Pearlman, XR Safety Initiative's Founder and CEO, joins our host, Ashwin Krishnan, on this podcast to share her concern that we may be losing our hard-won data privacy protection. We are currently seeing privacy regulations relaxed. While we mustn't let data privacy impede the fight against COVID-19, we must be cognizant of the ramifications. [...]
In the first of our new shorter podcasts focused on helping our community navigate our new normal, Helen Patton, CISO at Ohio State University discusses managing cybersecurity in higher education during an era of remote working and learning. 01:17 — Moving teaching online is going to be a process for universities. 03:49 — Privacy and security remain important. [...]
Don't Pay up, Back up In this podcast, Jadee Hanson, CISO at Code42, discusses the perils of breach fatigue and ransomware. She points out fatigue often means we give up, and that is not a lapse we can afford in the cybersecurity space. When asked about ransomware, Jadee's advice is don't pay up, back up. [...]
Giovanni Vigna, CTO at Lastline, joins Ashwin on the podcast for a second time. He expands on his previous analogy of CISOs being like goalkeepers - never praised for goals saved, only criticized for goals scored - and jokes that now they need binoculars to be able to foresee incoming threats. Fortunately for CISOs and [...]
In this episode, Jason Brvenik, CEO of NSS Labs, joins the podcast for a second time. He and Ashwin discuss what makes a successful security program and the paradox of achieving that success for CISOs. Amidst all the marketing noise, Jason believes the continuous assessment of vendors remains crucial in helping enterprises make informed security [...]
In this podcast Emily Mossburg, Global Cyber Leader at Deloitte & Touche joins Ashwin to discuss the broadening of cybersecurity across the enterprise, women in tech, and Deloitte's global cyber strategy for 2020. Emily would like to see more skill diversity in cybersecurity. She explains, "It is critically important that we focus in on some [...]
Cybersecurity ROI Brian Contos, CISO & VP of Technology Innovation at Verodin, sat down with our host, Ashwin Krishnan, at RSAC 2020. In their conversation, Brian points out that it's not enough that CISOs talk business as well as tech to the board. These days they also need to show cybersecurity ROI in terms of dollars [...]
In this podcast Laura Noren, VP of Privacy and Trust at Obsidian Security, discusses the impact of CCPA on privacy and is disappointed that it's very name, California Consumer Privacy Act, "assumes that everyone's most important status in the world is as a consumer." The challenge of managing consumer requests to see data held or request [...]
Jake Kouns, CEO & CISO of Risk Based Security, met with our host, Ashwin Krishnan, at RSAC 2020. They discuss the intelligence gap in cybersecurity and the overwhelming effect of Patch Tuesday. Jake explains, "People need to focus on not just security, but the right security, and in order to do that we need to [...]
In this podcast, Malcolm Harkins, Chief Security and Trust Officer at Cymatic, Simone Petrella, CEO and Founder of CyberVista, Chris Pierson, CEO and Founder of BlackCloak, and Hank Thomas, CEO of Strategic Cyber Ventures join our host Ashwin Krishnan to unpack RSAC 2020. They all agreed that RSA has become a vendor's conference and none of [...]
To mark International Women's Day 2020 and highlight the amazing women making a difference in cybersecurity, we invited 13 of our previous guests to answer a single question. Their responses are collated into this podcast: a snapshot of the industry from the women who are leading it. Diana Kelley, Field CTO at Microsoft, on digital [...]
Dr. Paul Vixie, CEO of Farsight Security and Internet Hall of Famer, joins Ashwin at RSA’s Broadcast Alley to talk about ethical data aggregation. He explains the cybercrime fighting mission behind SIE Europe, the nonprofit he co-founded with Christoph Fishcher and Peter Kruse, saying, “So far, everyone’s giving us high marks for both transparency and [...]
Demystifying Artificial Intelligence and Machine Learning. Diana Kelley, Cybersecurity Field CTO for Microsoft, and Dr. Char. Sample, Cybersecurity Research Fellow at Idaho National Laboratories, join Ashwin on RSA’s Broadcast Alley to discuss their “All that Glitters” talk debunking artificial intelligence and machine learning marketing. In an industry with so many buzzwords and too little understanding, [...]
Community is Key In this podcast, Chris Jacquet, CISO of Hitachi Vantara, discusses the benefits of the CISO community. More than just fellowship, the CISO community is a coalition of skills and knowledge shared to help fight an increasingly agile adversary. Chris explains, "If we don't group ourselves and help ourselves, we won't be successful [...]
Four things no one is telling you about data privacy Industry analyst, Jessica Groopman, joins Ashwin on the podcast to discuss her recent article, “Four Reasons for Optimism on International Privacy & Protection Day.” In sharing her motivation for writing the article she explains, privacy professionals "are confronted with these revelations of data malpractice and [...]
Digital Policy Consultant, Kristina Podnar, joins the podcast to share her thoughts on privacy regulation. CCPA has forced many companies to share their data privacy practices and policies with customers. User experience (UX) is important and as Kristina points out, “they can check the box that they're complying with something, but it doesn't mean that [...]
Help Others, Build Value, Have Fun Will Lin, Partner and Co-Founder of ForgePoint Capital joins the podcast to talk about cybersecurity from the VC perspective. He explains why the entrepreneur-VC relationship is about more than just capital and describes an ecosystem based on mentoring, networking and aligned values. He points out, "When you, as a [...]
Weaponizing the Internet In this episode Stan Lowe, CISO at Zscaler, sits down with our host Ashwin Krishnan to discuss weaponizing the internet, zero trust, digital privacy and much more besides. They begin by talking about the evolution of zero trust and how it supports the business environment security professionals are in today. That environment [...]
Regular Cyber360+ guest, Olivia Rose discusses leadership and her journey as CISO at Mailchimp. She admits it has not been easy. Six months in the role have taught her that to lead effectively, you need to build a trust relationship with your team. For Olivia, "the key was showing my own vulnerability." She let her [...]
Privacy: Just Make It Easy In this episode, host Ashwin Krishnan sits down with longtime friend of the podcast Malcolm Harkins, Chief Security and Trust Officer at Cymatic, and Chris Pierson, CEO of BlackCloak. They discuss the intertwined relationship between security and privacy and how the two need to be balanced. Malcolm explains, “when those [...]
How can companies prepare for, weather, and recover from a breach? In this podcast, Andrea Bonime-Blanc, Founder and CEO of GEC Risk Advisory, offers her best practices for cyber resilience: they begin and end with leadership. She recommends executives build and grow a culture that is cyber resilient, with boards aware of cyber risk and [...]
Business-Background CISO Nina Wyatt, SVP and CISO at Sunflower Bank, discusses the challenges and benefits of being a CISO from a business background. Having a business continuity perspective brings in-depth experience and understanding of what's critical to an organization. The challenges lie in building trust with technologically oriented colleagues. She discusses her work with young people, [...]
Bill Bonney The Human Element Bill Bonney, Cybersecurity Evangelist and Author, joins the podcast to talk about the human element in cybersecurity. He argues that without understanding human motivations and loyalties, security leaders cannot secure their organizations. Education and awareness are key here. If employees feel secure in their personal life, they will have [...]
In his first podcast of 2020, Taylor Lehmann talks about vendor transparency, marketing messaging, and doing the basics. Given recent tensions with Iran, people have been asking how to combat retaliatory cyber attacks from a nation state. Taylor’s answer is the same things you should have been doing all along, the basics: multi-factor authentication, patching, [...]
In his first Cyber360+ podcast for the year, PAS CISO Jason Haward-Grau discusses his prediction for 2020: multi-vector attacks will become the new normal. Appropriately for a January podcast, Jason underlines the importance of covering the basics - not glamorous but essential - and offers his thoughts on the challenge of keeping a security team [...]
In our first episode of 2020, Jimmy Sanders, Head of Information Security at Netflix joins the podcast to talk about Netflix’s unique culture of “freedom and responsibility” and what that means for the information security team. He covers the evolution of cloud security from the perspective of an organization that was an early AWS customer [...]
Digital Policy Consultant Kristina Podnar joins Ashwin to talk about consumer digital privacy. They discuss whether we are tiring of “free” applications and ponder the fair dollar price instead of paying in data. Kristina wonders if we are really aware of how much data is being collected about us with and without our knowledge and [...]
Jason Haward-Grau, CISO at PAS, returns to the podcast to talk about the often overlooked I for integrity in the CIA security triad. The emphasis on confidentiality has been driven by legislation and the emphasis on availability has been driven by business outcomes, but integrity is less well understood. Attackers have turned their attention to [...]
Cybersecurity Technology: Yesterday, Today, and Tomorrow Malcolm Harkins, Chief Security and Trust Officer of Cymatic, and Peter Liebert, Commander of Cyber Operations at the California State Guard, join the podcast to discuss the past, present, and future of cybersecurity technology and offer their predictions for 2020. They talk about the products and practices from the [...]
People, Culture and Customer Empathy - an Entrepreneur's Journey In this episode of the podcast Varun Badhwar, SVP of Prisma Cloud at Palo Alto Networks, discusses growing a cloud security company and RedLock’s journey from startup to acquisition. At inception, a crowded market necessitated an innovative approach to sales and marketing which RedLock achieved by [...]
CISO budget windfall and how to spend it. In this episode of the podcast, we welcome industry stalwart Peter Liebert to the Cyber360+ community. Peter talks about the tragi-comedy of the CISO budget pre- and post-incident and offers recommendations for how to spend that windfall should you receive it. In discussing the onslaught of vendor [...]
Each year Helen Patton, CISO at Ohio State University, poses the same question: which generation is most cyber-risk tolerant? In this podcast she discusses the answers she receives. Are tech-ignorant baby boomers the biggest risk or is it the carefree Gen Zs? Regardless, generalizing about groups isn’t helping CISOs secure organizations, so we’ll see a [...]
On this edition of the Cyber360+ podcast, Digital Policy Consultant Kristina Podnar and Ashwin Krishnan talk about the lack of focus on security in marketing. In her consulting work, Kristina sees that most marketers don’t understand the issues surrounding security and those that do are afraid to face them. A good step forward would be [...]
02:40 — The first 90 days for a CISO are all about assessment. 04:42 — The similarities between a transition in security leadership and a breach. 07:22 — Vendors - it’s about partnership, trust and a relationship. They don’t often offer that. 08:52 — Public sector procurement is slow and very defined. 10:20 — Starting in a new role is all about communication and consistency. [...]
03:11 — Humor as a tool to offer advice on best practices for selling to a CISO 05:43 — The best security salesperson is an ex-practitioner. 07:59 — Stop cold calling. 09:56 — The characteristics of a great salesperson: engagement, knowledge, network. 13:49 — What makes a company a great place to work for a CISO? Tired of the same intrusive sales tactics, [...]
ESG+T 01:39 — ESG+T. Why we must add Tech to Environmental, Social, and Corporate Governance. 04:33 — It all begins with leadership — if corporate leaders think ESG+T is important it will trickle into corporate culture. 05:10 — Examples of the good governance ( Microsoft) and bad governance (Facebook). 07:21 — Managing ESG+T for traditional non-tech companies. 10:06 — These are difficult times but people [...]
A Data-centric Approach Naresh talks data protection, risk awareness, and data-centric security. 02:50 — Protecting intellectual property and trade secrets. 05:51 — Data protection is multifaceted: on-prem, cloud storage, cloud sharing, telecom transit, portable devices. 10:45 — Data-centric security is essential. Educate employees on more than just phishing threats. 16:28 — GDPR is a live example of risk and compliance as two sides [...]
Adaptability 01:55 Do different age demographics require different management styles? 06:18 Customers’ use of your product can be inventive - prepare to be surprised. 10:25 The security team should never operate in a silo; partner with other departments. Olivia Rose, CISO of Mailchimp, joins us for another Cyber360+ conversation. She talks about adapting to a [...]
Chief Scapegoat, Setup, and Sacrifice Officer 02:21— People first - always. We lost that in the 80s and business has suffered as a consequence. 04:15— Trust has been eroded in all areas of society. To regain it in business, we need to show people they come first. 06:29— Outcome-based security services means staying until the job is done. [...]
02:05 — The CISO’s struggle to project positivity in a FUD environment. 04:38 — Make internal conversations partnership-based instead of adversarial. 06:24 — The successful vendor takes a customer-centric view and that means understanding who the CISO is serving. 09:35 — People communicate in different ways. As a CISO, it is crucial to not only listen, but speak to people in their [...]
Kristina Podnar, Digital Policy Consultant, discusses the risks and opportunities brought by digital transformation. 02:00 — Digital natives versus digital immigrants 06:05 — Whose responsibility is it to protect data in third-party apps like Slack? 08:28 — Simple policies and practices can help protect your digital footprint. 10:51 — Vendors have an ethical and moral responsibility to support their customer’s security and privacy [...]
Global Differences in Privacy and Regulation Cat Coode, Data Privacy Expert at Binary Tattoo, talks privacy, misperceptions in cybersecurity, and helping smaller companies find their way through the regulatory maze. 06:54 Perception is the biggest problem in recruiting cybersecurity talent. We need to educate people on how many different roles there are in cyber. [...]
A CISO’s Journey in Healthcare Taylor talks about his journey through healthcare security, the unique loss of life challenges found there, and his personal motivation. 03:34 Vulnerability is necessary to build trust, and trust is crucial in cybersecurity. 07:12 Data breaches are not inevitable. We can do this right. 10:49 [...]
Data Management Lester Godsey, CISO/CPO of the City of Mesa, Arizona, talks data management in the context of privacy, security, responsibility, and regulation. 01:20 You need to understand what your data is and treat it as an asset. 04:36 Implementing a data management program is a good thing, but how do you catch [...]
The IT-OT Convergence Jason discusses relationship building between IT and OT executives and the importance of realizing they share a common goal: safety. 01:59 The drivers in IT and OT are very different. 05:04 There is commonality in IT and OT security - networks, endpoints, firewalls. 09:02 Train OT professionals in security; [...]
Collaboration, Culture and Confidence Olivia talks Mailchimp corporate culture, the need for collaboration in cybersecurity, and how women must shed their doubt and insecurity. 06:55 We need to stop viewing security as a competitive landscape and start collaborating. 10:11 Mailchimp’s absolute customer focus. 13:25 Security is a male-dominated field but has so much to offer women. 15:14 Women must [...]
Bias in AI Helen talks about the dangers of assumption and generalization in AI and ML and how diversity is key in avoiding this. 02:17 Before the technology gets well developed, we have the opportunity to avoid assumption and bias. 05:10 AI and ML provide a risk that we’ll create lack of choice for people. 07:12 You cannot [...]
The Evolving Role of Ethics in Technology Fiona discusses ethics in technology, data as the price, and the danger of ignoring the end user for companies. 05:13 Is cybercrime being redefined by tech ethicists? 10:31 Younger generations are complacent about their data as the price of admission, but companies should not abuse this. 14:46 No enterprise wants [...]
Strategy, Navigation, and Execution in AI Shalini talks strategy for start-ups, bias in AI and machine learning, and tackling diversity in the societal systems that assign value. 04:32 The number of people who know AI and know how to use it needs to increase dramatically. 08:43 An experience of bias led [...]
Context + Value = Informed Decision Making Gary talks about CISOs as business executives specialized in security and risk, understanding context and value in decision making, and the unique environment municipal organizations inhabit. 03:40 CISOs are increasingly making business decisions and viewed as business executives. 05:06 Communication is key in understanding context and value. Then you must [...]
Battling Cybersecurity’s Bias Dinah talks about the bias faced by women, the gradual increase of women in tech, motivating a team, encouraging risk, and her own personal journey. 03:20 How the bias and bullying faced by women in tech turned into a blog and a community: Code Like a Girl. 06:45 The discovery that bullying [...]
The surprise challenge of digitization for CMOs Kristina talks about how the CMO’s role has been redefined by digitization. She covers the privacy issues surrounding unstructured data, the role of employees in social media, and the need to partner across the organization. 03:35 The challenge of data for CMOs. 05:44 Hiring [...]
The Human Element: Cybersecurity’s Weakest or Strongest Link? Malcolm talks about the people perimeter, simplifying to manage risk, and trust as a function of competence and character. 03:58 Humans are a weak link and a strong link. Don’t blame the end user. 05:11 It is possible to change end-user behavior. [...]
5G and OT Jason talks about 5G and the business opportunities it offers as well as the risks in the OT environment. 01:26 5G and how it relates to OT. 06:47 The OT lifecycle is long, especially compared with IT lifecycles. 10:49 The mobile market is saturated. 5G is looking to the enterprise market, the [...]
Cybersecurity's Watchdog Jason offers an insight into the philosophy and work of NSS Labs. He discusses outdated dogma in cybersecurity, offers advice for vendors from large players to scrappy startups, and shares why he chose a career in cyber - he knew it was a domain that would never be mundane. 04:23 Vendors cover a spectrum [...]
Ransomware and Local Government Lester talks ransomware in the government environment, cybersecurity insurance, and data privacy as a two-way street. 02:21 Government is known for being bad at cybersecurity and purchasing insurance. This makes it a perfect malware target. 05:47 Don’t rely on cybersecurity insurance; it’s not a cure all. Look at your overall security [...]
Crowdsource in Cybersecurity Rubric. 05:50 It is as important to learn from your failures as your successes. It shapes you as a leader. 08:23 A company must embody, as part of normal business practices, what it means to do the right thing, then it becomes company culture. 11:88 Quantum computing — the higher the bandwidth, [...]
How to Plug the Skills Gap Tammy talks about identity management, diversity, and the usefulness of mentoring and internships in helping to fill the skills gap. 04:19 Fill the skills gap by recruiting from universities. Encourage students into internships and then groom and mentor them. 08:03 Vendors — you need a relationship and a network [...]
A Digital Geneva Convention Sergio talks about the cyberspace power vacuum, the challenge of ICS cybersecurity, and mental health issues in an incredibly pressured industry. 02:42 ICS cybersecurity is one of the most important and preeminent challenges we face because of the direct relationship to lives. 07:10 There are significant mental health issues in the [...]
Helen discusses the importance of ethics in security teams, vendor relationship goals, and the inherent goodness of the cybersecurity community. 03:17 Part of the CISO role is to translate the business need to the vendor and the vendor product value to the business. 03:49 Higher education cybersecurity risk profiles have a timeline. 07:55 How can [...]
Understanding Risk in Cybersecurity Andrea explains her role as a translator of digital topics into business language to help decision makers better understand strategic risk. She goes on to explore why leadership and culture are crucial in managing risk, the monetization of data and our tech addiction, and the need for the different stakeholders in [...]
The storytelling CISO who leads by example Gary points out that a CISO’s hardest job is to help executives understand the value of cybersecurity and shares that storytelling is invaluable in gaining trust and promoting understanding. 02:34 In a breach the CISO does not own 100 percent of the blame. 03:46 CISO’s help manage risk, [...]
Back to Basics Scott shares his lessons from 30 years at the FBI. He states that 90 percent of cybercrime could be prevented with simple user education and cautions us all to know what our children are doing on the internet. 02:20 Nobody ever expects to be a victim of cybercrime. From large companies to [...]
Operational Technology is Underrepresented in Cybersecurity Jason talks about cyber crime in OT and the huge impact it has on human life, infrastructure, and energy resources. He discusses the importance of frameworks in encouraging good, ethical behavior and shares his thoughts on digital consumer rights being determined by geography. 02:41 OT is underrepresented and little [...]
Vendors Know Where Their Products Fail In his second podcast with UberKnowledge Malcolm suggests the cyber skills shortage has been created by the industry’s own approaches. He believes security needs to be about protecting business outcomes and suggests the best way to do this is to factor security and privacy into the design of technology. [...]
The Rise of the Cyber Industrial Complex Malcolm declares the security industry is not to be trusted because it profits from insecurity. 00:23 Non-traditional beginnings to a CSO career. 02:02 The unusual role of a CSO in a vendor. 02:24 Security needs to crawl out from under IT because it touches every aspect of the [...]
Cybersecurity Is Akin to Cancer Research Diana focuses on the importance of data-centric security in the cloud and reminds security practitioners that cybersecurity is a career-long fight. 00:27 Diana’s career trajectory and her trifold perspective as practitioner, vendor, and analyst 2:44 Data-centric security in the cloud 3:22 The triumvirate of security: confidentiality, integrity, availability 6:22 [...]
Cultivate Innovation within a Policy Safe Zone Kristina discusses the evolution of GDPR and is surprised by the readiness ratio of global multinationals to small and medium enterprises. She draws a clever analogy of digital policies as a backyard boundary: a safe space to be creative in not a restrictive yoke. For women in cyber, [...]
Magda talks about the rise of the CyberFeminist and discusses the evolving definition of identity. 02:12 The rise of the CyberFeminist 04:24 A day in the life — how CISOs can learn to speak business 11:45 How can CISOs keep up with security in the cloud 14:32 Technami! 18:00 Address security at the beginning of [...]
The Ever-Changing Role of a CISO 1:49 The conversation that CISOs and CIOs need to have 3:20 Should CISOs be influencing the vendor road map? 6:12 The critical skill set for the future CISO? Speak business and know data analytics. 10:26 The challenge of the duality of the CISO role, aka: the toggle switch 12:41 [...]
Your Network is the Key to Your Success Tammy offers vendors advice on deepening relationships and building networks and opines on the most critical, yet overlooked, security issue - the basic security foundations of asset inventory, security and protection. 01:56 Advice for vendors: it’s all about the relationship. 03:44 The importance of networking and branding [...]
