CISO Series Podcast

David Spark, Mike Johnson, and Andy Ellis

  • 34 minutes 15 seconds
    I Don’t Want Insider Risk. You Take It.

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Abhishek Agrawal, CEO and co-founder, Material Security.

    In this episode:

    • What does defense in depth look like in the cloud?
    • Collaborating on insider risk
    • Email is a vector and a target
    • Understand risk during an IPO

    Thanks to our podcast sponsor, Material Security!

    Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

    16 July 2024, 10:00 am
  • 38 minutes 45 seconds
    How to Get the Most for Yourself Through Altruism

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Jana Moore, CISO, Belron.

    In this episode:

    • SEC disclosure rules require cyber readiness
    • Breaking up the “boys club”
    • Building a threat intelligence ecosystem
    • Blending InfoSec communities and careers

    Thanks to our podcast sponsor, Vanta!

    Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

    9 July 2024, 10:00 am
  • 38 minutes 46 seconds
    Who Owns AI Risk? NOT IT!

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Jason Clark, chief strategy officer, Cyera.

    In this episode:

    • Does AI require new security measures? 
    • Meeting the new SEC requirements
    • Empowerment through data security
    • Upskilling with Gen AI?

    Thanks to our podcast sponsor, Cyera!

    Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

    2 July 2024, 10:00 am
  • 40 minutes 19 seconds
    How About This? Only Attack the Endpoints We Configured

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest and winner of Season 2 of Capture the CISO, Russell Spitler, CEO and co-founder, Nudge Security.

    In this episode:

    • The Gordian knot of EDR
    • Can we keep up with patching?
    • Making AI practical
    • Standardization or granularity?

    Thanks to our podcast sponsor, ThreatLocker!

    ThreatLocker® is a global leader in Zero Trust endpoint security offering cybersecurity controls to protect businesses from zero-day attacks and ransomware. ThreatLocker operates with a default deny approach to reduce the attack surface and mitigate potential cyber vulnerabilities. To learn more and start your free trial, visit ThreatLocker.com.

    25 June 2024, 10:00 am
  • 37 minutes 19 seconds
    The Post-it Note Clearly Says “Don’t Share” Right Under My Password

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our sponsored guest, Allan Alford, CISO, Eclypsium.

    In this episode:

    • Evolving public-private partnerships
    • New technology, but not a new challenge
    • Securing the hidden layers of the supply chain
    • Balancing usability and control

    Thanks to our podcast sponsor, Eclypsium

    Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.

    18 June 2024, 10:00 am
  • 37 minutes 53 seconds
    Who You Gonna Call? LEGAL COUNSEL!

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Ryan Bachman, evp and global CISO, GM Financial.

    In this episode:

    • A changing of the executive guard?

    • Playing nice with cyber insurance

    • What does leadership want out of a CISO?

    • Who does a CISO call first?

    Thanks to our podcast sponsor, Vanta

    Whether you’re starting or scaling your security program, Vanta helps you automate compliance across SOC 2, ISO 27001, and more. Streamline security reviews by automating questionnaires and demonstrating your security posture with a customer-facing Trust Center. Over 7,000 global companies use Vanta to manage risk and prove security.

    11 June 2024, 10:00 am
  • 37 minutes 25 seconds
    I’m Rewarding Your Successful Use of the Security Budget by Giving You Less of It

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is my guest, Aamir Niazi, executive director and CISO, SMBC Capital Markets.

    In this episode:

    • Communicating security accomplishments

    • Spotting red flags in an interview

    • What does offensive security look like today?

    • Where Gen AI is fitting into cybersecurity

    Thanks to our podcast sponsor, Cyera

    Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

    4 June 2024, 10:00 am
  • 44 minutes 3 seconds
    Ransomware? Why’d It Have to Be Ransomware? (Live in San Francisco)

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF.

    In this episode:

    • Are companies taking the air out of the open source balloon?

    • What’s broken about cybersecurity hiring?

    • Do we need minimum requirements for cybersecurity knowledge in sales?

    Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI

    Devo replaces traditional SIEMs with a real-time security data platform.

    Devo’s integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time.

    Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark.

    NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.

    28 May 2024, 10:00 am
  • 34 minutes 30 seconds
    You Can’t Leak What You Don’t Collect

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Jeremiah Roe, advisory CISO, OffSec.

    In this episode:

    • What happens as data minimization in the US changes from a potential policy goal to a regulatory imperative?

    • How does this impact the rest of the industry?

    • How do CISOs start getting ready for compliance?

    • How to improve cybersecurity training and development?

    Thanks to our podcast sponsor, OffSec

    OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

    21 May 2024, 10:00 am
  • 35 minutes 48 seconds
    Our Help Desk Plaque Reads “Over 100,000 Threat Actors Served”

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Martin Mazor, vp and CISO, onsemi.

    In this episode:

    • Has the shine worn off the cybersecurity promise of MFA?

    • Why are threat actors increasingly finding ways to get around it?

    • Given the high profile attacks we've seen getting around MFA, how much security stock should we put into it going forward?

    Thanks to our podcast sponsor, Material Security

    Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

    14 May 2024, 10:00 am
  • 44 minutes 55 seconds
    Can’t Talk, I’m Onboarding My Kids To Their First Soccer Practice (Live in Mountain View, CA)

    All links and images for this episode can be found on CISO Series.

    This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor.

    In this episode:

    • Has the line between work and personal devices blurred?

    • Why are we seeing signs that that line no longer exists for employees?

    • What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices?

    Thanks to our podcast sponsors, Eclypsium and Normalyze

    Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark

    Where is my data? Is it sensitive? Who has access to the data? What are the risks? What is the cost of exposure? Am I compliant now? Enter Normalyze. Normalyze’s agentless, machine-learning scanning platform continuously discovers sensitive data, resources, and access paths in all cloud environments. Learn more.

    7 May 2024, 10:00 am
  • More Episodes? Get the App
© MoonFM 2024. All rights reserved.