CISO Series Podcast

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is my guest, Aamir Niazi, executive director and CISO, SMBC Capital Markets. In this episode: Communicating security accomplishments Spotting red flags in an interview What does offensive security look like today? Where Gen AI is fitting into cybersecurity Thanks to our podcast sponsor, Cyera Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is Steve Zalewski, co-host, Defense in Depth. Recorded live at BSidesSF. In this episode: Are companies taking the air out of the open source balloon? What’s broken about cybersecurity hiring? Do we need minimum requirements for cybersecurity knowledge in sales? Thanks to our podcast sponsors, Devo, Eclypsium & NetSPI Devo replaces traditional SIEMs with a real-time security data platform. Devo’s integrated platform serves as the foundation of your security operations and includes data-powered SIEM, SOAR, and UEBA. AI and intelligent automation help your SOC work faster and smarter so you can make the right decisions in real-time. Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark. NetSPI ASM continuously scans your external perimeter to identify, inventory, and reduce risk to both known and unknown assets. It blends scanning methodology with our consultants' human intelligence to identify previously undiscovered data sources and vulnerabilities so you can remediate what matters most.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our sponsored guest, Jeremiah Roe, advisory CISO, OffSec. In this episode: What happens as data minimization in the US changes from a potential policy goal to a regulatory imperative? How does this impact the rest of the industry? How do CISOs start getting ready for compliance? How to improve cybersecurity training and development? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Martin Mazor, vp and CISO, onsemi. In this episode: Has the shine worn off the cybersecurity promise of MFA? Why are threat actors increasingly finding ways to get around it? Given the high profile attacks we've seen getting around MFA, how much security stock should we put into it going forward? Thanks to our podcast sponsor, Material Security Material Security is a multi-layered email threat detection & response toolkit designed to stop attacks and reduce the threat surface across all of Microsoft 365 and Google Workspace. Learn more at material.security.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining us is our guest, TC Niedzialkowski, CISO, Nextdoor. In this episode: Has the line between work and personal devices blurred? Why are we seeing signs that that line no longer exists for employees? What is the path of cybersecurity to keep company data secured when its continually commingling with personal devices? Thanks to our podcast sponsors, Eclypsium and Normalyze Eclypsium is helping enterprises and government agencies mitigate risks to their infrastructure from complex technology supply chains. Our cloud-based and on-premises platform provides digital supply chain security for software, firmware and hardware in enterprise infrastructure. Get started today at eclypsium.com/spark Where is my data? Is it sensitive? Who has access to the data? What are the risks? What is the cost of exposure? Am I compliant now? Enter Normalyze. Normalyze’s agentless, machine-learning scanning platform continuously discovers sensitive data, resources, and access paths in all cloud environments. Learn more.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Aaron Shaha, CISO, CyberMaxx. In this episode: Is technical debt an inevitability in any organization? How do you go about "paying it down?" How do you decide when you need a systematic refresh and when can you kick the can down the road a little longer? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is my guest, Thom Langford, CISO, Velonetic. In this episode: Why do lots of businesses pledge to never pay ransomware demands? And why do their priorities quickly change when they need to get the business back to normal after an attack occurs? What good is a pledge like that without the infrastructure and organizational commitment to make it possible? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Matt Radolec, vp, incident response and cloud operations, Varonis. In this episode: Why is retaining cyber talent so hard? How can organizations keep an employee from going elsewhere? Why do organizations often not prioritize the factors to keep key employees? Thanks to our podcast sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Joshua Brown, vp and global CISO, H&R Block. In this episode: Why is retaining cyber talent so hard? How can organizations keep an employee from going elsewhere? Why do organizations often not prioritize the factors to keep key employees? Thanks to our podcast sponsor, CyberMaxx CyberMaxx offers MaxxMDR, our next-generation managed detection and response (MDR) solution that helps customers assess, monitor, and manage their cyber risks. MaxxMDR fuels defensive capabilities with insights from offensive security, DFIR, and threat hunting, on top of a technology-agnostic deployment model. We think like an adversary but defend like a guardian.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Alex Green, CISO, Delta Dental. In this episode: Is it true that employees cause as many significant cybersecurity incidents as outside threat actors? Does this come down to a lack of awareness or poorly designed security implementation? And what can we do to improve this situation? Thanks to our podcast sponsor, Silk Security Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining us is our guest, Shawn Bowen, svp and CISO, World Kinect Corporation. In this episode: Is it true that CISOs feel their jobs are harder than ever with higher levels of stress? Yet why does research also show that CISO job satisfaction increasing? How do we make sense of this contradiction? Thanks to our podcast sponsor, Silk Security Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our sponsored guest, Nadav Lotan, product management team leader, Cisco. In this episode: How can security teams do their jobs without seeming like an impediment to developers? Why can this relationship seem oppositional? How can both sides work together to better secure software without seeming like a road block? Thanks to our podcast sponsor, Panoptica, Cisco’s Cloud Application Security Platform Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Jamil Farshchi, evp and CISO, Equifax. In this episode: Data leaks are hard enough to deal with when caused by threat actors, but how bad is a self-inflicted data leak? Why do these types of incidents happen? How should an organization assess the risk it introduced? Thanks to our podcast sponsor, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Yoav Nathaniel, co-founder and CEO, Silk Security. In this episode: Why does it seem like securing APIs is so hard? Is it just a matter of complexity?  Why does it seem like we can’t go a week without hearing reports of a data leak caused by a failure in API security? Why do organizations struggle with API security? Thanks to our podcast sponsor, Silk Silk makes it easy for security teams to resolve more critical cyber risks in a fraction of the time. Instead of toiling over spreadsheets, and watching alert backlog graphs go up, Silk helps security teams contextualize, prioritize and collaborate with stakeholders in IT to regain control over their risk posture.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our sponsored guest, Jay Trinckes, director of compliance, Thoropass. In this episode: Why do credential stuffing attacks put organizations in such a tricky spot? Why is blaming the victim rarely the right move? What kind of reasonable expectations can companies have about how much users will do to protect themselves? Thanks to our podcast sponsor, Thoropass Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest Kelly Haydu, vp, infosec, technology, and enterprise applications, CarGurus. In this episode: What other career fields are rife with talent that could successfully transition into our industry? What kind of framework do we need to surface a more diverse array of talent? Also, what happens when a vendor goes over your head to the CEO? Thanks to our podcast sponsor, Panoptica, Cisco’s Cloud Application Security Platform Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Grant Anthony, CISO, Orion Health. In this episode: Why getting buy-in to your security awareness program is so critical? Why do so many organizations get it so wrong? What framework can we apply to actually build trust with security awareness? Thanks to our podcast sponsors, Varonis Ready to reduce your risk without taking any? Try Varonis’ free data risk assessment. It takes minutes to set up and in 24 hours you’ll have a clear, risk-based view of the data that matters most and a clear path to automated remediation. Get started for free today.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Brett Conlon, CISO, American Century Investments. Joining me is our guest, Mical Solomon, CISO, Port Authority of NY and NJ. In this episode: Does the hype around generative AI tools make it seem like these are a totally new technological challenge for cybersecurity? Are many of the challenges with securing them the same that we've seen from the rise of SaaS and proliferation of shadow IT? What lessons from that transition can we apply to AI? Thanks to our podcast sponsors, Living Security & KnowBe4 Living Security is the global leader in human risk management. Our HRM platform Unify transforms human risk into proactive defense by quantifying human risk and engaging the workforce with relevant training and communications proven to change human behavior. Living Security is trusted by security-minded organizations, including Mastercard, Verizon, Biogen, AmerisourceBergen, and Hewlett-Packard. Learn more at www.livingsecurity.com. KnowBe4's SecurityCoach enables real-time security coaching of your users in response to risky behavior. Based on the rules in your existing security software stack, you can configure your real-time coaching campaign to determine the frequency and type of SecurityTip that is sent to users at the moment risky behavior is detected.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Mike Johnson, CISO, Rivian. Joining me is our guest, Shyama Rose, CISO and head of IT, Affirm. In this episode: What is the impact of burnout to your security team directly? Does burnout directly play a role in how an organization can respond to security incidents.? All jobs involve dealing with stress, but what should we consider normal in cybersecurity? And when does that stress endanger your security mission? Thanks to our podcast sponsors, Panoptica, Cisco’s Cloud Application Security Platform Panoptica, Cisco’s Cloud Application Security solution, provides end-to-end lifecycle protection for cloud native application environments. It empowers organizations to safeguard their APIs, serverless functions, containers, and Kubernetes environments. Panoptica ensures comprehensive cloud security, compliance, and monitoring at scale, offering deep visibility, contextual risk assessments, and actionable remediation insights for all your cloud assets.

All links and images for this episode can be found on CISO Series. This week’s episode is hosted by me, David Spark (@dspark), producer of CISO Series and Andy Ellis (@csoandy), operating partner, YL Ventures. Joining me is our guest, Trina Ford, CISO, iHeartMedia. In this episode: Why has the landscape for CISOs seemed particularly perilous in the past year? Does there  seem to be more responsibilities with very real legal consequences attached to the role? There is a lot of guidance out there for CISO candidates negotiating for a new position, but what can a current CISO do once they are already in the role? Thanks to our podcast sponsors, Thoropass Still spending time collecting evidence and worrying about breaking free of an infinite audit loop? Relax! We fixed audits. Thoropass provides complete infosec compliance management, continuous monitoring, and security audits through AI-infused software and expert guidance – allowing you to do business with confidence. Learn more at www.thoropass.com.