DiscoverDefense in Depth
Defense in Depth
Claim Ownership

Defense in Depth

Author: David Spark

Subscribed: 464Played: 18,294
Share

Description

Defense in Depth promises clear talk on cybersecurity’s most controversial and confusing debates. Once a week we choose one controversial and popular cybersecurity debate and use the InfoSec community’s insights to lead our discussion.
267 Episodes
Reverse
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Lamont Orange, CISO, Cyera. In this episode: The data security check has come due Putting data security at the heart of defense in depth  Automation is key You need to know what you’re protecting Thanks to our podcast sponsor, Cyera Cyera’s AI-powered data security platform gives companies visibility over their sensitive data, context over the risk it represents, and actionable, prioritized remediation guidance.
 As a cloud-native, agentless platform, Cyera provides holistic data security coverage across SaaS, PaaS, IaaS and On-premise environments. Visit www.cyera.io to learn more.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Christina Shannon, CIO, KIK Consumer Products. Joining us is our guest, Tomer Gershoni, CSO, Zoominfo. In this episode: Moving beyond technology The art of a CISO CISOs always operate in context Elevating the CISO conversation Thanks to our podcast sponsor, SeeMetrics SeeMetrics automates cybersecurity metrics programs, continuously measuring and helping prioritize risks based on context. SeeMetrics unifies siloed data from your security stack and offers hundreds of ready-to-use metrics. Once connected with SeeMetrics, security teams reduce risk, minimize exposure and optimize performance while eliminating tedious repetitive manual work. Ready to automate your security programs? start connecting your environment at seemetrics.co
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Yaron Levi, CISO, Dolby. Joining us is our guest, Neil Watkins, svp technology and cybersecurity services, i3 Verticals. In this episode: Visibility doesn’t matter without context Not all visibility is created equal Don’t forget to bring people into the loop Remediation doesn’t scale with more visibility Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Sasha Pereira, vp of infrastructure and CISO, WASH. In this episode: Is working the help desk a great place to get entry level cyber security skills? So why is it so often overlooked or even looked down upon?  What kind of experience do you need? What is the ideal path to break into the cybersecurity industry? Thanks to our podcast sponsor, Push Security! Prevent, detect and respond to identity attacks using Push Security’s browser agent. Enable Push’s out-of-the-box controls or integrate Push with your SIEM, XDR and SOAR. Block phishing attacks, detect session hijacking and stop SSO passwords being exposed. Find out what else the Push browser agent can do at pushsecurity.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our guest, Russ Ayers, svp of cyber & deputy CISO, Equifax. In this episode: Are we  seeing AI and LLM rapidly push into what was science fiction into production? What happens as our ability to generate realistic sound, video, and images opens the obvious door for indistinguishable fakes from the real thing?  How do we keep up as security professionals? What are the security implications for this tech hitting the consumer market? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Vivek Ramachandran, founder, SquareX. In this episode: Are secure web gateways still an effective tool in the enterprise? As the browser has changed a lot in the last decade, are Secure Web Gateways - SWGs still keeping up?  Why is this a problem? Does anyone have a better solution? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest Richard Stiennon, chief research analyst, IT-Harvest. In this episode: In this episode: Why do so many vendors claim to offer zero-trust solutions? Is that framework even applicable to some product categories?  Do your eyes roll when you hear "zero trust solution"? What do most people think it is, and what’s the reality? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining us is our sponsored guest, Sandy Bird, co-founder and CTO, Sonrai Security. In this episode: Why does scaling least privilege in the cloud remain challenging? Is throwing more people at the problem feasible?  How are you managing it? What aspects haven’t been considered? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Emily Heath, general partner, Cyberstarts. In this episode: How do CISOs feel about sales pitches? Do they have legitimate complaints? When do these legitimate complaints cross the line to sounding entitled? Do CISOs need to show a little more empathy to sales? Thanks to our podcast sponsor, SquareX SquareX helps organizations detect, mitigate and threat-hunt web attacks happening against their users in real-time, including but not limited to malicious sites, files, scripts, and networks. Find out more at sqrx.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our sponsored guest, Mackenzie Jackson, developer advocate, GitGuardian. In this episode: How to manage data leaks outside your perimeter? When data leaks increasingly come from third-parties, what can you do to protect your organization? How do we even begin to address this problem?  Is there a one size fits all fix? Thanks to our podcast sponsor, GitGuardian GitGuardian is a Code Security Platform that caters to the needs of the DevOps generation. It provides a wide range of code security solutions, including Secrets Detection, Infra as Code Security, and Honeytoken, all in one place. A leader in the market of secrets detection and remediation, its solutions are already used by hundreds of thousands of developers in all industries. Try now gitguardian.com
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Phil Davis, attorney, healthcare cybersecurity and privacy, Hall Render. In this episode: In today's current climate, is the role of the CISO still worth it? Does the position carry a lot of potential liability? Do the upsides still outweigh the risks? Do CISOs tend to have more responsibility than authority? Thanks to our podcast sponsor, Sonrai Security A one-click solution that removes excessive permissions and unused services, quarantines unused identities, and restricts specific regions within the cloud. Later, maintain this level of security by automatically enforcing policies as new accounts, roles, permissions, and services are added to your environment. Start a free trial today! sonrai.co/ciso
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Paul Connelly, former CISO, HCA HealthcareGot feedback? In this episode: How important is onboarding new cyber talent? Does it set the tone for their tenure with your organization? What should CISOs do to make sure onboarding is effective for both sides? What are the mistakes CISOs should avoid, and what are the best ways to excel?  Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.
All links and images for this episode can be found on CISO Series. Check out this post Monte Pedersen of The CDA Group for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn.  Joining us is our guest, Jerry Davis, division director for cyber defense at Truist Bank. In this episode: Why does advancing your career require more than just technical skills? Does it require you to build relationships within your organizations, particularly with your boss? How can you consciously build these relationships with an eye to leveling up your career? How do you develop soft skills? Thanks to our podcast sponsor, OffSec OffSec helps companies like Cisco, Google, and Salesforce upskill cybersecurity talent through comprehensive training and resources. With programs ranging from red team and blue team training and more, your team will be ready to face real-world threats. Request a free trial for your team to explore OffSec’s learning library and cyber range.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our sponsored guest, Spencer Thompson, CEO, Prelude. In this episode: Why does it take so long to integrate new tools and get them up to speed? Are we always in a state where we are always lacking readiness? What should we be measuring? Do we focus too much on singular events? Thanks to our podcast sponsor, Prelude Prelude Detect is the world's only production-scale detection and response testing platform. Automatically transform your threat intelligence into validated detections and preventions in less than five minutes. Integrate with CrowdStrike, Microsoft Defender, SentinelOne, and more to enable machine speed detection and response engineering 🏎️ Learn more at preludesecurity.com.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Ron Gula, president and co-founder, Gula Tech Adventures. In this episode: Why is it so darn expensive to get any training on the defender side? Why is there a mountain of free education for red teaming? Shouldn’t blue team training should be free or less expensive as well? Is this the firewall that's preventing us from having all those cyber experts we so desperately need? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Ben Sapiro, head of global cyber security services, Manulife. In this episode: Why do we see a dearth of CISOs listed in executive leadership? Is this just a factor of company reporting structure? Or do CISOs really not have a seat at the table with the business? How do we convince the C-suite? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining us is our sponsored guest, Matt Eberhart, CEO, Query. In this episode: Isn't the whole point of a single pane of glass making sense of your data? But when these dashboards are limited to a single platform, how useful are they? Does it seem like all they've led to is more browser tabs or more monitors crowding your analysts? We know we want to take action based on our data, so how do we get there? Thanks to our podcast sponsor, Query Query Federated Search gets to your security relevant data wherever it is - in data lakes, security tools, cloud services, SIEMs, or wherever. Query searches and normalizes data for use in security investigations, threat hunting, incident response, and everything you do. And we plug into Splunk. Visit query.ai.
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is my guest, Mario Trujillo, staff attorney, Electronic Frontier Foundation. In this episode: Data is the life blood of an organization but what happens when you collect too much? Do you put risk on both your organization and for any individuals that data belongs too? Is it still wise to collect as much data as possible? How can CISOs embrace data minimization that doesn't clash with the needs of the business? Thanks to our podcast sponsor, Material Security Material Security is purpose-built to stop attacks and reduce risk across Microsoft 365 and Google Workspace with unified cloud email security, data loss prevention, and posture management. Learn more at material.security.
All links and images for this episode can be found on CISO Series. The Verizon DBIR found that about half of all breaches involved legitimate credentials. It’s a huge attack surface that we’re only starting to get a handle of. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Steve Zalewski. Joining me is our guest, Adam Koblentz, field CTO, Reveal Security. In this episode: Where are we in terms of monitoring anomalous behavior of our users? Why are we still struggling to understand what happens after threat actors are in our networks? How are new AI-based tools helping us to scale efforts? What's working and where do we need to improve? Thanks to our podcast sponsor, Reveal Security Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
All links and images for this episode can be found on CISO Series. Check out this post for the discussion that is the basis of our conversation on this week’s episode co-hosted by me, David Spark (@dspark), the producer of CISO Series, and Geoff Belknap (@geoffbelknap), CISO, LinkedIn. Joining me is our guest, Mike Levin, deputy CISO, 3M. In this episode: Why do security startups fail? All startups are an inherently risky proposition, but what are the specific challenges for startups in our industry? What's unique about cybersecurity startups? What's the most common reason you've seen a cyber startup not succeed? Thanks to our podcast sponsor, RevealSecurity! Reveal Security ITDR detects identity threats - post authentication - in and across SaaS applications and cloud services. Powered by unsupervised machine learning, it continuously monitors and validates the behavior of trusted human users, APIs and other entities, accurately detecting anomalies that signal an in-progress identity threat. Visit reveal.security
loading
Comments (2)

Paja Storec

💚WATCH>>ᗪOᗯᑎᒪOᗩᗪ>>👉https://co.fastmovies.org

Jan 16th
Reply

Denial Brown

Good podcast, I started my acquaintance with the security of personal information with the article https://www.theodysseyonline.com/5-reasons-to-keep-your-personal-information-private-2657772729 which made me understand why this is so important with examples . Thanks for your ideas

Aug 12th
Reply