Avsnitt
-
This marks our 100th episode of The Virtual CISO and an insightful journey into having the opportunity to have frank discussions with thought leaders that provide the very best information security advice and insights.
I am happy to have invited Dimitri Sirota, CEO & CoFounder of BigID, to walk through BigID’s approach to privacy, security, and data governance on this momentous episodic occasion.
Join us as we discuss:
The merits of gathering data beyond the usual locationsWhy discovery is a foundational piece of BigID’s approachHow BigID supports efficient data collectionTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Supply chain risk management can prove to be a slippery slope—why should you take pains to conduct a proper risk assessment, and how do they impact IT and business continuity?
From international restrictions to balancing generic and specific risk assessments, any guidance is welcome in the world of supply chain management.
I invited Willy Fabritius, Global Head of Strategy & Business Development, Information Security Assurance at SGS, onto the show to provide insights into supply chain risk management. Including definitions, best practices, and where to turn for guidance.
To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Saknas det avsnitt?
-
What are the merits of the Software Assurance Maturity Model (SAMM), and how does it differ from the Application Security Verification Standard (ASVS) model? And why should you care?
From design to operations, there are several crucial considerations to hold regarding business functions and use cases.
I invited Taylor Smith, Application Penetration Testing Lead at Pivot Point Security, onto the show to provide insights into SAMM. Including definitions, the differences between SAMM, ASVS, and BSIMM, and how these models are relevant in today’s software development environment.
To hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Application development is moving from a web-centric world to an API-centric world. If you’re wondering what that looks like, what the security implications are and what an API is, you’re in the right place.
There is no shortage of new application security strategies to familiarize ourselves with as cybersecurity adapts to changing times.
That’s why I invited Rob Dickinson, CTO at Resurface Labs, to explain APIs, continuous API operation observability, and prevalent challenges in the API economy.
Join us as we discuss:
Moving from a web-centric to an API-centric worldThe value of opbersing API operation in production environment Tackling security issues in the API economyTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Most recognize the value preservation in cybersecurity. But forward thinking professionals also see the value creation in having a secure information posture.
Cybersecurity is the foundation of preserving sensitive data and providing peace of mind but does it create value for the organization and if so, how do we measure that value?
Tracking the return on investment on cyber security can be challenging. Much like auto insurance, you gain the most obvious value when something goes wrong—however, that doesn’t mean insurance isn’t valuable during smooth sailing.
I invited James Fair, Senior VP at Executech, to discuss the value of compliance, measuring ROSI, the Return on Security Investment, and budgetary considerations in cybersecurity.
Join us as we discuss:
The value of cybersecurity vs the costs of a breachConvoluted cybersecurity budgets and industry averagesHow compliance supports value preservation and value creationTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
What exactly is a Software Development Life Cycle, and how does NIST’s Secure Software Development Framework impact that cycle and your organization?
Of note, the SSDF will definitely impact you if your software is used by the US Government and will likely impact you even if it isn’t. There are a few choice practices that can help make sense of these two critical processes and provide the highest chance for success.
I invited Elzar Camper, Director of Cyber Security Solutions & Practices at Pivot Point Security, onto the show to unpack SDLCs, the SSDF and lay out the shifting landscape of government regulations and software development.
Join us as we discuss:
Defining SDLC’s and the SSDFFour core best practices in cybersecurityAssessing existing procedures and adapting to the SSDFHow you can use the SSDF to your advantageTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Today, information is worth more than riches. The new currency is data. With this being true, the state of cybersecurity within the upper branches of the government was shockingly under-prepared.
In this episode, I speak with Mark Montgomery, the former Executive Director of the Cyber Solarium Commission, about the report the commission published in March 2020 and how that document has influenced the US Government’s roadmap to improve cybersecurity, prevent cyber attacks, and protect the nation's data.
Join us as we discuss:
Critical steps forward for cybersecurity Six pillars of importance in federal circles Challenges in the cybersecurity workforceTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
Don’t wait for an emergency; secure your database correctly right out of the gate. Think of everything outside of your database as the wild west.
What can you do to create the most controlled environment possible for all of your most sensitive data?
I invited Robert Buda, President of Buda Consulting, Inc, and an expert in database technology, onto the show to help us learn the value of database security and what you can do today to improve your security measures.
Join us as we discuss:
Why database security is undervaluedCritical risks to be aware of regarding your databaseAvoiding a sense of false security with the cloudEnsuring your database is as secure as possibleTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
Ron Gula, President and Co-Founder of Gula Tech Adventures, has a very specific goal: To defend the country in cyberspace by investing in companies and nonprofits that help close the gap in technology and the workforce.
He also knows that in order to successfully achieve this goal, organizations must understand the basics of data protection.
Today, Ron joins the show to talk about the mindset shift that can start in the information security disciplines through communication.
Join us as we also discuss:
The importance of asking the right questions of business ownersBuilding a trusted ecosystem within the information security disciplinesCreating a measure of security to determine the safety of your company’s dataThe small business IT shops defining corporate AmericaTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
There’s no denying that cybersecurity risks in the workplace have increased exponentially in recent years. From the pandemic causing employees to work from home to Russia’s invasion of Ukraine, organizations are more vulnerable than ever.
That’s why it’s crucial to understand how to best protect yourself and your business.
On this episode, Eric Jesse, Partner at Lowenstein Sandler LLP, joins the show to give an attorney's perspective on the importance of cyber liability insurance. Eric talks about protecting your company as a policyholder in today’s new landscape.
Join us as we discuss:
Why companies should have their cyber liability insurance policies reviewed by knowledgeable attorneysStrategies for improving your security posture to reduce premiumsHow best to ensure your Cyber Liability insurance dovetails with other insurance policies to confirm you are covered across all types of cyber incidentsTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
To invest in CMMC or to not invest in CMMC, that is the question.
CMMC (Cybersecurity Maturity Model Certification) is a lofty yet necessary investment for the Defense Industrial Base. With all signs pointing to May 2023 for when we can expect CMMC to be included in contracts, anyone who is considering CMMC should do it sooner rather than later as implementing any comprehensive cyber security program could take a company 9 to 12 months.
On this episode, our host John Verry recaps his most important takeaways from the recent CMMC Day conference held in Washington DC on May 9, 2022.
Join us as we discuss:
CMMC Level 2 and 3 requirementsCMMC’s three-year certification processFalse claims acts and the impact CMMC will have on the review process by the Justice DepartmentDiffering opinions of CMMC from conference attendees and CMMC experts -
Alberto Yépez joins the show to share his perspective as a venture capitalist working to help entrepreneurs build Cybersecurity businesses. He started his wildly successful career at Apple and he is now the Co-Founder and Managing Director at Forgepoint Capital.
Join us as we discuss:
Information security challenges from the 2000’s that we still face todayAlberto’s experience working at AppleCriteria that makes investing in a company worthwhile Three models of private equityTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
We’ve spent the last two and a half years with rapidly rising cloud adoption. It was a rocket ship before that, but the COVID-19 pandemic has only accelerated it and caused everybody to scramble.
We’re still trying to play catch up and get equivalent security treatments for people working remotely to the folks working in the office. Every client has concerns about their current exposure, which is why our guest on this episode of Virtual CISO is so important.
Michelangelo Sidagni is the Chief Technology Officer at NopSec, and he was on this episode to talk to us all about:
Why his firm is all in on Attack Surface Management, and how it’s different than your standard vulnerability managementHow ASM fits into current vulnerability & configuration management strategiesAttack Path Analysis, what it is and what it isn’tThe NopSec client customer journeyTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
-
As technology advances, there will always be new threats from malicious actors seeking to exploit these advancements — whether that be in the digital realm or physical.
With technologies increasingly blurring the lines between the two, today’s security professionals must adapt as the sectors of physical security and cyber security converge into one.
Today’s guest, Chris Ciabarra, Co-Founder and CTO of Athena Security, is one of the physical security experts leading the charge on this front and he joins the show to share his insights into the inevitable security convergence in our future.
Join us as we discuss:
Why the lines between physical security and cybersecurity are increasingly blurredThe technologies Athena Security are advancing in the physical security domainHow Athena accidentally made a COVID-19 detectorTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
As the implementation of CMMC by the DIB picks up pace, the frequently shifting requirements can be daunting — especially when the guidance is already so complex.
And that’s doubly true for managed service providers (MSPs), who have to contend with some of the most confusing CUI requirements.
In today’s episode, making his 3rd guest appearance, I’m joined by Caleb Leidy, CUI Protection and CMMC Consultant at Pivot Point Security, who is here to clear up the confusion and share his insights into how the rollout of CMMC into the DIB impacts MSPs.
Join us as we discuss the current state of CUI for MSPs in the DIB, including:
The controls MSPs have responsibility for in a client’s environmentThe controls clients have responsibility for in their environmentThe controls MSPs have to implement in their own environment to meet DFARS flow down requirementsTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
Inclusivity and diversity aren’t just about who you hire — it’s about the culture you create.
Sure, you can get talent from all walks of life, but if you haven’t built an inclusive culture…
Well, good luck getting them to stick around.
Today, I’m speaking with Deidre Diamond, Founder and CEO at CyberSN, who shares her 8-step framework for creating an inclusive culture in your organization.
Join us as we discuss each step and its importance, including:
The need for emotionally intelligent managersThe power of positivityThe art of win-win communicationTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
What if you could be proactive in your approach to cloud data security rather than a reactive one once the attack has been made?
This is exactly the solution our guest is providing at Panther Labs. We speak with Jack Naglieri, Founder & CEO, about the cloud-native approach and exactly why SIEMs are getting left behind.
Join us as we discuss:
Developing Panther & taking a different cloud-native approachUnderstanding Snowflake & data lakesCreating a proactive security response rather than reactiveInteresting findings from the state of SIEMTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
Even before the pandemic, the majority of businesses were already moving to the cloud.
Now, it seems you can’t do business without it.
Which means cloud security and compliance is more important than ever.
That’s why I’m speaking to one of the authorities on cloud security, John DiMaria, Assurance Investigatory Fellow at Cloud Security Alliance, in today’s episode — to demystify cloud security.
Join us as we discuss:
How CSA’s STAR program can help you strengthen your cloud securityThe biggest vulnerabilities organizations face when operating in the cloudHow landing on CSA’s CCM registry can give your organization more visibilityTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
CMMC has come a long way in recent years…
But organizations still face plenty of challenges navigating the guidance.
What are the biggest hurdles and how can we reduce the confusion?
To answer these questions, I’m joined by Kyle Lai, Founder and CISO of KLC Consulting, and Caleb Leidy, the CUI Protection and CMMC Consultant at Pivot Point Security.
Join us as we discuss:
Why CMMC scoping continues to confuse organizationsHow to accurately mark CUIContracts passing the buck and the costs associated with complianceTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player.
-
Open source is a transparency issue. Being able to see what code is running on your computer — as well as what’s being monitored — gives you practically SaaS-level visibility across data, apps, and usage.
In this episode, former open source developer Mike McNeil, CEO at Fleet Device Management, an open source company, talks with me about why open source is so imperative.
Join us as we discuss:
The business impact of open sourceWhy open source grants such necessary visibilityHow the open source community removes frictionVulnerability management and automationWhat’s next for Mike and FleetTo hear this episode, and many more like it, you can subscribe to The Virtual CISO Podcast here.
If you don’t use Apple Podcasts, you can find all our episodes here.
Links here:
Mike McNeil, CEO at Fleet Device Management
Listening on a desktop & can’t see the links? Just search for The Virtual CISO Podcast in your favorite podcast player
- Visa fler